VARIoT IoT vulnerabilities database

Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains firmware, authorization, authority, and access control vulnerabilities.Information may be obtained. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". Microsoft .NET is prone to a denial-of-service vulnerability. Successful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0522-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0522 Issue date: 2018-03-14 CVE Names: CVE-2018-0875 ===================================================================== 1. Summary: Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and includes a CLR implementation. These correspond to the March 2018 security release by .NET Core upstream projects. Security Fix(es): * .NET Core: Hash Collision Denial of Service (CVE-2018-0875) Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0875 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc slFh/sAwzwax82xICfw1G1M= =37s1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. SAP Business Objects Business Intelligence Platform Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to implement HTML injection attacks to gain elevated permissions. An attacker can exploit this issue to gain elevated privileges

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. OSIsoft PI Web API Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product for accessing PI system data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks

A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. OSIsoft PI Vision Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. OSIsoft PI Vision is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. Polycom Trio The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PolycomTrio is a Trio series of business conference phones from Polycom. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. This vulnerability CVE-2018-0784 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends

An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains an access control vulnerability.Information may be altered. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

Remote code execution in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Infinia/Infinia with Hawkeye 4 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GEInfinia/InfiniawithHawkeye4 is a medical imaging device using gamma rays equipped with the Hawkeye4 system from General Electric (GE). A security vulnerability exists in GEInfinia/InfiniawithHawkeye4 that originated from the program using default credentials or hard-coded credentials. GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device

Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam Vulnerabilities related to security functions exist in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There is a denial of service vulnerability in HanwhaTechwinSmartcam. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Hanwha Techwin Smartcam There is a cryptographic vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSmartcam is a series of security surveillance cameras based on cloud services. There are currently no detailed vulnerability descriptions. Hanwha Techwin Smartcams is a cloud-based security monitoring device from Hanwha Korea. There is a security flaw in Hanwha Techwin Smartcams

In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Stack-based buffer overflow (CWE-121) - CVE-2018-7513 ∙ Stack-based buffer overflow may occur due to processing of specially crafted project files. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Heap-based buffer overflow (CWE-122) - CVE-2018-7519 ∙ A heap-based buffer overflow may occur due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. There is a security vulnerability in the Omron CX-Supervisor 3.30 version. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. TitanHQ WebTitan Gateway is a scalable web filtering device. The appliance is used to filter malware, ransomware botnets, malicious websites, and more. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements