VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201803-1960 CVE-2018-9010 Intelbras TELEFONE IP Path traversal vulnerability CVSS V2: 4.0
CVSS V3: 7.2
Severity: HIGH
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. Intelbras TELEFONE IP Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasTELEFONEIPTIP200/200LITE is an IP phone product from Intelbras of Brazil. A security vulnerability exists in the IntelbrasTELEFONEIPTIP200/200LITE60.0.75.29 release. A remote attacker can exploit this vulnerability to read arbitrary files by sending a \342\200\230page\342\200\231 parameter to the /cgi-bin/cgiServer.exx file
VAR-201803-2308 No CVE Auto Station has a denial of service vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
Auto Station is a PLC-IVC series programming software from INVT. Auto Station has a denial of service vulnerability. When the 'data content' entered exceeds or is less than its corresponding 'length', an attacker can obtain a null address through the GetVauleName function, causing a denial of service attack
VAR-201803-1314 CVE-2017-15326 DBS3900 TDD LTE Vulnerabilities in the use of cryptographic algorithms CVSS V2: 4.3
CVSS V3: 4.3
Severity: MEDIUM
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission
VAR-201803-1412 CVE-2018-1207 Dell EMC iDRAC7 and iDRAC8 Injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
VAR-201803-2203 CVE-2018-7502 Beckhoff TwinCAT Untrusted Pointer Reference Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \"remodels\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. Beckhoff TwinCAT 2 and 3.1 are vulnerable
VAR-201803-1909 CVE-2018-8935 AMD Ryzen and Ryzen Pro Vulnerabilities related to authorization, authority, and access control in the platform CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code
VAR-201803-1908 CVE-2018-8934 AMD Ryzen and Ryzen Pro Vulnerabilities related to authorization, authority, and access control in the platform CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code
VAR-201803-1906 CVE-2018-8932 AMD Ryzen and Ryzen Pro Access control vulnerability CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. AMD Ryzen and Ryzen Pro Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. An attacker could exploit this vulnerability to disable system management mode protection, read memory, and execute arbitrary code
VAR-201803-1907 CVE-2018-8933 AMD EPYC Server Access control vulnerability CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. AMD EPYC Server Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server is a server central processing unit (CPU) data processing chip of American AMD company. An attacker could exploit this vulnerability to write or read memory and disable system management mode protection
VAR-201803-1811 CVE-2018-5509 plural F5 BIG-IP Vulnerability related to input validation in products CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit the vulnerability to cause TMM to crash and fail over, resulting in a denial of service. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AAM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AFM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP APM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP ASM 13.0.0 and 12.1.0 through 12.1. Version 3.1; BIG-IP Link Controller Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP PEM Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP WebSafe Version 13.0.0 and versions 12.1.0 through 12.1.3.1
VAR-201803-1814 CVE-2018-5502 plural F5 BIG-IP Certificate validation vulnerabilities in products CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. plural F5 BIG-IP The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: BIG-IP LTM version 13.0.0 through 13.1.0.3; BIG-IP AAM version 13.0.0 through 13.1.0.3; BIG-IP AFM version 13.0.0 through 13.1.0.3; BIG -IP Analytics version 13.0.0 to 13.1.0.3; BIG-IP APM version 13.0.0 to 13.1.0.3; BIG-IP ASM version 13.0.0 to 13.1.0.3; BIG-IP DNS version 13.0.0 to Version 13.1.0.3; BIG-IP Edge Gateway Version 13.0.0 through Version 13.1.0.3; BIG-IP GTM Version 13.0.0 through Version 13.1.0.3; BIG-IP Link Controller Version 13.0.0 through Version 13.1.0.3; BIG -IP PEM version 13.0.0 to 13.1.0.3; BIG-IP WebAccelerator version 13.0.0 to 13.1.0.3; BIG-IP WebSafe version 13.0.0 to 13.1.0.3
VAR-201803-1904 CVE-2018-8930 plural AMD Vulnerability related to input validation in products CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. plural AMD The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server, etc. are all central processing unit (CPU) products of AMD in the United States. Attackers can exploit this vulnerability to install malicious software and disable security features
VAR-201805-1110 CVE-2018-5446 Medtronic 2090 Carelink Programmer Vulnerabilities related to certificate and password management CVSS V2: 2.1
CVSS V3: 5.3
Severity: MEDIUM
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry. An attacker could exploit this vulnerability to obtain credentials into a software deployment network
VAR-201805-1111 CVE-2018-5448 Medtronic 2090 Carelink Programmer Path traversal vulnerability CVSS V2: 2.7
CVSS V3: 5.7
Severity: MEDIUM
Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Medtronic 2090 Carelink Programmer Contains a path traversal vulnerability.Information may be obtained. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry
VAR-201803-1817 CVE-2018-5505 plural F5 BIG-IP Resource management vulnerabilities in products CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM and Analytics are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application resulting in denial-of-service conditions. F5 BIG-IP ASM is a web application firewall (WAF) that provides secure remote access, protects email, and simplifies web access control while enhancing network and application performance. Analytics is a suite of web application performance analysis software. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-201803-1815 CVE-2018-5503 F5 BIG-IP Policy Enforcement Manager Input validation vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. F5 BIG-IP Policy Enforcement Manager (PEM) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. PEM is one of the policy execution managers. There are security vulnerabilities in F5BIG-IPPEM version 13.0.0 to version 13.1.0.3 and version 12.0.0 to 12.1.3.1. A remote attacker can exploit this vulnerability to create a denial of service with a specially crafted page. A security vulnerability exists in F5 BIG-IP PEM versions 13.0.0 through 13.1.0.3 and 12.0.0 through 12.1.3.1
VAR-201804-1268 CVE-2018-7241 plural Schneider Electric Vulnerabilities related to the use of hard-coded credentials in products CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\Modicon Quantum\\Modicon M340\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program
VAR-201803-1313 CVE-2017-15325 Huawei Smart Phone Software integer overflow vulnerability CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Huawei Smart Phone Software contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Glory 8 Youth Edition is a smart phone device. The Huawei Glory 8 Youth Edition Bdat driver has an integer overflow vulnerability
VAR-201803-1905 CVE-2018-8931 plural AMD Access control vulnerabilities in products CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. AMD Ryzen and so on are a central processing unit (CPU) of AMD in the United States. An attacker could exploit this vulnerability to perform write operations to protected memory areas
VAR-201803-1910 CVE-2018-8936 plural AMD Vulnerabilities related to authorization, authority, and access control in products CVSS V2: 9.3
CVSS V3: 9.0
Severity: CRITICAL
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. plural AMD The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server, etc. are all central processing unit (CPU) products of AMD in the United States. Security flaws exist in several AMD products. An attacker could exploit this vulnerability to elevate privileges. The following products are affected: AMD EPYC Server; Ryzen; Ryzen Pro; Ryzen Mobile