VARIoT IoT vulnerabilities database

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. Microsoft Windows is a series of operating systems released by Microsoft Corporation of the United States. Microsoft Azure Active Directory Connect is a service provided by Microsoft Corporation of the United States that provides identity and access management in the cloud. An attacker could exploit this vulnerability to forge a server by performing a man-in-the-middle attack

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. Samsung SmartThings Hub Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers. field

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. FURUNO FELCOM 250 and 500 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. There is a security hole in the FURUNO FELCOM 250 and 500

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. Samsung SmartThings Hub STH-ETH-250-Firmware Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHubSTH-ETH-250 is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers

Huangshi Kewei Automatic Control Co., Ltd. is an enterprise that develops, produces, and sells a series of industrial control products such as embedded PLC, intelligent servo, and man-machine interface. There is a memory corruption vulnerability in the IOCS screen configuration software of the Kewei text integrated machine. The vulnerability is due to the failure of the IOCS1.33.exe file to verify the integrity of the project file. An attacker could use the vulnerability to cause memory corruption when reading the project file

The EL-100 series serial device networking server allows serial devices to be networked immediately and accessed directly through software. Guangzhou Chaoran Computer Co., Ltd. EL-100 series industrial control equipment has unauthorized access and weak password vulnerabilities. Attackers can use the vulnerability to bypass the login window and obtain sensitive information

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. IBM Datacap Fastdoc Capture Contains an authentication vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 148691 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks

A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. Pektron Passive Keyless Entry and Start (PKES) There are cryptographic vulnerabilities in the system.Information may be tampered with. The Tesla Model S is an electric car produced by Tesla. The PKES system used in the Tesla Model S and other devices has a security flaw that stems from the fact that the PKES system relies on the DST40 cipher. An attacker could exploit this vulnerability to clone car keys in seconds

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. FURUNO FELCOM 250 and 500 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. The /cgi-bin/sm_changepassword.cgi file and the /cgi-bin/sm_sms_changepasswd.cgi file in FURUNO FELCOM 250 and 500 have an access control error vulnerability

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. Dell EMC VPlex GeoSynchrony Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC VPlex is a new generation of data storage platform for information movement and access within the data center, across data centers and between data centers of Dell; GeoSynchrony is a set of VPLEX operating system. A remote attacker could exploit this vulnerability to gain access to data on the target system and modify the data. Link to remedies: Please contact your local field representative to assist with the planning for the VPLEX upgrade which requires a Change Control Authorization (CCA). -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluSaocACgkQgSlofD2Y i6c7rxAAo2FBxnrffBEhFs+yysuesMxd8f1Qep+C3GDtH759hcFSmiRCg3CDDWNs 2yniNrQLwNBtM/9qh0NX4x63HxOVVOsC0a2g+oPMHQjN6W+1Ql0eBFkFoFwCQpIZ +67znLrXaF4BMZJEF7nr9EZRkb/bUaR+mj7T1ih3dWKp+4jzNwqN/Cd+UL1QsqmE C2Now1sQjzkH0RlTq4dp4Y4WpiuYpO1cF7yAlqNmxHhkQZjx9BKWZ+1gBVpAr1Ge EeLkzcwtpayzM4XryZCvZjt2qA+GTxW/mRYOen62pKcWHjsNyALwqVWNshx2l27r run8/tUVuD998Bzc6P6QyUkokY73cBgvGa7Ca5SAmlxTHra9kenaF/IOQfp1tzQK mPW1esNalXP+HRRWIAFCC10F+H492OKsA4vUmJmks0oHQnLOTuzzQXCZWNh9zrLG T3jW4d58NKV9oml/+9a7czOMsTHvNzd+powS6C7KZLo4ltwuynP1Akgtwj1Calvj HRRRAhJEsG2w1AcfEB0SCr/JDP39S49nWgNWlhESjoPPyuWac9mH71EHQiIgPM+u GBk14E3RCbxP136zxOgYibDI8Z3w+yWkTs2x4dYCsVB1igocSdzwZJxUrsUAv/B8 nMKoYU+zx/jsC3WEopu4hO361t/w368VAmPLZP6x29wFqUS9K2o= =+3mo -----END PGP SIGNATURE-----

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can use this vulnerability to cause a denial of service. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. The 'lookup' in the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier has a security vulnerability. An attacker could use this vulnerability to execute code (buffer read out of bounds)

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. Attackers can use this vulnerability to execute code

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. Contiki-NG Contains a buffer error vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. A buffer overflow vulnerability exists in the 'lvm_shift_for_operator' function in the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier versions. An attacker could use this vulnerability to cause the AQL engine to crash or manipulate data in other buffers

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. A buffer overflow vulnerability exists in the 'lvm_set_type' function of the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier versions. An attacker could use this vulnerability to execute code

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. A remote attacker can use this vulnerability to execute code (crash)

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J Contains vulnerabilities related to security features.Information may be obtained. Dell EMC RSA BSAFE is a security software product of Dell (Dell), which supports encryption algorithms, certificate chain verification, and Transport Layer Security (TLS) cipher suites, etc., to help users achieve various security goals for their applications . RSA BSAFE SSL-J is one of the SSL toolkits. The vulnerability is caused by the program not properly clearing the heap memory before releasing the memory. An attack in close physical proximity could exploit this vulnerability to recover the key. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-150:RSA BSAFE(r) SSL-J Multiple Vulnerabilities Dell EMC Identifier: DSA-2018-150 CVE Identifier: CVE-2018-11068, CVE-2018-11069, CVE-2018-11070 Severity: Medium Severity Rating: View details below for individual CVSS Score for each CVE Affected Products: RSA BSAFE Crypto-J versions prior to 6.2.4 RSA BSAFE SSL-J versions prior to 6.2.4 Summary: RSA BSAFE Crypto-J and SSL-J contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. CVSS v3.0 Base Score: 3.9 (AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) Covert Timing Channel Vulnerability, CVE-2018-11069 RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. A remote attacker may be able to recover a RSA key. CVSS v3.0 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Recommendation: The following RSA BSAFE Crypto-J and SSL-J releases contain resolutions to these vulnerabilities: RSA BSAFE Crypto-J version 6.2.4 RSA BSAFE SSL-J version 6.2.4 For additional documentation, downloads, and more, visit the RSA BSAFE page at https://community.rsa.com/community/products/bsafe on RSA Link. Severity Rating: For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating knowledge base article at https://community.rsa.com/docs/DOC-47147. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle at https://community.rsa.com/docs/DOC-40387 for additional details. Legal Information: Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support at https://community.rsa.com/docs/DOC-1294. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team (PSIRT) secure@dell.com -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluQalwACgkQgSlofD2Y i6fYBBAAi/9xinlt+Inx/esVGjrJRgDKhn2bB+4SR5nwPFlYttl6ePxKW1dY3QQO phnd4hHez0UuyPiPNWNLdbByuT1FKPhyG6/6NnbxZZOyCFSLpP602cYiBkDw31pj HKDI4hKzWnaKLY4N6ghUHzX77I2CO8KIcxkN9r86MK+h0ZfOHxjpJLDIZ8uZ/yhy YvJMTtLCUb8j+a4ozL7zXmsUvc1hU84YhKvuNXsTGhTmc+Iy02fVAIigHKMFspgV mHwVueGdmWVR5k05QaF47sSaGXZcqW1lAOvwxr0u300wrxlryJhQHiZ6fZh8B6VT D/6BX8JNUgyN+teu23rGb7KNKCQmE8Yo72bBg+1C+GDip80r1D2+q1mhzV+aPCib PgASSx+mOPER4T8jVKrpj5bjSGrrOx4BXxDHD6UZyg3gkoA6tGny4h+LUeZgnCx4 t6t5pipDsTm4lX9gPngnWMpKFBI4IBVGeQdDW1IXwvaeR3ePeAc2MMHv4MO23T51 p/8X0aIvSfxBtznElwD3QEkt+qfsrqJ+qQ3QCmg18PPB6REFcP8k8cYuHBKuL/JX 9+n0U6EJvtE+TA+Kj/yqLbZbPtOR98aK8PcZ15yLRtSKSo/swe/Ir26r0oTRVG94 FUPkwX11l36jHhpvziMJMRcYi3FxO+dttEQRsw6fg7A4pUjSN1U= =lYoY -----END PGP SIGNATURE-----

