VARIoT IoT vulnerabilities database

ABB is a leader in power and automation technology among the world's top 500 companies. ABB RobotWare has multiple buffer overflow vulnerabilities that allow an attacker to exploit this vulnerability to execute arbitrary code in the context of an affected application. ABB is prone to following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. A remote code-execution vulnerability 3. The following versions are affected: RobotWare 5.x versions prior to 5.15.13 RobotWare 5.6x versions prior t o 5.61.07 RobotWare 6.x versions prior to 6.0 4 .0 0

Zhejiang Dahua Technology Co., Ltd. is a monitoring product supplier and solution service provider. Zhejiang Dahua Technology Co., Ltd.'s urban security monitoring DSS system has a weak database password vulnerability. Attackers can use the vulnerability to obtain database data.

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. Schneider Electric ConneXium is a network firewall of the French company Schneider Electric. A remote attacker could use this vulnerability to execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The following ConneXium firewall versions are vulnerable: TCSEFEC23F3F20 TCSEFEC23F3F21 TCSEFEC23FCF20 TCSEFEC23FCF21 TCSEFEC2CF3F20

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning. There is. Apple iOS and macOS are prone to a local code-execution vulnerability. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. The following products and versions are affected: Apple watchOS prior to 3.1, tvOS prior to 10.0.1, iOS prior to 10.1, and macOS Sierra prior to 10.12.1

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-275: Permission Issues ( Permission issues ) and CWE-388: Error Handling ( Error handling ) Has been identified. https://cwe.mitre.org/data/definitions/275.html https://cwe.mitre.org/data/definitions/388.htmlAndroid In the framework of wifi-service.jar Could cause unintended configuration messages to be processed by. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. An information modification vulnerability exists in Samsung Galaxy S4 to S7 devices due to a failure of the program to verify the BroadcastReceiver response. An attacker could exploit the vulnerability to illegally change configuration information. Remote attackers can exploit this issue to cause a denial-of-service condition

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. The SamsungGalaxyS4 to S7 device has an unauthorized modification vulnerability. The vulnerability stems from the program's ignoring of security information embedded in OMACP information. The remote attacker can use this vulnerability to receive, parse, and process unknown WAPSushSMS information, resulting in unauthorized modification of configuration information. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy S4 through S7 devices are vulnerable

WebAccess can establish an information management platform for users, and simultaneously improve the efficiency of vertical market management development. HMI / SCADA software webaccess has 4 dll hijack vulnerabilities. When bwopctool.dll, bwabout.dll, BwPAlarm.dll, Webvsid.dll are automatically loaded, Webvrpcs.exe will not verify these dlls, and attackers can place malicious dll files In the directory of the process, the system is attacked. You can download it from http://www.advantech.com.cn/industrial-automation/webaccess/download. This page downloads three versions of webaccess. Any version of webaccess is affected. After installing webaccess, run the batch provided by the word document directly. After processing the file, you can see the effect of dll hijack, and a calculator will pop up after success

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. A denial of service vulnerability exists in Samsung Galaxy S4 to S7 devices. Remote attackers can exploit this issue to cause a denial-of-service condition

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets. NetIronOS is a power service network solution. Brocade NetIron OS is prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Brocade NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a are vulnerable

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) and CWE-388: Error Handling ( Error handling ) Has been identified. https://cwe.mitre.org/data/definitions/190.html https://cwe.mitre.org/data/definitions/388.htmlService operation interruption ( Heap memory corruption ) Could be put into a state and execute arbitrary code. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. When a program parses OMACP (including WAPSSMS information) information, an attacker can exploit the vulnerability to cause a denial of service (heap corruption) or remote code execution. Failed exploit attempts will likely cause denial-of-service conditions

An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. Honeywell Experion PKS has a denial of service vulnerability. An attacker could exploit this vulnerability to trigger a denial of service attack

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to an information-disclosure vulnerability and multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iTunes for Windows is a set of media player applications based on the Windows platform of Apple (Apple), which is mainly used for playing and managing digital music and video files. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.1; Safari prior to 10.0.1; Windows-based iCloud prior to 6.0.1; Windows-based iTunes prior to 12.5.2; tvOS 10.0.1 previous version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 iCloud for Windows v6.0.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An input validation issue was addressed through improved state management. CVE-2016-4613: Chris Palmer WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-7578: Apple Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYElaQAAoJEIOj74w0bLRGydAP/A7CkkToap07bACp6iVYcQwO LRcILJJzCgQpXU4w95HA4w5iSlV08/PhFsIHb+nrQ4QM9TgUCPx7tlVTw+FUOCUy 1MyYNZCZs66B5w0lZla7unN76SPpt4m2fpz7b6SyTbpkrNuIvb/JC1AQoZOWz1za WBpS9argB+Nhk3HoG/PCGIQT2+iMicKLkK5ltbTGx0OK/hyRd8OM1qtU+z1OijV2 HRZek6yCR5h/4VJroBoyK3KqAashiEjGG7En9CHu3x2WLH9au62TVo74ugssfo3f gKuyBn8RZg8uFEo/iuBTNuU6rnoGQlY1YwNbyyAWlLuY2D0zgI3K9eREi6/T8LaO RJ6vz79hJHqfJIvMGGPZB9k4fWkBZemqhqfgW7RMBD7iBSYmoCIAbh679c12aik4 EF3rGTww+/3vdH3/Tb6w+5LTjIWjaYK05FInfzH2wY5sXT470VL946X6ueQysXOW kZ//jXIG52zS4pITnR+TPS5Ed9Xrwl6QhMtnSlPOmaUiuZyfmf6hxNmc9jkO9qs8 wIUeDOk83pVfOkrdEG1YUaHM35ntKEpqUFAtcgai0Z9DGtXMKiqikMLJMD8fdJ3g VPUWeZWA28cWZkv9RCNtVm/LZ0orVczUQZIdsThbfb5Kgi1YcG+BdT1+jfJvuiFt cmmT4qoVmcLgqmd0UR8Z =qqLM -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1

An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. WebKit is prone to an information-disclosure vulnerability and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts. A memory corruption vulnerability exists in the WebKit component of Apple iCloud versions prior to 6.0.1 on Windows platforms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 iCloud for Windows v6.0.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An input validation issue was addressed through improved state management. CVE-2016-4613: Chris Palmer WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-7578: Apple Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYElaQAAoJEIOj74w0bLRGydAP/A7CkkToap07bACp6iVYcQwO LRcILJJzCgQpXU4w95HA4w5iSlV08/PhFsIHb+nrQ4QM9TgUCPx7tlVTw+FUOCUy 1MyYNZCZs66B5w0lZla7unN76SPpt4m2fpz7b6SyTbpkrNuIvb/JC1AQoZOWz1za WBpS9argB+Nhk3HoG/PCGIQT2+iMicKLkK5ltbTGx0OK/hyRd8OM1qtU+z1OijV2 HRZek6yCR5h/4VJroBoyK3KqAashiEjGG7En9CHu3x2WLH9au62TVo74ugssfo3f gKuyBn8RZg8uFEo/iuBTNuU6rnoGQlY1YwNbyyAWlLuY2D0zgI3K9eREi6/T8LaO RJ6vz79hJHqfJIvMGGPZB9k4fWkBZemqhqfgW7RMBD7iBSYmoCIAbh679c12aik4 EF3rGTww+/3vdH3/Tb6w+5LTjIWjaYK05FInfzH2wY5sXT470VL946X6ueQysXOW kZ//jXIG52zS4pITnR+TPS5Ed9Xrwl6QhMtnSlPOmaUiuZyfmf6hxNmc9jkO9qs8 wIUeDOk83pVfOkrdEG1YUaHM35ntKEpqUFAtcgai0Z9DGtXMKiqikMLJMD8fdJ3g VPUWeZWA28cWZkv9RCNtVm/LZ0orVczUQZIdsThbfb5Kgi1YcG+BdT1+jfJvuiFt cmmT4qoVmcLgqmd0UR8Z =qqLM -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1

Schneider Electric Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. After the configuration software is connected to the PLC, all computers that have successfully connected to the PLC can operate the PLC through the coil writing operation of the 90 function code. As a result, the verification process of the PLC will be bypassed and there will be security loopholes. An unauthorized operation was performed due to certain security restrictions

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). Vendors have confirmed this vulnerability Bug ID CSCva38636 It is released as.Local users may be able to elevate the privileges associated with the session. A local attacker may exploit this issue to gain elevated privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCva38636. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). Vendors have confirmed this vulnerability Bug ID CSCva46644 It is released as.By a third party UMS The setting parameters of the system may be changed and the system may become unusable. Cisco IP Interoperability and Collaboration System is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCva46644. Cisco IP Interoperability and Collaboration System 4.8(1) through 4.10(1) are vulnerable. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents. An authentication bypass vulnerability exists in Cisco IPICS Versions 4.8(1) through 4.10(1) of Universal Media Services

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCut43061,CSCut43066,CSCut43736,CSCut43738,CSCut43741,CSCut43745,CSCut43748,CSCut43751,CSCut43756,CSCut43759,CSCut43764 and CSCut43766. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuz63143 It is released as.Service disruption by a third party (DoS) Status and scanning and email forwarding will be stopped There is a possibility. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to restart the device, resulting in denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuz63143

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. Vendors have confirmed this vulnerability Bug ID CSCux59873 It is released as.Service disruption by a third party (DoS) There is a possibility of being put into a state. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCux59873. The following versions are affected: Cisco AsyncOS Software for Cisco ESA 8.5.6-106, 9.1.0-032, 9.7.0-125