VARIoT IoT vulnerabilities database

VAR-202303-0901 | CVE-2023-27401 | Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-0929 | CVE-2023-27589 | MinIO Security hole |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`
VAR-202303-0900 | CVE-2023-27400 | Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-0896 | CVE-2023-27406 | Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20449). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-0895 | CVE-2023-27404 | Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-1219 | CVE-2023-0021 | SAP NetWeaver Cross-site scripting vulnerability |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
VAR-202303-0899 | CVE-2023-27405 | Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-0903 | CVE-2023-27399 | Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-0902 | CVE-2023-27403 | Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
VAR-202303-1040 | CVE-2023-24762 | D-Link DIR-867 Security hole |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.
VAR-202303-0880 | CVE-2023-25283 | D-Link DIR820LA1 Buffer error vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp
VAR-202303-1237 | CVE-2023-25279 | D-Link DIR820LA1 Security hole |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.
VAR-202303-0785 | CVE-2022-37939 | Hewlett Packard Enterprise Superdome Flex Server Information disclosure vulnerability |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8
VAR-202303-0603 | CVE-2023-25395 | TOTOLINK A7100RU Operating system command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability
VAR-202303-0336 | CVE-2022-39953 | Fortinet FortiNAC Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection.
Fortinet FortiNAC has a security vulnerability that stems from improper privilege management
VAR-202303-0444 | CVE-2022-40676 | Fortinet FortiNAC Cross-site scripting vulnerability |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
VAR-202303-0165 | CVE-2023-1257 | Moxa UC Security hole |
CVSS V2: - CVSS V3: 6.8 Severity: MEDIUM |
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system
VAR-202303-0357 | CVE-2023-20079 | Cisco IP Phone Buffer error vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory
VAR-202303-0475 | CVE-2023-20078 | Cisco IP Phone Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory
VAR-202302-1614 | CVE-2023-20075 | Cisco Secure Email Operating system command injection vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8