VARIoT IoT vulnerabilities database
| VAR-202502-0199 | CVE-2024-53651 | Siemens SIPROTEC 5 sensitive information plaintext storage vulnerability |
CVSS V2: 6.1 CVSS V3: 4.6 Severity: Medium |
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device. SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other application areas.
Siemens SIPROTEC 5 has a sensitive information plaintext storage vulnerability
| VAR-202502-0219 | CVE-2024-45386 | Siemens Product Session Expiration Insufficient Vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. SIMATIC PCS neo is a new generation of distributed control system (DCS) launched by Siemens. It is designed based on the Web platform and HTML5 technology, specially designed for process industry, and supports multi-user collaborative work and digital management. TIA Administrator is a management tool in Siemens Industrial Automation Software Suite, mainly used for centralized management and maintenance of TIA Portal projects. Totally Integrated Automation Portal (TIA Portal) is a fully integrated automation software platform launched by Siemens, which aims to simplify the automation project development process through a unified engineering environment.
Siemens SIMATIC PCS neo, TIA Administrator, and Totally Integrated Automation Portal have insufficient session expiration vulnerabilities
| VAR-202502-0123 | CVE-2023-37482 | Siemens Multiple SIMATIC Products Web Server User Enumeration Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. SIMATIC Drive Controllers are designed for the automation of production machines and combine the functionality of the SIMATIC S7-1500 CPU and SINAMICS S120 drive control. The SIMATIC ET 200SP Open Controller is a PC-based version of the SIMATIC S7-1500 controller, including optional visualization and central I/O combinations in one compact device. The SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 Software Controller is the SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulate PLCs, even in virtualized environments
| VAR-202502-0263 | CVE-2024-54015 | Siemens SIPROTEC 5 Devices Information Disclosure Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) V9.6x (All versions < V9.68), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V10.0), SIPROTEC 5 7ST85 (CP300) V9.6x (All versions < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) V9.8x (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.8 (All versions < V9.83), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8 (All versions < V9.83), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BD-2FO V9.8 (All versions < V9.83), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials. SIPROTEC 5 Devices provide a range of integrated protection, control, measurement and automation functions for substations and other application areas
| VAR-202502-0246 | CVE-2024-53977 | Siemens' ModelSim Simulation and Questa Simulation Vulnerability regarding uncontrolled search path elements in |
CVSS V2: 6.0 CVSS V3: 6.7 Severity: Medium |
A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory. Siemens' ModelSim Simulation and Questa Simulation Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ModelSim is an industry-leading hardware description language (HDL) simulation tool developed by Mentor Graphics (now a Siemens company), mainly used for verification and debugging of digital circuit designs. Questa is an intelligent verification solution launched by Siemens, which aims to optimize the integrated circuit (IC) verification process through artificial intelligence (AI) technology, improve production efficiency and meet complex design challenges
| VAR-202502-2686 | No CVE | Shanghai Boda Data Communication Co., Ltd.'s Internet behavior management and auditing have information leakage vulnerabilities |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Shanghai Boda Data Communication Co., Ltd. is China's first generation professional IP network product and solution provider.
Shanghai Boda Data Communication Co., Ltd. has an information leakage vulnerability in its online behavior management and auditing, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-0237 | CVE-2025-23403 | Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor Weak Registry Privilege Escalation Vulnerability |
CVSS V2: 6.2 CVSS V3: 7.0 Severity: High |
A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures. SIMATIC IPC DiagBase is a system monitoring and troubleshooting software that identifies any potential faults on SIMATIC IPCs at an early stage and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur
| VAR-202502-0122 | CVE-2024-54089 | Siemens APOGEE PXC Series and TALON TC Series (BACnet) Encryption Issue Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key.
This could allow an attacker to guess or decrypt the password from the cyphertext. The direct digital controller (DDC) in the Siemens APOGEE PXC Series building automation system is designed for small and medium-sized buildings and has modular expansion capabilities and intelligent control functions. TALON TC Series (BACnet) is a building management system that is mainly used to monitor and control building equipment. The system implements remote management functions through the BACnet protocol and supports real-time monitoring and adjustment of environmental parameters (such as temperature, humidity, etc.) in the building
| VAR-202502-0121 | CVE-2024-54090 | Siemens APOGEE PXC Series and TALON TC Series (BACnet) Out-of-Bounds Read Vulnerability |
CVSS V2: 5.4 CVSS V3: 5.9 Severity: Medium |
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function.
This could allow an attacker with Medium (MED) or higher privileges to cause the device to enter an insecure cold start state. The direct digital controller (DDC) in the Siemens APOGEE PXC Series building automation system is designed for small and medium-sized buildings and has modular expansion capabilities and intelligent control functions. TALON TC Series (BACnet) is a building management system that is mainly used to monitor and control building equipment. The system implements remote management functions through the BACnet protocol and supports real-time monitoring and adjustment of environmental parameters (such as temperature, humidity, etc.) in the building
| VAR-202502-1335 | CVE-2024-46437 | Shenzhen Tenda Technology Co.,Ltd. of w18e Information disclosure vulnerability in firmware |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware has an information disclosure vulnerability.Information may be obtained.
Tenda W18E version 16.01.0.8(1625) has an information leakage vulnerability. The vulnerability is caused by the application's insufficient protection of sensitive information. Attackers can exploit this vulnerability to retrieve sensitive configuration information
| VAR-202502-1067 | CVE-2024-46436 | Shenzhen Tenda Technology Co.,Ltd. of w18e Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 8.0 CVSS V3: 8.3 Severity: HIGH |
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Tenda W18E has a trust management vulnerability, which is caused by the existence of hard-coded credentials. No detailed vulnerability details are currently available
| VAR-202502-0512 | CVE-2024-46435 | Shenzhen Tenda Technology Co.,Ltd. of w18e Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
There is a buffer overflow vulnerability in the Tenda W18E 16.01.0.8 (1625) version
| VAR-202502-0923 | CVE-2024-46434 | Shenzhen Tenda Technology Co.,Ltd. of w18e Authentication vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. Shenzhen Tenda Technology Co.,Ltd. of w18e An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Tenda W18E 16.01.0.8(1625) version has an authorization issue vulnerability. The vulnerability is caused by improper authentication of the device
| VAR-202502-0765 | CVE-2024-46433 | Shenzhen Tenda Technology Co.,Ltd. of w18e Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202502-0633 | CVE-2024-46432 | Shenzhen Tenda Technology Co.,Ltd. of w18e Access control vulnerabilities in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202502-0396 | CVE-2024-46431 | Shenzhen Tenda Technology Co.,Ltd. of w18e Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Tenda W18E has a buffer overflow vulnerability, which is caused by the delWewifiPic function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202502-1491 | CVE-2024-46430 | Shenzhen Tenda Technology Co.,Ltd. of w18e Access control vulnerabilities in firmware |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. Shenzhen Tenda Technology Co.,Ltd
| VAR-202502-1624 | CVE-2024-46429 | Shenzhen Tenda Technology Co.,Ltd. of w18e Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202502-1586 | CVE-2025-21692 | Linux of Linux Kernel Vulnerability in array index validation in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix ets qdisc OOB Indexing
Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can
index an Out-Of-Bound class in ets_class_from_arg() when passed clid of
0. The overflow may cause local privilege escalation.
[ 18.852298] ------------[ cut here ]------------
[ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20
[ 18.853743] index 18446744073709551615 is out of range for type 'ets_class [16]'
[ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17
[ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 18.856532] Call Trace:
[ 18.857441] <TASK>
[ 18.858227] dump_stack_lvl+0xc2/0xf0
[ 18.859607] dump_stack+0x10/0x20
[ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0
[ 18.864022] ets_class_change+0x3d6/0x3f0
[ 18.864322] tc_ctl_tclass+0x251/0x910
[ 18.864587] ? lock_acquire+0x5e/0x140
[ 18.865113] ? __mutex_lock+0x9c/0xe70
[ 18.866009] ? __mutex_lock+0xa34/0xe70
[ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0
[ 18.866806] ? __lock_acquire+0x578/0xc10
[ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 18.867503] netlink_rcv_skb+0x59/0x110
[ 18.867776] rtnetlink_rcv+0x15/0x30
[ 18.868159] netlink_unicast+0x1c3/0x2b0
[ 18.868440] netlink_sendmsg+0x239/0x4b0
[ 18.868721] ____sys_sendmsg+0x3e2/0x410
[ 18.869012] ___sys_sendmsg+0x88/0xe0
[ 18.869276] ? rseq_ip_fixup+0x198/0x260
[ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190
[ 18.869900] ? trace_hardirqs_off+0x5a/0xd0
[ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220
[ 18.870547] ? do_syscall_64+0x93/0x150
[ 18.870821] ? __memcg_slab_free_hook+0x69/0x290
[ 18.871157] __sys_sendmsg+0x69/0xd0
[ 18.871416] __x64_sys_sendmsg+0x1d/0x30
[ 18.871699] x64_sys_call+0x9e2/0x2670
[ 18.871979] do_syscall_64+0x87/0x150
[ 18.873280] ? do_syscall_64+0x93/0x150
[ 18.874742] ? lock_release+0x7b/0x160
[ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0
[ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210
[ 18.879608] ? irqentry_exit+0x77/0xb0
[ 18.879808] ? clear_bhb_loop+0x15/0x70
[ 18.880023] ? clear_bhb_loop+0x15/0x70
[ 18.880223] ? clear_bhb_loop+0x15/0x70
[ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 18.880683] RIP: 0033:0x44a957
[ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10
[ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957
[ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003
[ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0
[ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001
[ 18.888395] </TASK>
[ 18.888610] ---[ end trace ]---. Linux of Linux Kernel Exists in an array index validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs).
Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues
| VAR-202502-2088 | No CVE | HP OfficeJet Pro 9010 has information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP China Ltd. is an enterprise mainly engaged in scientific research and technical services.
HP China Ltd. HP officeJet Pro 9010 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.