VARIoT IoT vulnerabilities database

SAP NetWeaver is prone to an unspecified denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution. root May be promoted to. EMC VNX1/VNX2 OE for File are prone to a remote code-execution vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station EMC Identifier: ESA-2017-041 CVE Identifier: CVE-2017-4984, CVE-2017-4985, CVE-2017-4987 Severity Rating: CVSS v3 Base Score: See below for individual CVEs. CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Local privilege escalation vulnerability (CVE-2017-4985) A local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. Link to remedies: To upgrade your EMC VNX system contact EMC VNX Customer Support: https://support.emc.com Registered EMC Support customers can download EMC VNX software from the EMC Online Support web site at https://support.emc.com. [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZP+8EAAoJEHbcu+fsE81ZcQAIAKQy3Bz6TVxivhhkTu/JyasN NRL0ZGplMm8gy8nCQyu+8VuiWz/OKIyvc1HClt+cD4LcjbIH04jxx5/3TU7FtI2X RjOcngSq40lWWcmlJ4m8E1AejLiS26+bx35wFxR9jU75htfKlrb7VHXn8XjBDieb q8csQkdHS11oOXhxrzqkwmPJ9y1qvFd01ikAsNk92iJwiiK9eaGW8ZS5NpLVd0Tm DWgmZzz1mACdfS0gl/13QiBKgyB3S6QkaaWzDTwAr/kBx8EZwXNDb8YqjVLYt5Q3 zUhZILy57Tje9cC3rZyFxFAhYdAZtjSjoJ+Tp8fqhLQOjqcBuQ3PPw2kgHYiI/M= =9F5r -----END PGP SIGNATURE-----

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system. EMC VNX1/VNX2 OE for File are prone to a local privilege-escalation vulnerability. The vulnerability stems from the fact that the program does not perform authentication. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station EMC Identifier: ESA-2017-041 CVE Identifier: CVE-2017-4984, CVE-2017-4985, CVE-2017-4987 Severity Rating: CVSS v3 Base Score: See below for individual CVEs. Details: Remote code execution vulnerability (CVE-2017-4984) An unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Uncontrolled search path vulnerability (CVE-2017-4987) This vulnerability may be exploited by a local authenticated user to load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system. Link to remedies: To upgrade your EMC VNX system contact EMC VNX Customer Support: https://support.emc.com Registered EMC Support customers can download EMC VNX software from the EMC Online Support web site at https://support.emc.com. [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZP+8EAAoJEHbcu+fsE81ZcQAIAKQy3Bz6TVxivhhkTu/JyasN NRL0ZGplMm8gy8nCQyu+8VuiWz/OKIyvc1HClt+cD4LcjbIH04jxx5/3TU7FtI2X RjOcngSq40lWWcmlJ4m8E1AejLiS26+bx35wFxR9jU75htfKlrb7VHXn8XjBDieb q8csQkdHS11oOXhxrzqkwmPJ9y1qvFd01ikAsNk92iJwiiK9eaGW8ZS5NpLVd0Tm DWgmZzz1mACdfS0gl/13QiBKgyB3S6QkaaWzDTwAr/kBx8EZwXNDb8YqjVLYt5Q3 zUhZILy57Tje9cC3rZyFxFAhYdAZtjSjoJ+Tp8fqhLQOjqcBuQ3PPw2kgHYiI/M= =9F5r -----END PGP SIGNATURE-----

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability. EMC VNX2 and VNX1 The target VNX Control Station A vulnerability exists that allows arbitrary code to be executed on the system. Versions prior to VNX2 OE for File 8.1.9.211 and VNX1 OE for File 7.1.80.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station EMC Identifier: ESA-2017-041 CVE Identifier: CVE-2017-4984, CVE-2017-4985, CVE-2017-4987 Severity Rating: CVSS v3 Base Score: See below for individual CVEs. Details: Remote code execution vulnerability (CVE-2017-4984) An unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Local privilege escalation vulnerability (CVE-2017-4985) A local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) Resolution: The following releases contains resolutions to these vulnerabilities EMC VNX2 OE for File 8.1.9.211 EMC VNX1 OE for File 7.1.80.8 EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: To upgrade your EMC VNX system contact EMC VNX Customer Support: https://support.emc.com Registered EMC Support customers can download EMC VNX software from the EMC Online Support web site at https://support.emc.com. [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZP+8EAAoJEHbcu+fsE81ZcQAIAKQy3Bz6TVxivhhkTu/JyasN NRL0ZGplMm8gy8nCQyu+8VuiWz/OKIyvc1HClt+cD4LcjbIH04jxx5/3TU7FtI2X RjOcngSq40lWWcmlJ4m8E1AejLiS26+bx35wFxR9jU75htfKlrb7VHXn8XjBDieb q8csQkdHS11oOXhxrzqkwmPJ9y1qvFd01ikAsNk92iJwiiK9eaGW8ZS5NpLVd0Tm DWgmZzz1mACdfS0gl/13QiBKgyB3S6QkaaWzDTwAr/kBx8EZwXNDb8YqjVLYt5Q3 zUhZILy57Tje9cC3rZyFxFAhYdAZtjSjoJ+Tp8fqhLQOjqcBuQ3PPw2kgHYiI/M= =9F5r -----END PGP SIGNATURE-----

A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. Trihedral VTScada Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A denial of service vulnerability exists in versions of Trihedral VTScada prior to 11.2.26 that caused the program to fail to validate input or limit the total amount of resources used. An attacker could exploit the vulnerability to cause a denial of service (a significant drain on resources). Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. A cross-site scripting vulnerability. 3. An information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 ------------------------ AFFECTED PRODUCTS ------------------------ The following versions of VTScada, an HMI SCADA software, are affected: VTScada Versions prior to 11.2.26 ------------------------ IMPACT ------------------------ Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H> ). Exploitation Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system. Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually. Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N> ). Exploitation Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting. INFORMATION EXPOSURE CWE-548 <https://cwe.mitre.org/data/definitions/548.html> Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N> )

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. 3. An information-disclosure vulnerability. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 ------------------------ AFFECTED PRODUCTS ------------------------ The following versions of VTScada, an HMI SCADA software, are affected: VTScada Versions prior to 11.2.26 ------------------------ IMPACT ------------------------ Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure. ------------------------ VULNERABILITY OVERVIEW ------------------------ UNCONTROLLED RESOURCE CONSUMPTION CWE-400 <https://cwe.mitre.org/data/definitions/400.html> The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H> ). Exploitation Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system. Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually. Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N> ). Exploitation Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting. INFORMATION EXPOSURE CWE-548 <https://cwe.mitre.org/data/definitions/548.html> Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N> )

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. A cross-site scripting vulnerability. 3. An information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 ------------------------ AFFECTED PRODUCTS ------------------------ The following versions of VTScada, an HMI SCADA software, are affected: VTScada Versions prior to 11.2.26 ------------------------ IMPACT ------------------------ Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure. ------------------------ VULNERABILITY OVERVIEW ------------------------ UNCONTROLLED RESOURCE CONSUMPTION CWE-400 <https://cwe.mitre.org/data/definitions/400.html> The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H> ). Exploitation Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system. Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually. Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N> ). Exploitation Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N> )

Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Apple QuickTime for Windows is a multimedia player software for Windows developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. Attackers can use malicious DLL files to exploit this vulnerability to gain permissions

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. RSA BSAFE Cert-C prior to 2.9.0.5 are vulnerable. EMC RSA BSAFE Cert-C is an encryption toolkit from EMC Corporation that provides developers with the tools to add privacy and authentication features to their applications. Recommendation: The following RSA BSAFE Cert-C release contains a resolution to this vulnerability: RSA BSAFE Cert-C version 2.9.0.5 RSA recommends all customers upgrade at the earliest opportunity. RSA also reminds customers that RSA BSAFE Cert-C is now End of Primary Support and End of Extended Support per prior notification and customers are strongly advised to migrate to other solutions at the earliest opportunity. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZP+7qAAoJEHbcu+fsE81ZK6MH/1TZIMEEzWwdOIgt+yKLMBFO uzLF/0GmkuWnu1bEvdA4dXvOFovuUQRRb33dE8DRHFknnybqQbH0jw3Tv9kPcE1x +YNUt30zPd8RAn5IyuCC9Zi8fVObpfyhJAmPsOrzqrjeJjZ14Ud372+z3qjZE8yw DrnPnde+uVhJzHtuBeWwxdhOUoT6giQNEVETWybU3jolLSumJ8pIvPhXf5B9j7CI 5yIVubr4QRLTNhIWunlmZ5rY9+dz5fIKYlaSZ8ow6CHEzeLOj0GUYIFB7CQuz7Dn 3PAONK5r6ramzRYvmnPV0RAZCkzzu3sHWROgIRR3qbyLgLxsQJZofLUaRQ8eX48= =uy7+ -----END PGP SIGNATURE-----

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A local attacker could exploit this vulnerability via the command line to obtain certificates

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. Lenovo Mouse Suite is a mouse button configuration application program of China Lenovo (Lenovo). The program can support the user to configure the functions of the mouse buttons and the scroll wheel. An elevation of privilege vulnerability exists in Lenovo Mouse Suite prior to 6.73

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of track_getdata.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of xmlserver.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. Schneider Electric U.motion Builder Software Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the system configuration. The web administration account is set up with the ability to sudo without a password. U.motion Builder is a generator product from Schneider Electric, France. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An authentication bypass vulnerability 4. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. Failed exploits can result in a denial-of-service condition

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. Authentication is not required to exploit this vulnerability.The specific flaw exists within externalframe.php. Exception information is returned to the attacker that contains sensitive path information. This can be leveraged by an attacker in conjunction with other vulnerabilities to execute arbitrary code on the system. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An authentication bypass vulnerability 4. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. Failed exploits can result in a denial-of-service condition

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of syslog_getdata.php, which is exposed on the web service with no authentication. The underlying SQLite database query is subject to SQL injection on the type, level, is_handled, and last_log_id input parameters. A remote attacker can leverage these vulnerabilities to execute arbitrary commands against the database. U.motion Builder is a generator product from Schneider Electric, France

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of the editobject.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of nfcserver.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of localize.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within css.inc.php. An attacker can leverage this to disclose files