VARIoT IoT vulnerabilities database
VAR-201705-3256 | CVE-2017-5174 |
Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability
Related entries in the VARIoT exploits database: VAR-E-201702-0193 |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition.
G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company
VAR-201705-3255 | CVE-2017-5173 |
Geutebruck G-Cam/EFD-2250 Remote code execution vulnerability
Related entries in the VARIoT exploits database: VAR-E-201702-0193 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service.
Attackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device.
G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company
VAR-201702-1128 | No CVE | SAP NetWeaver Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP NetWeaver is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
VAR-201702-0669 | CVE-2017-2684 | Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication |
CVSS V2: 6.8 CVSS V3: 9.0 Severity: CRITICAL |
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG.
There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT
VAR-201705-4094 | CVE-2017-8913 | SAP NetWeaver AS JAVA of Visual Composer VC70RUNTIME In the component XML External entity attack vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. SAP Netweaver Visual Composer is prone to an information disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks
VAR-201702-1124 | No CVE | SAP Netweaver Remote Authorization Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP Netweaver is prone to an authorization-bypass vulnerability.
Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks.
VAR-201805-0169 | CVE-2017-5175 | Advantech WebAccess DLL Hijacking vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A DLL hijacking vulnerability exists in Advantech WebAccess 8.1 and earlier. Advantech WebAccess is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input.
Advantech WebAccess 8.1 and prior are vulnerable
VAR-201704-0652 | CVE-2017-5670 | Riverbed RiOS Vulnerability in which important information is obtained |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. RiverbedSteelhead is a hardware device used to optimize and accelerate network traffic. Implemented as a TLS endpoint, they have a secure library that stores the server's private TLS certificate. There is a local security bypass vulnerability in RiverbedRiOS. The attacker exploited the vulnerability to bypass some security restrictions and perform unauthorized operations
VAR-201702-0887 | CVE-2017-2374 | Apple GarageBand and Logic Pro X Update for vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Apple GarageBand is prone to a memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple GarageBand is a set of music production software from Apple (Apple). A memory corruption vulnerability exists in versions of Apple GarageBand prior to 10.1.6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-02-21-1 GarageBand 10.1.6
GarageBand 10.1.6 is now available and addresses the following:
Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos
Installation note:
GarageBand may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYrImXAAoJEIOj74w0bLRGyr0QAILapV0W5UfNAcFn8FeZIXKw
H10/c+doJ41Y3QQH+4qo+Y0eMVlKLc8zkQk0Ocz+e3RYtScFCELVysX037qczPuW
Znr9lvycMgpuYfIosWmde+1FF7nvSiN7RvAVRMBN4OIOmFT82h+vFxZf2Zeka4JL
Ali8kh6uK3W3A8kNJiO0sM/r0G8nRf6OvgtH5YL9gjBc9e6J1m4upx4KEMPRlaiY
Ykn7Y03gYk11LwTlB1Q5f+b88VTMtItPLadal3ICQONXGGBu6GyvjOLQVAxVvggn
K4pgPRSDh/YvRlCcXl319sJigg+0Fa6gFk/NHcMI4YzOhxWHNUWDzrG721aJCRer
6YWcD6LgHsJODi8yp4yuJ3DbESh3WFiWS4ATVJThOuW8hATGhukbPHvwcoPaM3rN
5MLhImi9QpT2rE92DpQ5X0m/KzLdhOrgk3CnyR1aKmP2L2qD4ZbKlwdMwIKByxlW
ypcv+C9BP31KcPLbLhsQGOuNb4NGeTbKv/yQvHB3KeN/w750WtMamT2CE8sFkPnu
+X5wQk6pZi6e4Xc5nQbLkIHEPtZNo4O8qUoPPmaTsK6lwcvB1C5/09Zcfc3pOBy7
+Cp+6dimx/nbCcK4dW8QzIZIEd88hXhk9I441lBUGE4AMXU6l5npV/DaZTZOj6Ga
b9ZTShls177KyTLSw0CW
=gmwM
-----END PGP SIGNATURE-----
VAR-201702-1107 | No CVE | There is a command execution vulnerability in the Rico Virtual VPN Gateway |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The virtual VPN gateway is a virtual gateway device of Ruike Electronic Technology Co., Ltd. There is a command execution vulnerability in the Rico Virtual VPN Gateway that allows an attacker to exploit arbitrary commands or reveal sensitive information.
VAR-201702-0190 | CVE-2016-7762 | Apple iOS Used in etc. Webkit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. Webkit Contains a cross-site scripting vulnerability.Safari May be subjected to a cross-site scripting attack.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome
VAR-201702-0189 | CVE-2016-7761 | Apple macOS of WiFi Vulnerabilities in which important network configuration information is obtained in components |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. Apple macOS is prone to a local information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. WiFi is one of the wireless connectivity components
VAR-201702-0052 | CVE-2016-6249 | F5 BIG-IP of REST Vulnerability in obtaining important information in requests |
CVSS V2: 2.1 CVSS V3: 5.3 Severity: MEDIUM |
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. Multiple F5 BIG-IP Products are prone to an information-disclosure vulnerability. This may lead to other attacks. F5 BIG-IP LTM, etc. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. REST Framework Logging is one of the logging framework components. The vulnerability stems from the fact that the program stores sensitive attributes (including passwords) in the /var/log/restjavad.0.log file in plain text. The following products and versions are affected: F5 BIG-IP LTM Release 12.0.0, Release 11.5.0 through Release 11.6.1; BIG-IP AAM Release 12.0.0, Release 11.5.0 through Release 11.6.1; BIG-IP AFM Version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP Analytics version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP APM version 12.0.0, version 11.5.0 to 11.6. 1 version; BIG-IP ASM version 12.0.0, 11.5.0 through 11.6.1; BIG-IP DNS version 12.0.0; BIG-IP GTM version 11.5.0 through 11.6.1; BIG-IP Link Controller Version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP PEM version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP WebSafe version 12.0.0, version 11.5.0 to 11.6. 1 version
VAR-201802-0165 | CVE-2017-5786 | HPE OfficeConnect Network switch access control vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14. HPOfficeConnect 1820 is a switch product of Hewlett-Packard (HP). A local security bypass vulnerability exists in HPOfficeConnectNetworkSwitches. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05388948
Version: 1
HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized
Data Modification
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
- HPE OfficeConnect 1820 8G Switch J9979A - all software versions prior to
PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 24G PoE+ (185W) Switch J9983A - all software
versions prior to PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 24G Switch J9980A - all software versions prior to
PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 48G PoE+ (370W) Switch J9984A - all software
versions prior to PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 48G Switch J9981A - all software versions prior to
PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 8G PoE+ (65W) Switch J9982A - all software
versions prior to PT.02.01 including: PT.01.03 through PT.02.01
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5786
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
The Hewlett-Packard Enterprise Company thanks Pekka Jrvinen (raspi) for
reporting this vulnerability to security-alert@hpe.com
RESOLUTION
HPE has made the following software update available to resolve the
vulnerability in the impacted versions of HPE OfficeConnect Network Switch.
Please install version PT.02.01 from the following location:
<http://www.hpe.com/networking/support>
HISTORY
Version:1 (rev.1) - 10 February 2017 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJYnjhQAAoJELXhAxt7SZai9rEH/0Dkt5wBcTqXFqVJ1Rj5wjiP
fr2BnjYMt7YO47zxQMMGMePhz081YKVaGdK3zmXc/Hlvi3fOlnikyPJF/Kse9QV+
wuv22Caym6PAHD5le64h6Uv8dm8XxSkZS2t0wuFYM4gAqfWWtjeYzOCww7tSyxpQ
Yq0190z/TooQduFNy/dV6oy0ACuOUKHJv8EWDP6HH2EQHBrqSgfoQEYuG05A6nLs
XE/odmUrM4D3gHTlP0Te1l3+ESaMwPl3zBaG/nlUsuc5yDTDzvolJt9bcLvq3NCw
gp7y56TKIdgIhwWD1gxoqBnOwDcEsDH7+mo9utSNMJHn0fiA7Onnnf3P/KIKE3U=
=CJ6j
-----END PGP SIGNATURE-----
VAR-201702-1105 | No CVE | TP-Link C2 and C20i Command Injection Vulnerabilities |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
TP-Link is a Chinese network equipment manufacturer such as routers and IOT equipment. There is a command injection vulnerability in the http management interface of TP-LinkC2 and C20i. An attacker could exploit this vulnerability to inject arbitrary shell commands and gain root privileges.
VAR-201711-0017 | CVE-2016-6024 |
IBM Jazz Information disclosure vulnerabilities in technology-based products
Related entries in the VARIoT exploits database: VAR-E-201702-0954 |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. Vendors have confirmed this vulnerability IBM X-Force ID: 116868 It is released as.Information may be obtained. NetCommWirelessWirelessRouter is a wireless router from NetComm Australia. A security vulnerability exists in NetCommWirelessWirelessRouter that allows a remote attacker to exploit a vulnerability to submit a special request to execute arbitrary commands in the context of an application
VAR-201702-1092 | No CVE | Multiple vulnerabilities in multiple TP-Link routers |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
TP-LINKArcherC20i/C2 is a router of China Pulian Company. A number of TP-Link routers have denial of service, secure bypass, and command injection vulnerabilities. An attacker exploited the vulnerability to bypass unauthorized enforcement of unauthorized actions, resulting in a denial of service or arbitrary commands with user privileges in the affected application environment. Multiple TP-Link Routers are prone to the following security vulnerabilities:
1. A denial-of-service vulnerability
2. A security-bypass vulnerability
3.
The following products are vulnerable:
TP-Link Archer C2 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n.
TP-Link Archer C20i 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n
VAR-201702-0687 | CVE-2017-5169 | Hanwha Techwin Smart Security Manager Cross-Site Request Forgery Vulnerability |
CVSS V2: 5.1 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
VAR-201702-0686 | CVE-2017-5168 | Hanwha Techwin Smart Security Manager of ActiveMQ Broker Path traversal vulnerability in services |
CVSS V2: 5.1 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
VAR-201703-0732 | CVE-2017-5622 | OxygenOS Access control vulnerability |
CVSS V2: 3.6 CVSS V3: 5.9 Severity: MEDIUM |
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. OxygenOS Contains an access control vulnerability.Information may be obtained and information may be altered. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There is a security bypass vulnerability in OxygenOS in OnePlus3 and 3T. OnePlus OxygenOS is prone to a local code-execution vulnerability.
A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions.
Versions prior to OnePlus OxygenOS 4.0.3 are vulnerable