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE SSL-J Contains a cryptographic vulnerability.Information may be obtained. Dell EMC RSA BSAFE is a security software product of Dell (Dell), which supports encryption algorithms, certificate chain verification, and Transport Layer Security (TLS) cipher suites, etc., to help users achieve various security goals for their applications . RSA BSAFE SSL-J is one of the SSL toolkits. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-150:RSA BSAFE(r) SSL-J Multiple Vulnerabilities Dell EMC Identifier: DSA-2018-150 CVE Identifier: CVE-2018-11068, CVE-2018-11069, CVE-2018-11070 Severity: Medium Severity Rating: View details below for individual CVSS Score for each CVE Affected Products: RSA BSAFE Crypto-J versions prior to 6.2.4 RSA BSAFE SSL-J versions prior to 6.2.4 Summary: RSA BSAFE Crypto-J and SSL-J contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Details: Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability, CVE-2018-11068 RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. Severity Rating: For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating knowledge base article at https://community.rsa.com/docs/DOC-47147. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle at https://community.rsa.com/docs/DOC-40387 for additional details. Legal Information: Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support at https://community.rsa.com/docs/DOC-1294. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team (PSIRT) secure@dell.com -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluQalwACgkQgSlofD2Y i6fYBBAAi/9xinlt+Inx/esVGjrJRgDKhn2bB+4SR5nwPFlYttl6ePxKW1dY3QQO phnd4hHez0UuyPiPNWNLdbByuT1FKPhyG6/6NnbxZZOyCFSLpP602cYiBkDw31pj HKDI4hKzWnaKLY4N6ghUHzX77I2CO8KIcxkN9r86MK+h0ZfOHxjpJLDIZ8uZ/yhy YvJMTtLCUb8j+a4ozL7zXmsUvc1hU84YhKvuNXsTGhTmc+Iy02fVAIigHKMFspgV mHwVueGdmWVR5k05QaF47sSaGXZcqW1lAOvwxr0u300wrxlryJhQHiZ6fZh8B6VT D/6BX8JNUgyN+teu23rGb7KNKCQmE8Yo72bBg+1C+GDip80r1D2+q1mhzV+aPCib PgASSx+mOPER4T8jVKrpj5bjSGrrOx4BXxDHD6UZyg3gkoA6tGny4h+LUeZgnCx4 t6t5pipDsTm4lX9gPngnWMpKFBI4IBVGeQdDW1IXwvaeR3ePeAc2MMHv4MO23T51 p/8X0aIvSfxBtznElwD3QEkt+qfsrqJ+qQ3QCmg18PPB6REFcP8k8cYuHBKuL/JX 9+n0U6EJvtE+TA+Kj/yqLbZbPtOR98aK8PcZ15yLRtSKSo/swe/Ir26r0oTRVG94 FUPkwX11l36jHhpvziMJMRcYi3FxO+dttEQRsw6fg7A4pUjSN1U= =lYoY -----END PGP SIGNATURE-----

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. Endress+Hauser WirelessHART Fieldgate SWG70 The device contains a path traversal vulnerability.Information may be obtained. Multiple PEPPERL+FUCHS products are prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. The following products and versions are affected: WirelessHART Gateway WHA-GW-F2D2-0-AS-Z2-ETH 03.00.08 WirelessHART Gateway WHA-GW-F2D2-0-AS-Z2-ETH.EIP 02.00.01. The Endress+Hauser WirelessHART Fieldgate SWG70 is an Ethernet gateway device. An attacker could exploit this vulnerability to view arbitrary files on the system

Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. plural Fuji Xerox The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Xerox DocuCentre-V 3065, etc. are all multi-function printers from Fuji Xerox, Japan. A security vulnerability exists in several Fuji Xerox products. The following products are affected: Fuji Xerox DocuCentre-V 3065; ApeosPort-VI C3371; ApeosPort-V C4475; ApeosPort-V C3375; DocuCentre-VI C2271; 5070

Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. INplc provided by MICRONET CORPORATION contains multiple vulnerabilities listed below. *DLL preloading vulnerability (CWE-427) - CVE-CVE-2018-0667 *Buffer overflow (CWE-119) - CVE-2018-0668 *Authentication bypass (CWE-287) - CVE-2018-0669 *Authentication bypass (CWE-287) - CVE-2018-0670 *Privilege escalation - CVE-2018-0671 Kotatsu Shiraki of University of Tokyo/NEC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Although the expected impact will vary depending on the vulnerability, the following may be affected. *Arbitrary code may be executed with the privilege of the user invoking the installer - CVE-2018-0667 *A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code - CVE-2018-0668 *A remote attacker may execute an arbitrary command through the traffic based on the protocol - CVE-2018-0669, CVE-2018-0670 *An attacker may execute arbitrary code with the administrative privilege on the Windows system which the product is installed on. - CVE-2018-0671. The Micronet INplc SDK is a software-defined PLC (Programmable Logic Controller) development kit from Micronet Corporation of Japan