VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202410-1035 CVE-2024-9124 Rockwell Automation  of  PowerFlex 6000T  Exceptional State Check Vulnerability in Firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. Rockwell Automation of PowerFlex 6000T Firmware contains an exceptional state check vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202410-0117 CVE-2024-8884 Schneider Electric System Monitor application information disclosure vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http. Schneider Electric System Monitor application is a system monitoring program in industrial control equipment of Schneider Electric, a French company. Schneider Electric System Monitor application has an information leakage vulnerability. The vulnerability is due to the application's insufficient protection of sensitive information
VAR-202410-0098 CVE-2024-46887 Siemens products have authentication bypass vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. SIMATIC Drive Controllers are designed for the automation of production machines and combine the functionality of a SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is a PC-based version of the SIMATIC S7-1500 controller including optional visualization as well as central I/O in a compact device. SIMATIC S7-1500 CPUs are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 MFP CPUs offer the functionality of standard S7-1500 CPUs with the ability to run C/C++ code in the CPU runtime to execute your own functions/algorithms implemented in C/C++. SIMATIC S7-1500 Software Controller is a SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to emulate PLCs, even in virtualized environments
VAR-202410-0118 CVE-2024-46886 Siemens Multiple Products URL Redirection Vulnerability CVSS V2: 5.0
CVSS V3: 4.7
Severity: Medium
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. SIMATIC Drive Controllers are designed for the automation of production machines and combine the functionality of the SIMATIC S7-1500 CPU and SINAMICS S120 drive control. The SIMATIC ET 200SP Open Controller is a PC-based version of the SIMATIC S7-1500 controller, including optional visualization as well as central I/O in a compact device. Both the SIMATIC S7-1200 CPU and the SIMATIC S7-1500 CPU are designed for discrete and continuous control in industrial environments such as the global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 MFP CPUs offer the functionality of standard S7-1500 CPUs and can run C/C++ code in the CPU runtime to execute your own functions/algorithms implemented in C/C++. The SIMATIC S7-1500 Software Controller is a SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives
VAR-202410-0102 CVE-2024-45476 Siemens'  Tecnomatix Plant Simulation  In  NULL  Pointer dereference vulnerability CVSS V2: -
CVSS V3: 3.3
Severity: Medium
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' Tecnomatix Plant Simulation for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
VAR-202410-0112 CVE-2024-45475 Siemens'  Tecnomatix Plant Simulation  Vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0110 CVE-2024-45474 Siemens'  Tecnomatix Plant Simulation  Vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0106 CVE-2024-45473 Siemens'  Tecnomatix Plant Simulation  Vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0103 CVE-2024-45472 Siemens'  Tecnomatix Plant Simulation  Vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0109 CVE-2024-45471 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files in the wrltojt module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure
VAR-202410-0107 CVE-2024-45470 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0105 CVE-2024-45469 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files in the wrltojt module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure
VAR-202410-0101 CVE-2024-45468 Siemens'  Tecnomatix Plant Simulation  Vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0100 CVE-2024-45467 Siemens'  Tecnomatix Plant Simulation  Vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0104 CVE-2024-45466 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0099 CVE-2024-45465 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0111 CVE-2024-45464 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0108 CVE-2024-45463 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-0128 CVE-2024-41798 Siemens SENTRON PAC Meter Authentication Error Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication. SENTRON PAC Meter is a power measurement device for precise energy management and transparent information collection
VAR-202410-3629 CVE-2024-44674 D-Link Systems, Inc.  of  COVR-2600R  Stack-based buffer overflow vulnerability in firmware CVSS V2: 5.5
CVSS V3: 5.7
Severity: MEDIUM
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. D-Link Systems, Inc. D-Link COVR-2600R is a wireless router from D-Link, a Chinese company. No detailed vulnerability details are currently provided