VARIoT IoT vulnerabilities database

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. This issue is being tracked by Cisco Bug ID CSCuh87410. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. Vendors have confirmed this vulnerability Bug ID CSCuh84870 It is released as.Crafted by remotely authenticated users URL You may get important information through. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCuh84870. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures. A remote attacker can exploit this vulnerability to obtain sensitive information through a specially crafted URL

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380. Vendors have confirmed this vulnerability Bug ID CSCuh87398 ,and CSCuh87380 It is released as.A third party may be able to obtain important information via a crafted packet. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug IDs CSCuh87398 and CSCuh87380. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503. Vendors have confirmed this vulnerability Bug ID CSCuq31503 It is released as.Skillfully crafted by a third party URL There is a possibility to change the product through. Attackers can exploit this issue to make changes to the affected system and bypass security restrictions. This issue is being tracked by Cisco Bug ID CSCuq31503

Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. plural F5 BIG-IP Product Configuration Utility tmui/dashboard/echo.jsp Contains a cross-site scripting vulnerability.By any third party Web Script or HTML May be inserted. Multiple F5 BIG-IP Products are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. 0 to 11.4.1 and 10.1.0 to 10.2.4, Enterprise Manager 3.0.0 to 3.1.1 and 2.1.0 to 2.3.0

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address. Multiple F5 Networks products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. The following products and versions are affected: F5 BIG-IP 11.6 prior to 11.6.0, 11.5.1 prior to HF3, 11.5.0 prior to HF4, 11.4.1 prior to HF4, 11.4.0 prior to HF7, 11.3 prior to HF9. 0 version, 11.2.1 version before HF11, and 3.x version before Enterprise Manager 3.1.1 HF2

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897. Cisco 1800 Series are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the device unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCul77897. Cisco IOS on Cisco 1800 ISR is a set of operating systems run by Cisco 1800 ISR series routers

Pebble is a smart watch that supports dual systems for Android and iOS. A denial of service vulnerability exists in Pebble Smartwatch for Android/iOS. Allows a remote attacker to cause a factory reset on the device.

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are vulnerable: Wonderware Information Server 4.0 SP1 Wonderware Information Server 4.5 Portal Wonderware Information Server 5.0 Portal Wonderware Information Server 5.5 Portal. The program supports dashboards, pre-designed industrial activity reports, etc., and provides processes for analysis or write-back mechanisms

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric Wonderware Information Server (WIS) Any file can be read or service disruption (DoS) There are vulnerabilities that are put into a state. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. Invensys Wonderware Information Server has an information disclosure vulnerability that can be exploited by local attackers to obtain sensitive information. The program supports dashboards, pre-designed industrial activity reports, etc., and provides processes for analysis or write-back mechanisms. A security vulnerability exists in Schneider Electric WIS Portal versions 4.0 SP1 to 5.5

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Invensys Wonderware Information Server can centrally reflect web management solutions for production management. Allows an attacker to compromise the application, access or modify data, or exploit potential vulnerabilities in the underlying database. The program supports dashboards, pre-designed industrial activity reports, etc., and provides processes for analysis or write-back mechanisms

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Supplementary information : CWE Vulnerability types by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. http://cwe.mitre.org/data/definitions/326.htmlBy reading the authentication information file, a third party may obtain important information. Wonderware Information Server easily integrates factory performance metrics and operations, maintenance, and engineering production data collection and display through a network solution. Attackers use vulnerabilities to view encrypted data and obtain sensitive information. This may lead to other attacks. The program supports dashboards, pre-designed industrial activity reports, etc., and provides processes for analysis or write-back mechanisms

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Supplementary information : CWE Vulnerability type by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. http://cwe.mitre.org/data/definitions/326.htmlIf a third party reads the authentication information file, important information may be obtained. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. This may lead to other attacks. The program supports dashboards, pre-designed industrial activity reports, etc., and provides processes for analysis or write-back mechanisms

Grand MA 300 allows a brute-force attack on the PIN. Grand MA 300 Contains a vulnerability related to insufficient protection of credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Grand MA 300 has a security hole in which the program fails to encrypt the pin in the network and wigand communication, allowing the attacker to sniff sensitive information and allow the attacker to brute force the PIN. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-force attacks on pin to gain unauthorized access. This may aid in other attacks

Grand MA 300 allows retrieval of the access PIN from sniffed data. Grand MA 300 Contains a vulnerability in sending sensitive information in the clear.Information may be obtained. The Grand MA 300 has a security hole in which the program fails to encrypt the pin in the network and wigand communication, allowing the attacker to sniff sensitive information and allow the attacker to brute force the PIN. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-force attacks on pin to gain unauthorized access. This may aid in other attacks

The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. ePAQ-9410 Substation Gateway Serial-Connected device has a local denial of service vulnerability due to failure to properly validate user-supplied input. An attacker could exploit this vulnerability to crash an affected device and initiate a denial of service attack. Note: This issue affects the IP connected devices. CG Automation ePAQ-9410 Substation Gateway is a substation gateway product deployed in the energy sector by CG Automation in the United States. A security vulnerability exists in the DNP3 driver in the CG Automation ePAQ-9410 Substation Gateway

The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted manually to clear the condition. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. An attacker could exploit this vulnerability to crash an affected device and deny service to a legitimate user. Note: To exploit this issue local access to the serial-based outstation is required

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563. Vendors have confirmed this vulnerability Bug ID CSCuq31129 , CSCuq31134 , CSCuq31137 ,and CSCuq31563 It is released as.Unspecified by a third party Any via parameter Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750. Vendors have confirmed this vulnerability Bug ID CSCup77750 It is released as.Denial of service operation via a packet crafted by a third party ( Chip and card hang ) There is a possibility of being put into a state. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. A denial of service vulnerability exists in Cisco IOS. Allowing an attacker to exploit this vulnerability causes the NP chip and line card on the affected device to lock and reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCup77750. The vulnerability comes from the fact that the program does not correctly perform NetFlow sampling of data packets (including the multicast destination MAC address)

Multiple D-Link Products are prone to the following security vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. A cross-site request-forgery vulnerability 4. An user-enumeration weakness An attacker can exploit these issues to perform certain unauthorized actions, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks.