VARIoT IoT vulnerabilities database

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. plural Huawei Firewall The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The vulnerability is caused by the program not correctly processing malformed packets. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. plural Huawei Firewall The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The vulnerability is caused by the program not processing malformed packets correctly. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EltexESP-200 is a wireless router product. An elevation of privilege exists in EltexESP-200 with firmware version 1.2.0. An attacker could exploit this vulnerability to activate a high-privileged user

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security. plural Huawei Firewall The product contains cryptographic vulnerabilities.Information may be obtained. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 firmware Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EltexESP-200 is a wireless router product. A security hole exists in the EltexESP-200 using firmware version 1.2.0

An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 Firmware contains an information disclosure vulnerability.Information may be obtained. The EltexESP-200 is a wireless router product

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia. A security vulnerability exists in Kraftway24F2XGRouter using firmware version 3.5.30.1118, which was caused by the program using SSLv2 and SSLv3. A remote attacker can exploit this vulnerability to perform a man-in-the-middle attack and decrypt the passed data

Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Kraftway 24F2XG Router The firmware contains a link interpretation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia

A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. Kraftway 24F2XG Router The firmware contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia. A buffer overflow vulnerability exists in Kraftway24F2XGRouter using firmware version 3.5.30.1118

An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Kraftway 24F2XG Router There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia

ASUSDSLN10 is a wired and wireless modem router. In the ASUSDSLN10C1 modem firmware version 1.1.2.2_17, the post data has the login_authorization parameter, which is used to authorize access to the management panel. The data of this parameter is not completely random. The attacker can use the old data or other device data access management panel.

A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. Kraftway 24F2XG Router The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia. A buffer overflow vulnerability exists in Kraftway24F2XGRouter using firmware version 3.5.30.1118

Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. Kraftway 24F2XG Router Firmware vulnerabilities related to authorization, authority, and access controlInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kraftway 24F2XG Router is a wireless router product of Russian Kraftway company. The vulnerability is caused by the program using default credentials. A remote attacker could exploit this vulnerability to gain administrative privileges

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. F5 BIG-IP APM client Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM client is the client software in a set of access and security solutions of F5 Corporation of the United States. The software primarily provides unified access to business-critical applications and networks. svpn is one of the VPN components. policyserver is one of the policy servers

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges. F5 BIG-IP APM client Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM client is the client software in a set of access and security solutions of F5 Corporation of the United States. The software primarily provides unified access to business-critical applications and networks

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. OpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation. Impact ====== A remote attacker could conduct user enumeration. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8" References ========== [ 1 ] CVE-2018-15473 https://nvd.nist.gov/vuln/detail/CVE-2018-15473 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:2143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2143 Issue date: 2019-08-06 CVE Names: CVE-2018-15473 ==================================================================== 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand 1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests 1712053 - tmux session not attached automatically during manual installation on s390x 1722446 - openssh FIPS cipher list has an extra comma in it 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-7.4p1-21.el7.src.rpm ppc64: openssh-7.4p1-21.el7.ppc64.rpm openssh-askpass-7.4p1-21.el7.ppc64.rpm openssh-clients-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-keycat-7.4p1-21.el7.ppc64.rpm openssh-server-7.4p1-21.el7.ppc64.rpm ppc64le: openssh-7.4p1-21.el7.ppc64le.rpm openssh-askpass-7.4p1-21.el7.ppc64le.rpm openssh-clients-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-keycat-7.4p1-21.el7.ppc64le.rpm openssh-server-7.4p1-21.el7.ppc64le.rpm s390x: openssh-7.4p1-21.el7.s390x.rpm openssh-askpass-7.4p1-21.el7.s390x.rpm openssh-clients-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-keycat-7.4p1-21.el7.s390x.rpm openssh-server-7.4p1-21.el7.s390x.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssh-cavs-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-ldap-7.4p1-21.el7.ppc64.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm ppc64le: openssh-cavs-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-ldap-7.4p1-21.el7.ppc64le.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm s390x: openssh-cavs-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-ldap-7.4p1-21.el7.s390x.rpm openssh-server-sysvinit-7.4p1-21.el7.s390x.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15473 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f pE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF Xi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5 TshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u WVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB uIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA e1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG zKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94 5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah PewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62 mY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV fl5KApr4ST8=wPC+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u4. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV nWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh fjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J pFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u vInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG /8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH p0SeM24q209KRsvXG9KM3vKWW4vohw== =qxOC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3809-2 August 12, 2021 openssh regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-3809-1 introduced a regression in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: openssh-server 1:7.6p1-4ubuntu0.5 In general, a standard system update will make all the necessary changes

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. plural Philips PageWriter The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhilipsPageWriterTC10Cardiograph and other are different types of electrocardiograph equipment from Philips. An attacker could exploit the vulnerability to obtain sensitive information or execute arbitrary code. Failed attempts may lead to a denial-of-service condition

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. plural Philips PageWriter The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhilipsPageWriterTC10Cardiograph and other are different types of electrocardiograph equipment from Philips. A security vulnerability exists in several Philips products that originated from the use of hard-coded credentials by programs. Successful exploits can allow attackers to bypass the security mechanism and perform unauthorized actions, obtain sensitive information or to execute arbitrary code in the context of the affected application. Failed attempts may lead to a denial-of-service condition. The following products and versions are affected: Philips PageWriter TC10 Cardiograph prior to May 2018; TC20 Cardiograph prior to May 2018; TC30 Cardiograph prior to May 2018; TC50 Cardiograph prior to May 2018; TC70 Cardiograph prior to May 2018 previous version of the month

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. DeltaV Contains a path traversal vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A path traversal vulnerability exists in Emerson Electric Deltav that stems from a program failing to validate the path. An attacker could exploit the vulnerability to replace the executable. Emerson DeltaV is prone to the following multiple security vulnerabilities: 1. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions