VARIoT IoT vulnerabilities database

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. ALC WebCTRL , i-Vu ,and SiteScan Web Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation Products are prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. WebCTRL®, Automated Logic's web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It's everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. Additionaly, an improper authorization access control occurs when using the 'anonymous' user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.The application suffers from an unquoted search path issue as well impacting the service'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. This couldpotentially allow an authorized but non-privileged local user to execute arbitrarycode with elevated privileges on the system. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)

An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory. General Motors Shanghai OnStar is prone to multiple security vulnerabilities. An attackers may exploit these issues to gain unauthorized complete access to the affected application by bypassing intended security restrictions or perform man-in-the-middle attack to edit or view sensitive information that may aid in launching further attacks. Shanghai OnStar 7.1 is vulnerable; other versions may also be affected

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level. plural Mirion Technologies The product contains a vulnerability related to cryptographic strength.Information may be obtained. Mirion Technologies provides a source of solutions for nuclear, military, radiation detection and monitoring. Mirion Technologies Telemetry Enabled Devices is a denial of service vulnerability that could be exploited by an attacker to transmit fraudulent data or perform denial of service. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. RSD31-AM Package), DRM-1/2 and variants (incl. Security vulnerabilities exist in several Mirion Technologies products

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware. plural Mirion Technologies The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Mirion Technologies provides a source of solutions for nuclear, military, radiation detection and monitoring. Mirion Technologies Telemetry Enabled Devices is a denial of service vulnerability that could allow an attacker to transmit fraudulent data or perform denial of service. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. RSD31-AM Package), DRM-1/2 and variants (incl. are products of Mirion Technologies in the United States. Mirion Technologies DMC 3000 Transmitter Module is a DMC 3000 series control card

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Philips DoseWise Portal The application contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. There is a hard-coded vulnerability in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians

The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Philips DoseWise Portal of Web The base application contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. A plaintext storage vulnerability exists in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians. A remote attacker could exploit this vulnerability to gain access to the DWP application database

On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. D-Link DIR-605L There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-605L is a cloud router product from D-Link. A denial of service vulnerability exists in D-LinkDIR-605L with firmware prior to 2.08 UIBetaB01.bin. An attacker could exploit the vulnerability by sending a specially crafted GET request to cause the device to reboot. D-Link DIR-605L is prone to a denial-of-service vulnerability. Versions prior to D-Link DIR-605L 2.08UIBetaB01.bin are vulnerable

A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiOS is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiOS is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam

Hikvision vehicle remote monitoring system is a set of vehicle video network monitoring platform software. Hikvision vehicle remote monitoring system CUInfoHandle.php file parameter CUID has SQL injection vulnerability. Allows attackers to exploit vulnerabilities to obtain database sensitive information.

Hikvision vehicle remote monitoring system is a set of vehicle video network monitoring platform software. Hikvision remote monitoring system AddArea.php file parameter SelectedEnableAdmin has a SQL injection vulnerability. Allows attackers to exploit vulnerabilities to obtain database sensitive information.

Hikvision vehicle remote monitoring system is a set of vehicle video network monitoring platform software. Hikvision vehicle remote monitoring system AddUser.php file parameter CUID has SQL injection vulnerability. Allows attackers to exploit vulnerabilities to obtain database sensitive information.

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. .Information may be obtained. Huaweinova Youth Edition is the smartphone device of China Huawei. Huaweinova Youth Edition has a privilege escalation vulnerability. Huawei Smart Phones are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks

SAP NetWeaver is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP Business Planning and Consolidation is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.

SAP NetWeaver is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition.

SAP NetWeaver AS ABAP is prone to an unspecified denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

Ambowtone Application Gateway is an inter-network device developed by Beijing Ableton Technology Co., Ltd. to connect one network with another network to provide specific applications. Ambient Application Gateway has an arbitrary file traversal vulnerability. Attackers use user-controllable data to access files and directories located in the reference server or its back-end file system in a dangerous manner, leading to a path traversal vulnerability.

SAP NetWeaver is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.