VARIoT IoT vulnerabilities database

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. DCCE MAC1100 PLC has an arbitrary file reading vulnerability. An attacker could use this vulnerability to read the contents of any variable area of the controller

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. mySCADA myPRO Contains an information disclosure vulnerability.Information may be obtained

DrayTek is a Taiwanese broadband CPE (client device) manufacturer that manufactures devices including routers, switches, firewalls and VPN devices. There is a 0day vulnerability in the DrayTek router. An attacker can exploit the vulnerability to modify the DNS configuration and then redirect the user to the phishing website through a man-in-the-middle attack to steal data.

Tplink ER5110G, Tplink ER5120G and Tplink WAR1300L are enterprise VPN routers and enterprise wireless VPN routers of Pulian Technology Co., Ltd. Command execution vulnerability exists in multiple TP-Link enterprise routers. An attacker could use the vulnerability to elevate from administrator privileges to root privileges.

A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. This product is mainly used to manage and share product designs, files, BOM And data etc. Attackers can use specially made URL Use this vulnerability to inject html or JavaScript Code, modify or rewrite the login page

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. BeaconMedaes Scroll Medical Air Systems Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BeaconMedaes Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, USA. The TotalAlert Web Application is one of the web-based hypervisors. An attacker could exploit this vulnerability to retrieve default or user-defined credentials that were not stored and delivered securely

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. plural Huawei Server products contain authentication vulnerabilities.Information may be obtained. Huawei1288HV5 and other Huawei server models are different types of servers. Huawei 1288H V5, etc. The following products and versions are affected: 1288H V5 V100R005C00 Version; 2288H V5 V100R005C00 Version; 2488 V5 V100R005C00 Version; CH121 V3 V100R001C00 Version; CH121L V3 V100R001C00 Version; CH121L V5 V100R001C00 Version; CH121 V5 V100R001C00 Version; CH140 V3 V100R001C00 Version; CH140L V3 V100R001C00 Version; CH220 V3 V100R001C00 Version; CH222 V3 V100R001C00 Version; CH242 V3 V100R001C00 Version; CH242 V5 V100R001C00 Version; RH1288 V3 V100R003C00 Version; RH2288 V3 V100R003C00 Version; RH2288H V3 V100R003C00 Version; XH310 V3 V100R003C00 Version; XH321 V3 V100R003C00 Version; XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 version

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. SimpliSafe Original Contains an information disclosure vulnerability.Information may be obtained. SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. A security flaw exists in SimpliSafe Original, which stems from the program not encrypting the messages passed. An attacker in physical proximity could exploit this vulnerability to obtain sensitive information

In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. SimpliSafe Original Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. There is a security flaw in SimpliSafe Original

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 and 2288H V5 The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei 1288HV5 and 2288HV5 are Huawei's rack server devices

Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. A security vulnerability exists in several Huawei products due to insufficient verification messages from the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. SimpliSafe Original Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. There is a security flaw in SimpliSafe Original. An attacker in physical proximity could exploit this vulnerability to bypass security protections

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 and 2288H V5 The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei 1288HV5 and 2288HV5 are Huawei's rack server devices

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 and 2288H V5 The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei1288HV5 and 2288HV5 are rack routers, which can be widely used in cloud computing virtualization, database, big data and other workloads. The vulnerability stems from a program that fails to adequately verify input

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. SimpliSafe Original Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. There is a security flaw in SimpliSafe Original, which stems from not encrypting the transmission. An attacker in close physical proximity could exploit this vulnerability to obtain a PIN

CoDeSys is a complete development environment for programmable logic control PLCs, in which simulation functions can be implemented by configuring the PLCWinNT software. A memory leak vulnerability exists in the PLCWinNT software corresponding to the CoDeSys software version V2. An attacker can perform arbitrary write operations on the process's memory address space, and this vulnerability can be used to implement remote code execution

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. BeaconMedaes Scroll Medical Air Systems Contains an access control vulnerability.Information may be obtained. The TotalAlert Web Application is one of the web-based hypervisors

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Apache Batik Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable. Mitigation: Users should upgrade to Batik 1.10+ Credit: This issue was independently reported by Man Yue Mo. References: http://xmlgraphics.apache.org/security.html The Apache XML Graphics team. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : batik CVE ID : CVE-2017-5662 CVE-2018-8013 Debian Bug : 860566 899374 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. For the oldstable distribution (jessie), these problems have been fixed in version 1.7+dfsg-5+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.8-4+deb9u1. We recommend that you upgrade your batik packages. For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV nWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS ANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4 BQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo jHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/ 7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1 s58xKHi+VG3tU66xb44dK4MteCk9SA== =n3ZC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3661-1 May 29, 2018 batik vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Batik could be made to expose sensitive information if it received a specially crafted XML. Software Description: - batik: SVG Library Details: It was discovered that Batik incorrectly handled certain XML. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3661-1 CVE-2018-8013 Package Information: https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Batik: Multiple Vulnerabilities Date: January 07, 2024 Bugs: #724534, #872689, #918088 ID: 202401-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Background ========== Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ dev-java/batik < 1.17 >= 1.17 Description =========== Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Batik users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17" References ========== [ 1 ] CVE-2018-8013 https://nvd.nist.gov/vuln/detail/CVE-2018-8013 [ 2 ] CVE-2019-17566 https://nvd.nist.gov/vuln/detail/CVE-2019-17566 [ 3 ] CVE-2020-11987 https://nvd.nist.gov/vuln/detail/CVE-2020-11987 [ 4 ] CVE-2022-38398 https://nvd.nist.gov/vuln/detail/CVE-2022-38398 [ 5 ] CVE-2022-38648 https://nvd.nist.gov/vuln/detail/CVE-2022-38648 [ 6 ] CVE-2022-40146 https://nvd.nist.gov/vuln/detail/CVE-2022-40146 [ 7 ] CVE-2022-41704 https://nvd.nist.gov/vuln/detail/CVE-2022-41704 [ 8 ] CVE-2022-42890 https://nvd.nist.gov/vuln/detail/CVE-2022-42890 [ 9 ] CVE-2022-44729 https://nvd.nist.gov/vuln/detail/CVE-2022-44729 [ 10 ] CVE-2022-44730 https://nvd.nist.gov/vuln/detail/CVE-2022-44730 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202401-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5