VARIoT IoT vulnerabilities database

NETS9 is a multi-satellite reference station receiver. There is a SQL injection vulnerability in the receiver control software of the NETS9 multi-satellite reference station of Guangzhou Nanfang Satellite Navigation Instrument Co., Ltd., allowing attackers to use the vulnerability to obtain sensitive information in the database.

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. LXCA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). There is a privilege escalation vulnerability in versions earlier than Lenovo LXCA 1.3.2

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. LXCA Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). A security vulnerability exists in versions prior to Lenovo LXCA 1.3.2

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. The Asterisk GUI is a framework for configuring graphical user interfaces. Digium Asterisk GUI is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Asterisk GUI 2.1.0 and prior versions are vulnerable

A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. HP Performance Center is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. iniNet Solutions SCADA Web Server Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCADA Webserver is a third-party web-based server software. IniNet Solutions SCADA Web Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. IniNet Solutions SCADA Web Server prior to 2.02.0100 are vulnerable

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. WSO2DataAnalyticsServer is a data analysis server of WSO2 Corporation of the United States, which provides real-time analysis of data streams, complex event processing and machine learning. A cross-site scripting vulnerability exists in the carbon/resources/add_collection_ajaxprocessor.jsp file in WSO2DataAnalyticsServer version 3.1.0. A remote attacker can use this vulnerability to hijack a user's session with the help of the \342\200\230collectionName\342\200\231 or \342\200\230parentPath\342\200\231 parameter, and change the login user password, causing the user session to fail

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. Multiple Schneider Electric Products are prone to an authentication-bypass vulnerability. This may aid in further attacks

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. Ctek SkyRouter Series 4200 and 4400 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SkyRouter is a product of the Swedish CTEK company that manages wireless IP connections. Ctek SkyRouter is prone to an authentication-bypass vulnerability. This may lead to further attacks. Versions prior to ICtek SkyRouter 6.00.11 are vulnerable

An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents. PCD is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to PCD 1.28.16 or 1.24.69 are vulnerable

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities. This vulnerability allows remote attackers to create a denial of service on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within an exposed RMI registry, which listens on TCP port 52569 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Multiple EMC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. The following EMC products are vulnerable: EMC ViPR SRM EMC Storage M&R EMC VNX M&R EMC M&R (Watch4Net) for SAS Solution Packs. Details: * Directory Traversal Vulnerability (CVE-2017-8007) Webservice Gateway used in these products is affected by a directory traversal vulnerability. Please see ESA-2017-089 for more details on how to change the credentials. * Customers are strongly advised to review product documentation and use firewall controls to limit access to WebService Gateway and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. Mitigation information for CVE-2017-8012 for all customers: * Change any default JMX agent credentials. Please see ESA-2017-089 for more details on how to change the credentials. * Review product documentation and use firewall controls to limit access to the JMX ports and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. * Future releases will contain further measures to remove or harden communication via the JMX protocol. EMC VNX M&R customers must migrate to EMC Storage M&R version 4.1 or later to receive future security fixes. Link to remedies: * For EMC ViPR SRM and EMC Storage M&R, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM. * For EMC M&R (Watch4Net) for SAS Solution Packs, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/6175_Smarts-Service-Assurance-Manager * For VNX M&R, registered EMC Online Support customers can follow the mitigation steps described above. Credits: EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting these vulnerabilities. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZwl9WAAoJEHbcu+fsE81ZLegH+wU8RTmKZt33ThZsOJcGekEJ CuD+v/JawNGDxK6nheFPreMa/IQRTTskGeVmbqypcV6Gh5pfx711OYzMnXBsufqH LNNywQ6q1hsM5LPYkZ1hu9bHcotM5Uvd80Lpsld1xU3TGbU+ruULPK2WY1QHcIyL IvU43HW803SCTS5lNaL+OKX3Coa+UUW1t7psJ0mVdCC3U19Qh+RrZPSnyHBThe5Z Btho0WoKauY+jqO6RxML+BT8D02Dn/+kjnlWyaca0QTXu8k0oEBqLI+vnO+KJCKY HxkxI1uvWsWy+z7x3MdsatFCl9ksMpXsWBoPR4EgZGbebDX38R9+ww/ryWQDPQ8= =jk2j -----END PGP SIGNATURE-----

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible. WatchGuard Fireware Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. WatchGuardFirewareXTM is a firewall device from WatchGuard, Inc., which provides intrusion prevention, spam virus filtering, and SSLVPN through intelligent layering technology. WatchGuardFireware is the firmware in it. A security vulnerability exists in versions of WatchGuardFireware prior to 12.0. An attacker could exploit the vulnerability with a continuous invalid login request to cause a denial of service (wgagent crash)

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within Scheduler.class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. EMCViPRSRM and other products are products of American company. EMCViPRSRM is a set of storage resource management software. StorageM&R is a data storage collector. WebserviceGateway is one of the gateways. A remote attacker could use the vulnerability to access information, change or delete data by sending a request with a directory traversal sequence of \342\200\230../\342\200\231. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities EMC Identifier: ESA-2017-081 CVE Identifier: CVE-2017-8007, CVE-2017-8012 Severity Rating: CVSS Base Score: See below for individual scores. CVSSv3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) * JMX Denial of Service Vulnerability (CVE-2017-8012) The Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components in these products can be leveraged to create a denial of service (DoS) condition. Please see ESA-2017-089 for more details on how to change the credentials. * Customers are strongly advised to review product documentation and use firewall controls to limit access to WebService Gateway and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. Mitigation information for CVE-2017-8012 for all customers: * Change any default JMX agent credentials. Please see ESA-2017-089 for more details on how to change the credentials. * Review product documentation and use firewall controls to limit access to the JMX ports and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. * Future releases will contain further measures to remove or harden communication via the JMX protocol. EMC VNX M&R customers must migrate to EMC Storage M&R version 4.1 or later to receive future security fixes. Link to remedies: * For EMC ViPR SRM and EMC Storage M&R, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM. * For EMC M&R (Watch4Net) for SAS Solution Packs, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/6175_Smarts-Service-Assurance-Manager * For VNX M&R, registered EMC Online Support customers can follow the mitigation steps described above. Credits: EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting these vulnerabilities. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZwl9WAAoJEHbcu+fsE81ZLegH+wU8RTmKZt33ThZsOJcGekEJ CuD+v/JawNGDxK6nheFPreMa/IQRTTskGeVmbqypcV6Gh5pfx711OYzMnXBsufqH LNNywQ6q1hsM5LPYkZ1hu9bHcotM5Uvd80Lpsld1xU3TGbU+ruULPK2WY1QHcIyL IvU43HW803SCTS5lNaL+OKX3Coa+UUW1t7psJ0mVdCC3U19Qh+RrZPSnyHBThe5Z Btho0WoKauY+jqO6RxML+BT8D02Dn/+kjnlWyaca0QTXu8k0oEBqLI+vnO+KJCKY HxkxI1uvWsWy+z7x3MdsatFCl9ksMpXsWBoPR4EgZGbebDX38R9+ww/ryWQDPQ8= =jk2j -----END PGP SIGNATURE-----

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. Vendors have confirmed this vulnerability Bug ID CSCvd29354 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AsyncOS Software is the operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 9.0, Release 9.1, Release 9.6, Release 9.7, Release 9.8, Release 10.0

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785. Cisco FindIT Network Discovery Utility Contains an unreliable search path vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve89785 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoFindITNetworkDiscoveryUtility is a network device manager from Cisco. This product provides management capabilities for Cisco network devices. A security vulnerability exists in CiscoFindITNetworkDiscoveryUtility. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Citrix NetScaler ADC and NetScaler Gateway are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The following products are affected: Citrix NetScaler ADC and NetScaler Gateway version 12.0 prior to build 53.13 Citrix NetScaler ADC and NetScaler Gateway version 11.1 prior to build 55.13 Citrix NetScaler ADC and NetScaler Gateway version 11.0 prior to build 70.16 Citrix NetScaler ADC and NetScaler Gateway version 10.5 prior to build 66.9 Citrix NetScaler ADC and NetScaler Gateway version 10.5e prior to build 60.7010.e Citrix NetScaler ADC and NetScaler Gateway version 10.1 prior to build 135.18. The following products and versions are affected: Citrix NetScaler Gateway Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1; NetScaler ADC Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752. Vendors have confirmed this vulnerability Bug ID CSCve92752 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successful exploits may aid in further attacks

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586. Vendors have confirmed this vulnerability Bug ID CSCve82586 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The CiscoSmallBusinessSPA300, SPA500, and SPA51x are Cisco S-Series IP telephony products. Multiple Cisco Products are prone to a denial-of-service vulnerability

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835. Vendors have confirmed this vulnerability Bug ID CSCve76835 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform provides functions such as report-related business data and comprehensive display of call center data

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048. Vendors have confirmed this vulnerability Bug ID CSCvc63048 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. This software is mainly used in the link environment with small bandwidth and large delay