VARIoT IoT vulnerabilities database

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI. Siemens SINEC Traffic Analyzer has an insufficient credential protection vulnerability, which is caused by the web server storing passwords in plain text, which can be exploited by attackers to obtain access passwords

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. Siemens' sinec traffic analyzer Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized access. Siemens' sinec traffic analyzer contains a session expiration vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains. This could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300

A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. Siemens' TIA Administrator Contains a vulnerability in creating temporary files in the access permission directory.Service operation interruption (DoS) It may be in a state. TIA Administrator is a web-based framework that can merge different functional modules to complete management tasks and manage SIMATIC software and license functions

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. PowerSys is a service program used for debugging, maintenance and diagnosis of PowerLink 50/100 or SWT 3000 devices

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. (DoS) It may be in a state. NETGEAR RAX30 is a WiFi 6 router launched by NETGEAR. It supports dual bands (2.4GHz and 5GHz), has a maximum transmission rate of 2400Mbps, uses three external antennas, is equipped with a 1.5GHz triple-core processor, and can connect 20 devices at the same time. NETGEAR RAX30 has a trust management problem vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843. of netgear RAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. of netgear WNR614 The firmware contains a vulnerability related to storing sensitive information in plaintext in memory.Information may be obtained and information may be tampered with. NETGEAR WNR614 is an N300 wireless router with an external antenna from Netgear. The vulnerability is caused by a problem in the WPS implementation. Attackers can exploit this vulnerability to access the router's password

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. of netgear WNR614 The firmware contains a vulnerability related to plaintext storage of sensitive information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear WNR614 is a N300 wireless router with an external antenna from Netgear. Netgear WNR614 has a security vulnerability that is caused by storing credentials in plain text. No detailed vulnerability details are provided at this time

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. of netgear WNR614 A weak password requirement vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Netgear WNR614 is an N300 wireless router with an external antenna from Netgear. No detailed vulnerability details are available at this time

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. of netgear WNR614 There are unspecified vulnerabilities in the firmware.Information may be obtained and information may be tampered with. Netgear WNR614 is an N300 wireless router with an external antenna from Netgear

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. of netgear WNR614 The firmware contains a vulnerability related to weak authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR614 is a N300 wireless router with an external antenna from Netgear. No detailed vulnerability details are currently available

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. HCL Technologies Limited of Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. of netgear WNR614 A path traversal vulnerability exists in firmware.Information may be tampered with. NETGEAR WNR614 is an N300 wireless router with an external antenna from NETGEAR Inc. Attackers can exploit this vulnerability to cause information leakage

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the coreServiceShell. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Authentication is required to exploit this vulnerability.The specific flaw exists within the HTTP Inspection component. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. Fuji Electric's Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a human-machine interface software from Fuji Electric

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. TOTOLINK of CP300 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK is a mid-to-high-end wireless router brand in the Asia-Pacific region