VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201403-0358 CVE-2014-0343 Virtual Access GW6110A router privilege escalation vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable. Virtual Access Provided by GW6110A Contains a privilege escalation vulnerability. Virtual Access Provided by GW6110A of Web The administration screen shows the problem of managing user rights (CWE-472) A privilege escalation vulnerability exists. CWE-472: External Control of Assumed-Immutable Web Parameter http://cwe.mitre.org/data/definitions/472.htmlPrivileges may be elevated by users who can log in to the product. As a result, you may be able to access features with administrator privileges. Virtual Access GW6110A routers is a router device. Remote attackers can exploit this issue to gain privileges and perform unauthorized actions
VAR-201403-0714 No CVE Ubee EVW3200 Cross-Site Request Forgery Vulnerability CVSS V2: 3.5
CVSS V3: -
Severity: LOW
The Ubee EVW3200 is a TV broadband cat product. The Ubee EVW3200 has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context.
VAR-201404-0553 CVE-2014-0789 plural Schneider Electric OPC Factory Server Product buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: MEDIUM
Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Zone overflow vulnerability. Allowing a remote attacker to cause a denial of service through the \342\200\230long\342\200\231 parameter. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to cause a denial-of-service condition. The following products are vulnerable: TLXCDSUOFS33 3.5 and prior TLXCDSTOFS33 3.5 and prior TLXCDLUOFS33 3.5 and prior TLXCDLTOFS33 3.5 and prior TLXCDLFOFS33 3.5 and prior. The application features easy integration, custom interface and more
VAR-201403-0549 CVE-2014-0628 EMC RSA BSAFE Micro Edition Suite Service disruption in the server (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. RSA BSAFE Micro Edition Suite (MES) is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. RSA BSAFE Micro Edition Suite (MES) prior 4.0.5 are vulnerable. The toolkit helps developers achieve stable and secure application design. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-011: RSA BSAFE\xae Micro Edition Suite Server Crash Vulnerability EMC Identifier: ESA-2014-011 CVE Identifier: CVE-2014-0628 Severity Rating: CVSS v2 Base Score: 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C) Affected Products: RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.5 Unaffected Products: RSA BSAFE MES all 3.2.x versions Summary: RSA BSAFE MES 4.0.5 contains fix for a security vulnerability that could potentially be exploited by malicious users to deny access to the affected system. Details: This vulnerability may cause unpredictable application behavior resulting in a server crash due to faulty certificate chain processing logic. Recommendation: RSA recommends all customers upgrade to RSA BSAFE MES 4.0.5 at their earliest opportunity. Obtaining Downloads: To request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. Sincerely, RSA Customer Support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlMwP3kACgkQtjd2rKp+ALyJqgCffAZrlwRKpelw7DBIJI4wiMyb d1IAoKKSaOrpCcHKhrcuZQRyIqi8Mzk7 =Tb8D -----END PGP SIGNATURE-----
VAR-201403-0558 No CVE D-Link DIR-600L '/goform/formSetPassword' Cross-Site Request Forgery Vulnerability CVSS V2: 3.5
CVSS V3: -
Severity: LOW
Dlink DIR-600L has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. D-Link DIR-600L is a cloud router product of D-Link. A cross-site request forgery vulnerability exists in D-Link DIR-600L. A remote attacker could use this vulnerability to perform unauthorized operations. Vulnerabilities in D-Link DIR-600L version 5.10, other versions may also be affected. This may lead to further attacks
VAR-201403-0311 CVE-2014-2250 Siemens SIMATIC S7-1200 CPU PLC Vulnerability that breaks cryptographic protection mechanism in random number generation of devices CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. This vulnerability CVE-2014-2251 Is a different vulnerability.A third party could break the cryptographic protection mechanism and hijack the session. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. The Siemens SIMATIC S7-1200 sends a specially crafted packet to TCP port 443, causing an attacker to exploit the vulnerability to put the device into defect mode. Siemens SIMATIC S7-1200 is prone to an entropy weakness. Exploiting this issue can allow attackers to hijack another user's session and gain unauthorized access to the victim's account on the affected application. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany. The vulnerability is caused by the random number generator not having sufficient entropy
VAR-201403-0313 CVE-2014-2252 Siemens SIMATIC S7-1200 Information Disclosure Vulnerability CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. An information disclosure vulnerability exists in the Siemens SIMATIC S7-1200, which can lead to hijacking sessions of another user due to weak entropy related errors in the random generator. Siemens SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1200 4.0.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany
VAR-201403-0315 CVE-2014-2254 Siemens SIMATIC S7-1200 CPU PLC Service disruption on devices (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. Siemens SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany
VAR-201403-0317 CVE-2014-2256 Siemens SIMATIC S7-1200 CPU PLC Service disruption on devices (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. Siemens SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany
VAR-201403-0319 CVE-2014-2258 Siemens SIMATIC S7-1200 CPU PLC Service disruption on devices (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. The SIMATIC S7-1200 sends a specially crafted packet to TCP port 102, causing an error that an attacker can exploit to put the device into defect mode. Siemens SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany
VAR-201403-0326 CVE-2014-2276 EMC Connectrix Manager Converged Network Edition of FileUploadController Vulnerability in collecting important information in servlets CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. Authentication is not required to exploit this vulnerability.The specific flaw exists within the FileUploadController servlet which is part of inmservlets. This vulnerability allows an unauthenticated user to read an arbitrary file on the system. An attacker can use this to either disclose sensitive data or to disclose information about the server that can be used in a subsequent attack. EMC Connectrix is a network switch solution that provides an interface to the Connectrix server to manage and protect devices. Credits: EMC would like to thank Bluesea, working with HP\x92s Zero Day Initiative (http://www.zerodayinitiative.com), for reporting these issues. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlMoR0YACgkQtjd2rKp+ALzE5QCghL+sTXuNSeR0ZvV0nbtTyo+Z kF8An0hLlEaY17xBgZF6AG3hxsTyU8Kj =n1yd -----END PGP SIGNATURE-----
VAR-201404-0677 CVE-2014-2565 Blue Coat Content Analysis System Command line interface arbitrary command execution vulnerability CVSS V2: 6.5
CVSS V3: -
Severity: Medium
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection.". Blue Coat Content Analysis System is prone to a remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. Successful exploits may compromise the affected application. Blue Coat Content Analysis System versions 1.1.1.1, 1.1.2.1, and 1.1.3.1 are vulnerable
VAR-201403-0465 CVE-2014-2119 plural Cisco Security The appliance for Cisco AsyncOS In root Vulnerability to execute arbitrary code with privileges CVSS V2: 8.5
CVSS V3: -
Severity: HIGH
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. The Cisco IronPort family of products is a widely used mail encryption gateway, and AsyncOS is the operating system used by the product. Cisco AsyncOS Software is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code with root privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue is tracked by Cisco BugId's CSCug79377, and CSCug80118. End User Safelist/Blocklist (aka SLBL ) service has a security vulnerability, which stems from the fact that the program does not fully verify the SLBL database file
VAR-201403-0469 CVE-2014-2124 Cisco IOS Service disruption in (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. Cisco Catalyst is an intelligent Ethernet switch developed by Cisco. Catalyst 6500 Series Switches are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf60783
VAR-201403-0551 CVE-2014-1614 CenturyStar ActiveX (CamW2000.dll) SetMyAddress Function Special Parameters Handling Buffer Buffer Overflow Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
CenturyStar is a popular SCADA industrial control software. The SetMyAddress function in the CenturyStar CamW2000.dll ActiveX control has an overflow vulnerability when dealing with specially crafted parameters, allowing remote attackers to exploit exploits to build malicious web pages, tricking users into parsing, crashing an application, or executing arbitrary code. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
VAR-201403-0711 No CVE Multiple vulnerabilities in multiple Array Networks products CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Array Networks is a world-leading application intelligence security company dedicated to providing customers with multi-layer network security and application solutions. There are several security vulnerabilities in the Array Networks vxAG / xAPV product: 1. The /etc/master.passwd file contains the default shell user and password, allowing an attacker to crack access to account information and gain unauthorized access to the device. 2. The \"sync\" user contains the private key information in the \"~/.ssh/id_dsa\" file, allowing the attacker to obtain the key and unauthorized access to the device. This may aid in further attacks
VAR-201403-0212 CVE-2014-0708 Cisco WebEx Business Suite of WebEx Meeting Center Vulnerability in which important information is obtained CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272. Cisco WebEx Business Suite is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCul98272. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more
VAR-201403-0466 CVE-2014-2120 Cisco Adaptive Security Appliance Software WebVPN Cross-site scripting vulnerability in login page CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun19025
VAR-201403-0467 CVE-2014-2121 Cisco Hosted Collaboration Solution of Java Service disruption in base software (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643. Vendors have confirmed this vulnerability Bug ID CSCug77633 , CSCug77667 , CSCug78266 , CSCug82795 and CSCuh58643 It is released as.Service disruption by a third party (TCP Port closure ) There is a possibility of being put into a state. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue is being tracked by Cisco Bug ID's CSCug77633, CSCug77667, CSCug78266, CSCug82795 and CSCuh58643. The solution includes products such as Cisco TelePresence, Customer Collaboration (Contact Center) and Unified Communications to support customers to use collaboration technology in public cloud, private cloud and hybrid cloud models. A denial of service vulnerability exists in the Java-based software of Cisco HCS. A remote attacker can exploit this vulnerability to close the TCP port
VAR-201403-0468 CVE-2014-2122 Cisco Hosted Collaboration Solution of Impact Server GUI Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999. Vendors have confirmed this vulnerability Bug ID CSCub58999 It is released as.Service disruption by a third party ( Memory consumption ) There is a possibility of being put into a state. Cisco Hosted Collaboration Solution is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to hang intermittently, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCub58999. The solution includes products such as Cisco TelePresence, Customer Collaboration (Contact Center) and Unified Communications to support customers to use collaboration technology in public cloud, private cloud and hybrid cloud models