VARIoT IoT vulnerabilities database

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. HPE OfficeConnect 1810 Switch The series contains an information disclosure vulnerability.Information may be obtained. HPE1810-24GSwitch, 1810-48GSwitch and 1810-8v2Switch are all switch products of Hewlett Packard Enterprise (HPE). An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges. Dell Wyse Management Suite (WMS) is a scalable solution for managing and optimizing Wyse endpoints from Dell. The offering includes centralized Wyse endpoint management, asset tracking and automatic device discovery, among others

JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. JioFi 4G Hotspot M2S The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. JioFi 4G Hotspot M2S is a portable wireless router device. There is a security flaw in JioFi 4G Hotspot M2S

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple information disclosure Vulnerabilities. 2. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. An information disclosure vulnerability exists in NetCommNWL-25 using firmware version 2.0.29.11 and earlier, which could allow an attacker to gain access to a configuration file without authentication. Multiple information disclosure Vulnerabilities. 2. An cross-site request forgery vulnerability. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. Multiple information disclosure Vulnerabilities. 2. An cross-site request forgery vulnerability. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. A device directory leak vulnerability exists in NetCommNWL-25 using firmware 2.0.29.11 and earlier, which an attacker could use to obtain a directory of devices. Multiple information disclosure Vulnerabilities. 2. An cross-site request forgery vulnerability. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream. Cisco Thor decoder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Thor Decoder is prone to a stack-based buffer overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Cisco Thor decoder is a video coder/decoder produced by Cisco (Cisco)

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. Crestron TSW-X60 and MC3 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to escalate privileges on affected installations of all Crestron products. Authentication is required to exploit this vulnerability.The specific flaw exists within the two built-in accounts on all Crestron devices. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator. Crestron TSW-X60 and MC3 are prone to the following multiple security vulnerabilities: 1. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. CeLa Link CLR-M20 The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeLa Link CLR-M20 is a wireless router product. A security vulnerability exists in CeLa Link CLR-M20

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wFont attribute of the UserVARComment element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software. A stack buffer overflow vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. An attacker could use this vulnerability to cause software to crash. Multiple stack-based buffer-overflow vulnerabilities 2

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software. An out-of-bounds read vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. Multiple stack-based buffer-overflow vulnerabilities 2

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities. The following products and versions are affected: IO DATA TS-WRLP with firmware version 1.09.04 and earlier; TS-WRLA with firmware version 1.09.04 and earlier; TS-WRLP/E with firmware version 1.09.04 and earlier

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to insufficient validation of data reliability.Information may be obtained and information may be altered. An attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks. Both Medtronic MyCareLink 24950 Patient Monitor and 24952 Patient Monitor are monitors produced by Medtronic in the United States for monitoring the vital signs of patients

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor are monitor devices used by Medtronic to monitor patient vital signs. An information disclosure vulnerability exists in MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor (all versions) that the program uses to store credentials in a recoverable format that an attacker can use to authenticate and obtain sensitive information. Medtronic MyCareLink Patient Monitor is prone to security bypass vulnerability and information disclosure vulnerability. An attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. plural Medtronic The product contains authentication vulnerabilities.Information may be tampered with. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks. An authorization issue vulnerability exists in several Medtronic products. The following products are affected: Medtronic MMT - 508 MiniMed insulin pump; MMT - 522 Paradigm REAL-TIME; MMT - 722 Paradigm REAL-TIME; MMT - 523 Paradigm Revel; MMT - 723 Paradigm Revel; Paradigm Revel; MMT-551 MiniMed 530G; MMT-751 MiniMed 530G

Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. plural Medtronic The product contains an information disclosure vulnerability.Information may be obtained. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. An information disclosure vulnerability exists in several Medtronic products that originated in the form of clear text communication between pump and wireless accessories. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. The following products are affected: Medtronic MMT - 508 MiniMed insulin pump; MMT - 522 Paradigm REAL-TIME; MMT - 722 Paradigm REAL-TIME; MMT - 523 Paradigm Revel; MMT - 723 Paradigm Revel; Paradigm Revel; MMT-551 MiniMed 530G; MMT-751 MiniMed 530G

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks