VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202409-1200 CVE-2024-46049 Shenzhen Tenda Technology Co.,Ltd.  of  o6  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. Shenzhen Tenda Technology Co.,Ltd. of o6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O6 is a wireless bridge from China's Tenda company. No detailed vulnerability details are currently available
VAR-202409-0787 CVE-2024-46048 Shenzhen Tenda Technology Co.,Ltd.  of  fh451  Command injection vulnerability in firmware CVSS V2: 8.3
CVSS V3: 9.8
Severity: CRITICAL
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i. Shenzhen Tenda Technology Co.,Ltd. of fh451 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202409-0809 CVE-2024-46047 Shenzhen Tenda Technology Co.,Ltd.  of  fh451  Out-of-bounds write vulnerability in firmware CVSS V2: 6.1
CVSS V3: 7.5
Severity: HIGH
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of fh451 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202409-0810 CVE-2024-46046 Shenzhen Tenda Technology Co.,Ltd.  of  fh451  Out-of-bounds write vulnerability in firmware CVSS V2: 6.1
CVSS V3: 9.8
Severity: CRITICAL
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. Shenzhen Tenda Technology Co.,Ltd. of fh451 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH451 has a buffer overflow vulnerability, which can be exploited by attackers to overflow the buffer and execute arbitrary code on the system or cause the application to crash
VAR-202409-1127 CVE-2024-46045 Shenzhen Tenda Technology Co.,Ltd.  of  ch22  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Shenzhen Tenda Technology Co.,Ltd. of ch22 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided
VAR-202409-1009 CVE-2024-46044 Shenzhen Tenda Technology Co.,Ltd.  of  ch22  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Shenzhen Tenda Technology Co.,Ltd. of ch22 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present
VAR-202409-1227 CVE-2024-46679 Linux  of  Linux Kernel  Vulnerability in CVSS V2: 7.2
CVSS V3: 4.7
Severity: MEDIUM
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers. Linux of Linux Kernel Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues
VAR-202409-2266 No CVE Zhejiang Uniview Technology Co., Ltd. NVR301-08-P8 has an information leakage vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
NVR301-08-P8 is an NVR recorder device produced by Zhejiang Uniview Technology Co., Ltd. Zhejiang Uniview Technology Co., Ltd. NVR301-08-P8 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202409-0396 CVE-2024-34057 Triangle MicroWorks  of  iec 61850 source code library  Classic buffer overflow vulnerabilities in products from multiple vendors CVSS V2: 8.5
CVSS V3: 7.5
Severity: HIGH
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. Triangle MicroWorks of iec 61850 source code library Classic buffer overflow vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. SICAM 8 Power automation platform is a universal, hardware- and software-based, all-in-one solution for all applications in the field of power supply. SICAM A8000 RTUs (Remote Terminal Units) are modular devices for remote control and automation applications in all areas of energy supply. SICAM EGS (Enhanced Grid Sensor) is a gateway for local substations in distribution networks. SICAM SCC is a process and visualization system for energy automation solutions. SITIPE AT (Automated Testing) is a computer-aided test system for integrating and simplifying functional test procedures for substation automation, remote control and protection panels manufactured by Siemens. A buffer overflow vulnerability exists in third-party components of Siemens SICAM and SITIPE products. An attacker can exploit this vulnerability to create a denial of service condition by sending a specially crafted MMS message
VAR-202409-0797 CVE-2024-7961 Rockwell Automation  of  Pavilion8  Past traversal vulnerability in CVSS V2: 9.0
CVSS V3: 9.8
Severity: CRITICAL
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. (DoS) It may be in a state. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation in the United States. The vulnerability is caused by the program failing to properly filter special elements in resource or file paths
VAR-202409-0743 CVE-2024-7960 Rockwell Automation  of  Pavilion8  Vulnerability in CVSS V2: 8.0
CVSS V3: 9.1
Severity: CRITICAL
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. Rockwell Automation of Pavilion8 Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation, an American company
VAR-202409-1723 CVE-2024-45826 Rockwell Automation  of  thinmanager  Vulnerability in externally controllable references to resources in another region of CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time
VAR-202409-1722 CVE-2024-45825 Rockwell Automation  of  5015-u8ihft  Firmware vulnerabilities CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. Rockwell Automation of 5015-u8ihft There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Rockwell Automation 5015-U8IHFT is a universal module of Rockwell Automation, USA. Rockwell Automation 5015-U8IHFT has a denial of service vulnerability, which can be exploited by attackers to cause denial of service by sending specially crafted data packets to CIP security objects
VAR-202409-2108 CVE-2024-45824 Rockwell Automation  of  FactoryTalk View  Command injection vulnerability in CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. Rockwell Automation of FactoryTalk View Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View Site Edition is an integrated software package of Rockwell Automation, Inc., USA. It is used for development and operation
VAR-202409-1266 CVE-2023-36103 Shenzhen Tenda Technology Co.,Ltd.  of  AC15  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202409-0961 CVE-2024-36511 fortinet's  FortiADC  Vulnerability in CVSS V2: 2.6
CVSS V3: 3.7
Severity: LOW
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature. fortinet's FortiADC Exists in unspecified vulnerabilities.Information may be obtained. Fortinet FortiADC is an application delivery controller of Fortinet. Fortinet FortiADC has a security feature vulnerability, which is caused by improper implementation of security checks
VAR-202409-0983 CVE-2024-31490 fortinet's  FortiSandbox  Vulnerability in CVSS V2: -
CVSS V3: 4.3
Severity: MEDIUM
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2.2 through 3.2.4, FortiSandbox 3.1.5 allows attacker to information disclosure via HTTP get requests. fortinet's FortiSandbox Exists in unspecified vulnerabilities.Information may be obtained
VAR-202409-0295 CVE-2024-44087 Siemens Automation License Manager Denial of Service Vulnerability CVSS V2: 7.8
CVSS V3: 8.6
Severity: Critical
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification
VAR-202409-0311 CVE-2024-43781 Siemens SINUMERIK system log information leakage vulnerability CVSS V2: 4.9
CVSS V3: 5.5
Severity: Medium
A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions. SINUMERIK CNC provides automation solutions for workshops, shops and large-scale batch production environments. SINUMERIK ONE is a digital native CNC system with an integrated SIMATIC S7-1500 CPU for automation
VAR-202409-0292 CVE-2024-43647 Siemens SIMATIC S7-200 SMART Devices Denial of Service Vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: High
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged. The S7-200 SMART series is a series of micro programmable logic controllers that can control a variety of small automation applications