VARIoT IoT vulnerabilities database

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. Kabona AB WDC is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. An attacker could use this vulnerability to redirect a user to a malicious page. Kabona AB WDC is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism

Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. Siemens Automation License Manager (ALM) is a software that centrally manages license keys for various Siemens software products. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. A denial-of-service vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and create, delete or move arbitrary files from the system, or cause denial-of-service condition

SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. Siemens Automation License Manager (ALM) is a software that centrally manages license keys for various Siemens software products. A remote attacker could use the vulnerability to access the 4410 / TCP port to read and write ALM configuration information, posing a sensitive information leak. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. A denial-of-service vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and create, delete or move arbitrary files from the system, or cause denial-of-service condition

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. Supplementary information : CWE Vulnerability types by CWE-254: Security Features ( Security features ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlLocal users can use file access to brute force (brute-force) Performing an attack could yield important information. Siemens SIMATIC is an automation software in a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. SIMATIC STEP 7 (TIA Portal) is prone to mutliple local information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. All versions of SIMATIC STEP 7 (TIA Portal) v14 are affected. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. SIMATIC STEP 7 (TIA Portal) is prone to mutliple local information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. All versions of SIMATIC STEP 7 (TIA Portal) v14 are affected. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more

An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. OSIsoft is the world's leading provider of real-time performance management software (RtPM ™) suites. Unauthenticated attackers can use this vulnerability to access affected devices. This may aid in further attacks

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. An unauthorized information disclosure vulnerability exists in AVTECH devices. Since the cgi-bin/ directory does not have authentication rights set, unauthorized attackers are allowed access to obtain sensitive information.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a command injection vulnerability in AVTECHDVR. Since the interface query function does not filter and verify the input parameters, an unauthenticated attacker can exploit the vulnerability to execute arbitrary system commands with root privileges.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a file download vulnerability in AVTECH devices. Since the stream file request verified by the streamdweb server searches for the \".cab\" string through the strstr function in the URL, the unauthenticated attacker exploits the vulnerability to download any file including the cgi script on the webroot, which constitutes a sensitive information leak.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. The AVTECH device PwdGrp.cgi has a verification command injection vulnerability. The PwdGrp.cgi script can modify the username, password, and group parameters with unauthenticated or processed system commands to create new or modify users. An attacker exploits a vulnerability to execute arbitrary system commands with root privileges.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a server side request forgery (SSRF) vulnerability in AVTECHDVR. Search.cgi provides search and access services for network cameras on the local network. Since an unauthenticated attacker can directly access the search interface, an attacker can exploit the vulnerability by modifying the IP, port, and queryb64str parameters to perform arbitrary HTTP requests on the DVR device.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. The AVTECH device adcommand.cgi has a verification command injection vulnerability. The Avtech device includes an adcommand.cgi script to execute ActionD commands that can be accessed by authentication. In the new device, the ActionD daemon provides a system call that the DoShellCmd function uses to execute the specified parameters. Since the DoShellCmd function is not verified or whitelisted, the attacker can use the vulnerability to execute arbitrary commands of the system with root privileges.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. The HTTPTECH device has a HTTPS protocol certificate validation vulnerability. The SyncCloudAccount.sh, QueryFromClient.sh, and SyncPermit.sh scripts use wget to access the HTTPS website. By specifying the no-check-certificate parameter, an attacker exploits a vulnerability to bypass server certificate verification for a man-in-the-middle attack on HTTPS traffic.

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a login verification code bypass vulnerability in AVTECH device cookies. The AVTECH device uses the base64 encoded username and password as the value of the cookie instead of the random session ID. When the logged in user's IP address is not stored, the attacker exploits the vulnerability to manually set the cookie value, bypassing the login verification code verification.

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure. plural Moxa ioLogik Since the product sends passwords in a format that is not secure enough, an unspecified impact vulnerability exists.It may be affected unspecified. Moxa ioLogik E1210 and others are remote Ethernet I / O products that provide bridge monitoring functions from Moxa. There are security holes in several Moxa products. A remote attacker could use this vulnerability to execute arbitrary code, modify parameters and settings, or restart the device. 1. A cross-site request forgery vulnerability 2. A cross-site scripting vulnerability 3. Multiple security-bypass vulnerabilities An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials,bypass security restrictions and perform unauthorized actions in the context of the affected application. Other attacks are also possible

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. Users are restricted to using short passwords. plural Moxa ioLogik The product contains vulnerabilities that are unspecified. The MoxaioLogikE1200 is a smart Ethernet I/O product from Moxa. A security vulnerability exists in MoxaioLogikE1200 that allows an attacker to exploit arbitrary script code on a browser of an uninformed user in the context of the affected site. 1. A cross-site request forgery vulnerability 2. A cross-site scripting vulnerability 3. Other attacks are also possible

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). Moxa ioLogik E1210 and others are remote Ethernet I / O products that provide bridge monitoring functions from Moxa. A remote attacker could use this vulnerability to perform unauthorized operations. Moxa ioLogik is prone to the following security vulnerabilities. 1. A cross-site scripting vulnerability 3. Multiple security-bypass vulnerabilities An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials,bypass security restrictions and perform unauthorized actions in the context of the affected application. Other attacks are also possible

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING). Moxa ioLogik E1210 and others are remote Ethernet I / O products that provide bridge monitoring functions from Moxa. Cross-site scripting vulnerabilities exist in several Moxa products. 1. A cross-site request forgery vulnerability 2. Other attacks are also possible

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32). (DoS) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCva03095 It is released as.Service disruption by a third party (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to impact the performance of the device , causing a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCva03095. This software is mainly used in the link environment with small bandwidth and large delay. A remote attacker could exploit this vulnerability by continuously sending a stream of data to the target system to cause a denial of service