VARIoT IoT vulnerabilities database

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. HPE Integrated Lights-out 4 (iLO 4) Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HP Integrated Lights-Out is prone to following security vulnerabilities: 1. An unspecified remote code-execution vulnerability 2. An unspecified authentication-bypass vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application,bypass security restrictions, or execute arbitrary code. HP Integrated Lights-Out 4 (iLO 4) is an embedded server management technology of Hewlett-Packard (HP), which monitors and maintains the running status of the server, remotely manages the server, etc. through an integrated remote management port. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03769en_us Version: 1 HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: - CVE-2017-12542 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Integrated Lights-Out 4 (iLO 4), Prior to 2.53 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-12542 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise would like to thank Fabien Perigaud of Airbus Defense and Space CyberSecurity for reporting this vulnerability. * The firmware is available at <http://www.hpe.com/support/ilo4> HISTORY Version:1 (rev.1) - 24 August 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZnewMAAoJELXhAxt7SZaiW6QH/3Zf7Af6Z/yTdD3x5CkgrHX/ FGwCyI+kMFa081Cikv3doscxkrWkTB+Y1TMusixocCEJGDdbSrRKxhE/akaaR22T kLnFrl5AlMEYqZp/szjuU8EldoBSH3cZq4KPqwLa6EbD40ibexV/MjzfUaT5vVeU /PrvKA0s1KNVosueJ1M7CXk59C1zJ0weJS3A+4tXp61A58m+31qYRSdAtcgUFhqe K1sgJ+mYALgqV7QCxc1hDR32m+oekty8CbyUElYk6Jy+izwXIFFc7n7O1nixFbiJ TGt+VLcl3reQv5xzelsaTxUyj8ZmSzTrpA9Ly0uf+xYObwSZ9RTrRWcDQC73Fww= =/mQI -----END PGP SIGNATURE-----

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The WestermoMRD-305-DIN, MRD-315 and MRD-355 are all router products from Westermo, Sweden. There are security vulnerabilities in several Westermo devices. An attacker could exploit this vulnerability to decode traffic from other sources. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. The following products and versions are affected: Westermo MRD-305-DIN 1.7.5.0 previous version, MRD-315 1.7.5.0 previous version, MRD-355 1.7.5.0 previous version, MRD-455 1.7.5.0 previous version

A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. plural Westermo The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have spoofing vulnerabilities. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. Westermo MRD-305-DIN etc. A remote attacker could exploit this vulnerability to perform unauthorized operations. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. Multiple Westermo Routers are prone to the following security vulnerabilities: 1. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. Westermo MRD-305-DIN etc. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. HPE Integrated Lights-Out is an embedded server management technology that monitors and maintains server health, remotely manages servers, and more through an integrated remote management port. Release Date: 2017-11-16 Last Updated: 2017-11-15 Potential Security Impact: Remote: Authentication Bypass Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE iLO 4, 3, 2 and Moonshot RCA. The vulnerability could be exploited remotely to allow disclosure of information. References: - CVE-2017-12543 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE Moonshot Remote Console Administrator Prior to 2.50 - HP Integrated Lights-Out 4 (iLO 4), Prior to 2.53 - HP Integrated Lights-Out 3 (iLO 3), Firmware for ProLiant G7 Servers Prior to v1.89 - HP Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers Prior to v2.30 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-12543 2.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N 2.1 (AV:N/AC:H/Au:S/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise would like to thank Daniel Lawson of MWR InfoSecurity for reporting this vulnerability. RESOLUTION HPE has provided the following software updates to resolve the vulnerability in HPE Integrated Lights-out 4 and Moonshot Remote Console Administrator (iLO 4 and mRCA) products: * Upgrade to iLO 4 firmware version 2.55 or subsequent * Upgrade to HPE Moonshot RCA 2.50 or subsequent * Upgrade to iLO 3 v1.89 or subsequent * Upgrade to iLO 2 v2.30 or subsequent HISTORY Version:1 (rev.1) - 24 August 2017 Initial Release Version:2 (rev.2) - 19 September 2017 Removed references to iLO 2 and iLO 3 Version:3 (rev.3) - 10 November 2017 added iLO 3, and iLO 2, changed ilo4 recommendation to 2.55 Version:4 (rev.4) - 15 November 2017 Updated for publishing Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJaDHQHAAoJELXhAxt7SZaiQsYIALtKp1+vrltYOYNv2S9b7HTq fxEjthat+dGnIfekvFuDZ4uhUwda82BwOsIcbpRlSS5sN2BV6lCLyiNI8A5tIRAx OVz7aCixmmmGo4HYIh5Ngixl6/HeDJHMchj9cUQqrCErQd+SGa+y2J08Glnr5LBm 7ndQRzA0A8PP2wxV5AZgTl1zaMUp87PYzsWmT3vbNfyd7pXRDrDiUE8fd/SOiryo WXGmWsuse1NsATdDQmG2Jidag9FW5OME6x+F+J6k1KYu/Dai5dYmBiFfBkOXJVPr 0aWrarzC9XZrBPvI445cP3wknu04wUf+fA9KdDMUewtWjbJCKpg8dl2tESRXi1E= =n9cy -----END PGP SIGNATURE-----

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456. Vendors have confirmed this vulnerability Bug ID CSCve61540 , CSCvh23085 ,and CSCvh95456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AdaptiveSecurityAppliance (ASA)Software is one of the operating systems. ClientlessSecureSocketsLayer(SSL)VPN is one of the SSL (Secure Sockets Layer) VPN applications

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Synology Photo Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. ThinkPad USB 3.0 The Ethernet adapter driver contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad USB 3.0 Ethernet Adapter is prone to a local privilege-escalation vulnerability

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. Synology DNS Server Contains a path traversal vulnerability.Information may be tampered with. Synology DNS Server is a set of DNS server solutions from Synology

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835. DokodemoeyeSmartHDSCR02HD is a wireless monitor from NIPPONANTENNA

Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835. DokodemoeyeSmartHDSCR02HD is a wireless monitor from NIPPONANTENNA. DokodemoeyeSmartHDSCR02HD has a directory traversal vulnerability that allows an attacker to exploit any local file on the product

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835. DokodemoeyeSmartHDSCR02HD is a wireless monitor from NIPPONANTENNA

The HG-100R is a router. There is a DNS hijacking vulnerability in the HUMAXWiFi router HG-100R. The vulnerability first constructs authentication that bypasses the management console around a particular request. The session token could not be verified because the router returned a response for some methods in \"url/api\". An attacker could use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of HTMLSlotElement objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files accessible to the SYSTEM account. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. SpiderControl SCADA MicroBrowser Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of the StaticHTMLTagsFileName tag. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. SCADA MicroBrowser is a software management platform. Failed exploit attempts will likely result in denial-of-service conditions. SCADA MicroBrowser 1.6.30.144 and prior are vulnerable

Dreambox is a wireless routing system similar to openwrt. The OpenDreamBox plugin has a remote code execution vulnerability that allows an attacker to exploit a vulnerability to illegally execute arbitrary commands.

Schneider Electric Trio TView Software is a virtual diagnostic software. Schneider Electric Trio TView Software has a dll hijacking vulnerability. The vulnerability is caused by the failure to specify an absolute path for the DLL included in the Trio TView Software application, allowing an attacker to use the vulnerability to build a malicious application, place it in a specific path, and cause the application to maliciously load the DLL and execute it