VARIoT IoT vulnerabilities database
| VAR-202505-2166 | CVE-2025-45858 | TOTOLINK of A3002R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. TOTOLINK of A3002R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202505-2212 | CVE-2025-45867 | TOTOLINK of A3002R Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 4.8 CVSS V3: 5.4 Severity: MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. TOTOLINK of A3002R A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the static_dns1 parameter in the formIpv6Setup interface failing to correctly verify the length of the input data. No detailed vulnerability details are currently available
| VAR-202505-2329 | CVE-2025-45866 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: 4.8 CVSS V3: 5.4 Severity: MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the addrPoolEnd parameter in the formDhcpv6s interface failing to correctly verify the length of the input data. No detailed vulnerability details are currently available
| VAR-202505-2316 | CVE-2025-45864 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: 4.8 CVSS V3: 5.4 Severity: MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the addrPoolStart parameter in the formDhcpv6s interface failing to correctly verify the length of the input data. No detailed vulnerability details are currently available
| VAR-202505-2211 | CVE-2025-45859 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: 4.8 CVSS V3: 5.4 Severity: MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the bandstr parameter in the formMapDelDevice interface to correctly verify the length of the input data. No detailed vulnerability details are currently provided
| VAR-202505-1884 | CVE-2025-32756 | Stack-based buffer overflow vulnerability in multiple Fortinet products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. FortiMail , FortiNDR , FortiRecorder Multiple Fortinet products, including firmware, contain stack-based buffer overflow vulnerabilities and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202505-1599 | CVE-2025-40583 | Siemens' SCALANCE LPE9403 Vulnerability in cleartext transmission of sensitive information in firmware |
CVSS V2: 4.6 CVSS V3: 4.4 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext.
This could allow a privileged local attacker to retrieve this sensitive information. Siemens' SCALANCE LPE9403 A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information may be obtained. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1600 | CVE-2025-40582 | Siemens' SCALANCE LPE9403 in the firmware OS Command injection vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: High |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters.
This could allow a non-privileged local attacker to execute root commands on the device. Siemens' SCALANCE LPE9403 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1597 | CVE-2025-40581 | Siemens' SCALANCE LPE9403 Firmware vulnerabilities |
CVSS V2: 6.2 CVSS V3: 7.1 Severity: High |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass.
This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. Siemens' SCALANCE LPE9403 There are unspecified vulnerabilities in the firmware.Information may be obtained and information may be tampered with. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1595 | CVE-2025-40580 | Siemens' SCALANCE LPE9403 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 6.0 CVSS V3: 6.7 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow.
This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. Siemens' SCALANCE LPE9403 The firmware contains a stack-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1598 | CVE-2025-40579 | Siemens' SCALANCE LPE9403 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 6.0 CVSS V3: 6.7 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow.
This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. Siemens' SCALANCE LPE9403 The firmware contains a stack-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1603 | CVE-2025-40578 | Siemens' SCALANCE LPE9403 Out-of-bounds read vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession.
An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process. Siemens' SCALANCE LPE9403 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data. An attacker could exploit this vulnerability to cause the DCPD process to crash
| VAR-202505-1604 | CVE-2025-40577 | Siemens' SCALANCE LPE9403 Out-of-bounds read vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets.
An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. Siemens' SCALANCE LPE9403 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1601 | CVE-2025-40576 | Siemens' SCALANCE LPE9403 in the firmware NULL Pointer dereference vulnerability |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets.
An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. Siemens' SCALANCE LPE9403 The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1593 | CVE-2025-40575 | Siemens' SCALANCE LPE9403 Firmware vulnerabilities |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets.
An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd
process. Siemens' SCALANCE LPE9403 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data.
The Siemens SCALANCE LPE9403 has a denial of service vulnerability due to improper validation of Profinet packets
| VAR-202505-1602 | CVE-2025-40574 | Siemens' SCALANCE LPE9403 Improper Permission Assignment Vulnerability for Critical Resources in Firmware |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: High |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources.
This could allow a non-privileged local attacker to interact with the backupmanager service. Siemens' SCALANCE LPE9403 A firmware vulnerability related to improper assignment of permissions to critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1596 | CVE-2025-40573 | Siemens' SCALANCE LPE9403 Path traversal vulnerability in firmware |
CVSS V2: 4.6 CVSS V3: 4.4 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks.
This could allow a privileged local attacker to restore backups that are outside the backup folder. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1594 | CVE-2025-40572 | Siemens' SCALANCE LPE9403 Improper Permission Assignment Vulnerability for Critical Resources in Firmware |
CVSS V2: 4.6 CVSS V3: 5.5 Severity: Medium |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources.
This could allow a non-privileged local attacker to access sensitive information stored on the device. Siemens' SCALANCE LPE9403 A firmware vulnerability related to improper assignment of permissions to critical resources.Information may be obtained. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
| VAR-202505-1698 | CVE-2025-40566 | Siemens' SIMATIC PCS neo Session deadline vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. Siemens' SIMATIC PCS neo contains a session expiration vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202505-1581 | CVE-2025-40555 | Siemens APOGEE PXC+TALON TC Series Denial of Service Vulnerability |
CVSS V2: 3.3 CVSS V3: 4.7 Severity: Medium |
A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted device, and potentially reduce the availability of BACnet network. A power cycle is required to restore the device's normal operation. Attackers can exploit this vulnerability to cause a denial of service