VARIoT IoT vulnerabilities database

A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. A remote attacker exploited the vulnerability to obtain sensitive information. An attacker can exploit this issue to execute arbitrary commands on the affected system with root privileges. This may aid in further attacks

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. The NETGEARDGN2200 is an ADSL router device. There are arbitrary command execution vulnerabilities in ping.cgi in the NETGEARDGN220010.0.0.50 version. NETGEAR DGN2200 is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 10.0.0.50 is vulnerable. There is a security vulnerability in the ping.cgi file in NETGEAR DGN2200 with firmware version 10.0.0.50 and earlier

Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. ZyXELUSG50 and others are products of ZyXEL Technology. The ZyXELUSG50 is a firewall product. ZyXELNWA3560-N is a switch product. A remote denial of service vulnerability exists in several Zyxel products. Both Zyxel USG50 Security Appliance and NWA3560-N Access Point are products of Zyxel. The former is a set of network security firewall equipment, and the latter is a wireless access point product. Security vulnerabilities exist in Zyxel USG50 Security Appliance and NWA3560-N Access Point

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp. Apple Safari Technology Preview is a browser of Apple (Apple). WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. There is a security vulnerability in the JavaScriptCore of WebKit released in Apple Safari Technology Preview Release 18

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. Apple macOS is prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. libxpc is an open source implementation of Apple's XPC library. A security vulnerability exists in the libxpc component of Apple macOS Sierra prior to 10.12. An attacker can exploit this vulnerability to break out of the sandbox

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations. Apple macOS is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. Versions prior to macOS 10.12.2 are vulnerable. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. xar is one of those tools that provides an easily extensible archive format

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string. Apple iOS/macOS are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Apple tvOS, iOS, and macOS Sierra are all products of Apple Inc. in the United States. Apple tvOS is a smart TV operating system; iOS is an operating system developed for mobile devices. CoreText is one of the text engines that can control text formatting and text layout. The following products and versions are affected: Apple tvOS prior to 10.1; iOS prior to 10.2; macOS Sierra prior to 10.12.2

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must connect to a WiFi access point.The specific flaw exists within the usage of the legacy-diagnostics protocol handler. The issue lies in the launching of a diagnostic application that is able to render webpages outside of the sandbox. An attacker can leverage this vulnerability to escalate privileges outside the context of the sandbox. Apple iOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. WebSheet is one of the web form application components

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher. Apple iOS is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Springboard is a desktop for Apple iDevice

Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability.The specific flaw exists within global processing of requests inside the web server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. A security vulnerability exists in versions prior to LAquis SCADA 4.1.0.3237. LAquis SCADA Software is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This may aid in further attacks

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks

An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. LAquis SCADA is a tool and language for data collection, process monitoring, industrial automation, storage and reporting for quality management and application development. LAquis SCADA has a local access bypass vulnerability. With this vulnerability, an attacker can bypass unauthorized security operations by bypassing some security restrictions. CVE-2017-6016 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Other vectors are possible as well. +++++

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. Certec EDV GmbH atvise scada Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Certec EDV GmbH is headquartered in Austria. Atvise is a network-based human-machine interface monitoring and data acquisition system. Cross-site scripting vulnerability exists at Certec EDV GmbH atvise scada. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an uninformed user of the affected site context. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks and to insert a crafted HTTP header into an HTTP response that could cause web server cache poisoning. These issues may aid in further attacks. Versions prior to atvise 3.1 are vulnerable

A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. Certec Atvise scada is a visual OPC UA-based SCADA solution from Certec EDV GmbH, Austria. The solution supports the use of Web technology to achieve hot backup redundancy and visualization of various plug-ins for Web browsers. A cross-site scripting vulnerability exists in Certec Atvise scada 3.0 and earlier. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks and to insert a crafted HTTP header into an HTTP response that could cause web server cache poisoning. These issues may aid in further attacks. Versions prior to atvise 3.1 are vulnerable

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later. Rockwell Automation FactoryTalk Activation Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation is a solution provider for industrial automation, control and information technology. A local privilege elevation vulnerability exists in RockwellAutomationFactoryTalkActivation. FactoryTalk Activation Service 4.00.02 and prior are vulnerable. FactoryTalk Activation is one component used to manage application licenses

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. The former is a set of applications for system monitoring; the latter is a set of applications for incremental backups. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. The following products are affected: PerformA 2.0.14.0 and prior

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. 3S-Smart Software Solutions CODESYS is a PLC (programmable controller) software programming tool from 3S-Smart Software Solutions, Germany

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. 3S-Smart Software Solutions GmbH CODESYS Web Server Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS is a PLC (programmable controller) software programming tool from 3S-Smart Software Solutions, Germany. An attacker could exploit this vulnerability to upload arbitrary files and execute arbitrary code

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. Schneider Electric Modicon PLC Modicon M241 and M251 The firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks