VARIoT IoT vulnerabilities database

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \"remodels\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. Beckhoff TwinCAT 2 and 3.1 are vulnerable

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. AMD Ryzen and Ryzen Pro Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. An attacker could exploit this vulnerability to disable system management mode protection, read memory, and execute arbitrary code

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. AMD EPYC Server Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server is a server central processing unit (CPU) data processing chip of American AMD company. An attacker could exploit this vulnerability to write or read memory and disable system management mode protection

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit the vulnerability to cause TMM to crash and fail over, resulting in a denial of service. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AAM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AFM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP APM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP ASM 13.0.0 and 12.1.0 through 12.1. Version 3.1; BIG-IP Link Controller Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP PEM Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP WebSafe Version 13.0.0 and versions 12.1.0 through 12.1.3.1

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. plural F5 BIG-IP The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: BIG-IP LTM version 13.0.0 through 13.1.0.3; BIG-IP AAM version 13.0.0 through 13.1.0.3; BIG-IP AFM version 13.0.0 through 13.1.0.3; BIG -IP Analytics version 13.0.0 to 13.1.0.3; BIG-IP APM version 13.0.0 to 13.1.0.3; BIG-IP ASM version 13.0.0 to 13.1.0.3; BIG-IP DNS version 13.0.0 to Version 13.1.0.3; BIG-IP Edge Gateway Version 13.0.0 through Version 13.1.0.3; BIG-IP GTM Version 13.0.0 through Version 13.1.0.3; BIG-IP Link Controller Version 13.0.0 through Version 13.1.0.3; BIG -IP PEM version 13.0.0 to 13.1.0.3; BIG-IP WebAccelerator version 13.0.0 to 13.1.0.3; BIG-IP WebSafe version 13.0.0 to 13.1.0.3

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. plural AMD The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server, etc. are all central processing unit (CPU) products of AMD in the United States. Attackers can exploit this vulnerability to install malicious software and disable security features

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry. An attacker could exploit this vulnerability to obtain credentials into a software deployment network

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Medtronic 2090 Carelink Programmer Contains a path traversal vulnerability.Information may be obtained. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry

On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM and Analytics are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application resulting in denial-of-service conditions. F5 BIG-IP ASM is a web application firewall (WAF) that provides secure remote access, protects email, and simplifies web access control while enhancing network and application performance. Analytics is a suite of web application performance analysis software. A remote attacker could exploit this vulnerability to cause a denial of service

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. F5 BIG-IP Policy Enforcement Manager (PEM) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. PEM is one of the policy execution managers. There are security vulnerabilities in F5BIG-IPPEM version 13.0.0 to version 13.1.0.3 and version 12.0.0 to 12.1.3.1. A remote attacker can exploit this vulnerability to create a denial of service with a specially crafted page. A security vulnerability exists in F5 BIG-IP PEM versions 13.0.0 through 13.1.0.3 and 12.0.0 through 12.1.3.1

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\Modicon Quantum\\Modicon M340\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Huawei Smart Phone Software contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Glory 8 Youth Edition is a smart phone device. The Huawei Glory 8 Youth Edition Bdat driver has an integer overflow vulnerability

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. AMD Ryzen and so on are a central processing unit (CPU) of AMD in the United States. An attacker could exploit this vulnerability to perform write operations to protected memory areas

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. plural AMD The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server, etc. are all central processing unit (CPU) products of AMD in the United States. Security flaws exist in several AMD products. An attacker could exploit this vulnerability to elevate privileges. The following products are affected: AMD EPYC Server; Ryzen; Ryzen Pro; Ryzen Mobile

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. plural F5 BIG-IP The product contains data processing vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in several F5 products. The vulnerability stems from the program not properly handling malformed Websockets requests/responses. A remote attacker could exploit this vulnerability to cause a denial of service or execute code. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1; BIG-IP AAM version 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1; BIG-IP AFM 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1; BIG-IP Analytics 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1 .3.1 versions; BIG-IP APM versions 13.0.0 through 13.1.0.3 and 12.1.0 through 12.1.3.1; BIG-IP ASM versions 13.0.0 through 13.1.0.3 and 12.1.0 through 12.1.3.1 Versions; BIG-IP DNS 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1; BIG-IP Edge Gateway 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1 ; BIG-IP GTM versions 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1; BIG-IP Link Controller 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1;BIG-IP PEM Versions 13.0.0 through 13.1.0.3 and 12.1.0 through 12.1.3.1; BIG-IP WebAccelerator Versions 13.0.0 through 13.1.0.3 and 12.1.0 through 12.1.3.1; BIG- IP WebSafe versions 13.0.0 to 13.1.0.3 and 12.1.0 to 12.1.3.1

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\Modicon Quantum\\Modicon M340\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. Schneider Electric Modicon Quantum Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\Modicon Quantum\\Modicon M340\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A stack buffer overflow vulnerability exists in several Schneider Electric products due to the fact that the FTP server does not limit the length of command parameters, which can cause buffer overflows. A remote attacker can exploit this issue to cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed