VARIoT IoT vulnerabilities database

Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. Delta PMSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PMSoft is a Shareware software in the category Miscellaneous developed by DELTA ELECTRONICS,INC. Delta Electronics PMSoft is prone to multiple stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause denial-of-service conditions. Delta Electronics PMSoft version 2.10 and prior versions are vulnerable. Delta PMSoft is a set of programmable logic controller programming software from Delta Electronics

MXProgrammer software is a windows desktop software of Weihai Meike Electric Technology Co., Ltd. It is used to communicate with its company's MX series PLC products and complete functions such as program writing and downloading. MXProgrammer software has a denial of service vulnerability. The vulnerability is caused by the program not validating the open project file. When an attacker opens a malformed project file, the MXProgrammer.exe program crashes due to an illegal access error

MXProgrammer software is a windows desktop software of Weihai Meike Electric Technology Co., Ltd. It is used to communicate with its company's MX series PLC products and complete functions such as program writing and downloading. MXProgrammer software has a denial of service vulnerability. When opening a malformed project file, MXProgrammer.exe software may crash due to illegal access errors inside MXResource.dll

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. EDIMAX IC-3140W , IC-5150W ,and IC-6220DC Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDIMAXIC-3140W, IC-5150W and IC-6220DC are all different series of network camera products from EDIMAX. A stack buffer overflow vulnerability exists in EDIMAXIC-3140W3.06 and earlier, IC-5150W3.09 and earlier, and IC-6220DC3.06 and earlier. This vulnerability is caused by the program not using the 'strcpy()' function correctly. An attacker could exploit this vulnerability to overwrite other values on the stack

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. D-Link DIR-615 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. D-Link DIR-615 has a security vulnerability in version 2.5.17

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Mitel MiVoice Connect and ST 14.2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MitelMiVoiceConnectR1707-PREM and MitelST are products of Mitel, Canada. MitelMiVoiceConnectR1707-PREM is a unified communications management device. ST is a video conferencing product. Conferencing is one of the meeting notification components. The vulnerability stems from the program failing to adequately verify the pi.php page

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Mitel MiVoice Connect and ST 14.2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MitelMiVoiceConnectR1707-PREM and MitelST are products of Mitel, Canada. MitelMiVoiceConnectR1707-PREM is a unified communications management device. ST is a video conferencing product. Conferencing is one of the meeting notification components. The vulnerability stems from the program failing to adequately verify the signin.php page

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database. Mitel MiVoice Connect and ST 14.2 Is SQL An injection vulnerability exists.Information may be obtained. MitelMiVoiceConnectR1707-PREM and MitelST are products of Mitel, Canada. MitelMiVoiceConnectR1707-PREM is a unified communications management device. ST is a video conferencing product. Conferencing is one of the meeting notification components. The vulnerability stems from the program failing to perform sufficient input validation on the login interface

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Mitel MiVoice Connect and ST 14.2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MitelMiVoiceConnectR1707-PREM and MitelST are products of Mitel, Canada. MitelMiVoiceConnectR1707-PREM is a unified communications management device. ST is a video conferencing product. Conferencing is one of the meeting notification components. The vulnerability stems from the program not performing sufficient validation on the launch_presenter.php page

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue. SmartMesh ( alias SMT) Contains an integer overflow vulnerability.Information may be tampered with. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. Smart contract is one of them. The 'transferProxy' function implemented by smart contract in SmartMesh has an integer overflow vulnerability

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. Xen Contains an information disclosure vulnerability.Information may be obtained. Xen is an open source virtual machine monitor product developed by the University of Cambridge, England. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure proper operation and avoid downtime. There are security vulnerabilities in Xen 4.10.x and earlier. An attacker could exploit this vulnerability to read any dom0 file. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4201-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could result in denial of service. CVE-2018-10472 Anthony Perard discovered that incorrect parsing of CDROM images can result in information disclosure. CVE-2018-10981 Jan Beulich discovered that malformed device models could result in denial of service. CVE-2018-10982 Roger Pau Monne discovered that incorrect handling of high precision event timers could result in denial of service and potentially privilege escalation. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlr7PHoACgkQEMKTtsN8 TjbvyBAAqSJFsDcTo75hggE1faIttXR3UKOwJ4eSKbkf3G6/JnvotuO5z4bQXDBC XZfkL6kOTl579vmCGgCvBv/SrrPrJ1ibhrw+Dz1MIcjX4Yt9mb6NriWuMTObknca uw6qJakWZTB3tFcp3LlmN80B8lY/67XR8mQaZ4f0yHhGEfqIunEtSgLelmp5lLu2 M/m1iH9zQon3muhQiXiHJeMg1ghJ3xvFKbuEU9prih4NNinxquv0pmAzfbPCCBN6 E4cuEjArzdnwLydeWfCoLrFOZh5rvoMTmmK8gj2/KVlbC5YgJ5/xVlc89B4PaJKL m3oUV2dnLEpubC7uuXSOoejMnfbPcOGM4VYrmuIuxEfZZVNYE/NxvmNCZ+JDzQV7 Z939vOgyqyuojFFt7lgvoCWM2Q3xDRMrE9akK1KyAGmvyRzoczblw8N6dzL8sain gs5LUE/5dCJWQWv4IPz/V/nl50Lh+tYjbdVuZaiXxKYiqiWuCY0Ea+8QIb2UWGrk rC2BUYaoYBEo0vQhzBIi91E2hyQ+2Y6+zP6zTVTEA8PDw2YnfdffzydQ3Z9l4OSN IoTOojXPpMdcCSVzBC5OkvzBuQ6qzkVh3vftxajYazuiSrPJl8KenLJ6jFlpCzA3 p+140rFiElDCUkHacCmfs4zWQ+/ZLcoAppIxvxDEZYWyRJp3qgU= =KAUD -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact ====== A local attacker could cause a Denial of Service condition or disclose sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service. plural Dell EMC The product includes XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. are all products of Dell in the United States. Dell EMC Unisphere for VMAX Virtual Appliance (vApp) is a management tool for VMAX storage arrays. EMC Solutions Enabler Virtual Appliance is a solution application virtual appliance

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. Integrated Management Module II (IMM2) Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 91149 It is released as.Information may be obtained. IBMFlexSystemx220ComputeNode and so on are different series of server devices from IBM Corporation of the United States. IntegratedManagementModuleII (IMM2) is one of the integrated management modules. There are security vulnerabilities in IMM2 in several IBM products. A remote attacker can exploit this vulnerability to obtain sensitive account information. IBM Flex System x220 Compute Node, etc. The following products are affected: IBM Flex System x220 Compute Node; Flex System x222 Compute Node; Flex System x240 Compute Node; Flex System x440 Compute Node; Flex System Manager Node 7955 and 8731; NeXtScale nx360 M4; System x3500 M4; System x3530 M4; System x3550 M4; System x3630 M4; System x3650 M4; System x3750 M4; System x iDataPlex dx360 M4. The following firmware versions are affected: Version 3.50 1AOO50B, Version 3.55 1AOO50E, Version 3.56 1AOO50K, Version 3.65 1AOO50D, Version 3.67 1AOO50G

The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. Integrated Management Module II (IMM2) Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 91146 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. IBM Flex System x222 servers is a x222 series blade server of IBM Corporation in the United States

In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection. Vecna VGo Robot Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VGo is a new productivity improvement solution that allows individuals to replicate themselves in remote locations and move freely as if they were there

In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. Vecna VGo Robot Contains an information disclosure vulnerability.Information may be obtained. VGo is a new productivity improvement solution that allows individuals to replicate themselves in remote locations and move freely as if they were there. Vecna VGo Robot is prone to an information-disclosure vulnerability and an OS command execution vulnerability. Attackers may exploit these issues to obtain sensitive information or execute arbitrary OS commands

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Advantech WebAccess HMI Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess HMI Designer is a Human Machine Interface (HMI) runtime development software. Advantech WebAccess HMI Designer is prone to the following security vulnerabilities: 1. Multiple heap-based buffer-overflow vulnerabilities. 2. Multiple remote-code execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or cause a denial-of-service condition. Advantech WebAccess HMI Designer, version 2.1.7.32 and prior are vulnerable. The product has functions such as data transmission, menu editing and text editing. A heap-based buffer error vulnerability exists in Advantech WebAccess HMI Designer 2.1.7.32 and earlier versions

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Advantech WebAccess HMI Designer Contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess HMI Designer is a Human Machine Interface (HMI) runtime development software. Advantech WebAccess HMI Designer is prone to the following security vulnerabilities: 1. Multiple heap-based buffer-overflow vulnerabilities. 2. Multiple remote-code execution vulnerabilities. Advantech WebAccess HMI Designer, version 2.1.7.32 and prior are vulnerable. The product has functions such as data transmission, menu editing and text editing. A double free vulnerability exists in Advantech WebAccess HMI Designer 2.1.7.32 and earlier versions

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. Advantech WebAccess HMI Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess HMI Designer is a Human Machine Interface (HMI) runtime development software. Advantech WebAccess HMI Designer is prone to the following security vulnerabilities: 1. Multiple heap-based buffer-overflow vulnerabilities. 2. Multiple remote-code execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or cause a denial-of-service condition. Advantech WebAccess HMI Designer, version 2.1.7.32 and prior are vulnerable. The product has functions such as data transmission, menu editing and text editing

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. Momentum Axel 720P The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the MomentumAxel720P version 5.1.8, which is derived from the hard-coded password used by the appagent account: streaming. A remote attacker can exploit this vulnerability to view video streams