VARIoT IoT vulnerabilities database
| VAR-202207-1100 | CVE-2022-35873 | Inductive Automation Ignition Code Injection Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949. Inductive Automation of Ignition Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection and analysis
| VAR-202207-1071 | CVE-2022-35872 | Inductive Automation of Ignition Untrusted Data Deserialization Vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115. (DoS) It may be in a state. Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analysis. The vulnerability is caused by insecure input validation when processing serialized data
| VAR-202207-0969 | CVE-2022-23141 | ZTE of zxmp m721 Vulnerability related to information disclosure from log files in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. ZTE of zxmp m721 Firmware contains an information disclosure vulnerability from log files.Information may be obtained. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) equipment of China ZTE Corporation (ZTE)
| VAR-202207-1096 | CVE-2022-2324 | SonicWALL of email security Spoofing authentication evasion vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions. SonicWALL of email security Exists in spoofing authentication evasion vulnerabilities.Information may be tampered with
| VAR-202207-1128 | CVE-2022-35869 | Inductive Automation of Ignition Authentication Bypass Vulnerability Using Alternate Paths or Channels in |
CVSS V2: 7.5 CVSS V3: 7.5 Severity: HIGH |
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211. (DoS) It may be in a state. Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection and analysis. Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet specific needs
| VAR-202207-1149 | CVE-2022-35890 | Inductive Automation of Ignition Fraud related to unauthorized authentication in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. Inductive Automation of Ignition Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection and analysis. Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet specific needs.
Inductive Automation Ignition versions prior to 7.9.20, 8.0.1 and later, and versions prior to 8.1.17 have an access control error vulnerability, which is caused by improper handling of session IDs in the designer and visual clients. Attackers can exploit the vulnerability to hijack sessions
| VAR-202207-2123 | No CVE | Command execution vulnerability in Pisces Hotspot Gateway |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Pisces Hotspot Gateway is a gateway product.
A command execution vulnerability exists in Pisces Hotspot Gateway that could allow an attacker to gain control of the server.
| VAR-202207-1127 | CVE-2022-35870 | Inductive Automation of Ignition Untrusted Data Deserialization Vulnerability in |
CVSS V2: 6.4 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265. (DoS) It may be in a state. Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection and analysis. No detailed vulnerability details are available at this time
| VAR-202207-0880 | CVE-2022-30024 | plural TP-LINK Technologies Classic buffer overflow vulnerability in the product |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. tl-wr841 firmware, TL-WR841N firmware, tl-wr841n(eu) firmware etc. TP-LINK Technologies The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK TL-WR841N is a wireless router from China Pulian (TP-LINK) company
| VAR-202207-0990 | CVE-2022-22477 | IBM WebSphere Application Server Cross-Site Scripting Vulnerability |
CVSS V2: 6.4 CVSS V3: 6.1 Severity: MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. Vendor exploits this vulnerability IBM X-Force ID: 225605 It is published as.Information may be obtained and information may be tampered with. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An attacker could exploit this vulnerability to execute JavaScript code on the client side
| VAR-202207-0962 | CVE-2022-22473 | IBM WebSphere Application Server Vulnerability in |
CVSS V2: 5.0 CVSS V3: 3.7 Severity: LOW |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 225347 It is published as.Information may be obtained. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform
| VAR-202207-0863 | CVE-2022-22209 | Juniper Networks Junos OS Vulnerability regarding lack of memory release after expiration in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1
| VAR-202207-0944 | CVE-2022-2069 | Siemens Teamcenter Visualization Buffer error vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens Datalogics File Parsing Vulnerability
| VAR-202207-0967 | CVE-2022-22212 | Juniper Networks Junos OS Evolved Vulnerability in resource allocation without restrictions or throttling in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on a PFE. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.2R1. The operating system provides a secure programming interface and Junos SDK
| VAR-202207-0986 | CVE-2022-22214 | Juniper Networks Junos OS and Junos OS Evolved Input verification vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-S1-EVO, 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK
| VAR-202207-0917 | CVE-2022-22215 | Juniper Networks Junos OS and Junos OS Evolved Vulnerability regarding lack of resource release after valid lifetime in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/<pid>.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid <pid> (<process>), uid <uid> inumber <number> on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host <process>[<pid>]: ... : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. So the following check needs to be done: user@host> show system storage no-forwarding Filesystem Size Used Avail Capacity Mounted on /dev/ada1p1 475M 300M 137M 69% /.mount/var which indicates that the write error is not actually due to a lack of disk space. If either 1. or 2. has been confirmed, then the output of: user@host> file list /var/run/*.env | count need to be checked and if it indicates a high (>10000) number of files the system has been affected by this issue. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO
| VAR-202207-0915 | CVE-2022-22213 | Juniper Networks Junos OS and Junos OS Evolved Vulnerability in |
CVSS V2: - CVSS V3: 5.9 Severity: MEDIUM |
A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from the fact that an attacker can cause a fatal error in Junos OS through BGP Update, resulting in a denial of service
| VAR-202207-0903 | CVE-2022-33692 | Samsung Message App Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Samsung Message App is a messaging feature for Samsung (SAMSUNG) mobile devices.
An information disclosure vulnerability exists in the Samsung Message App that stems from exposing sensitive information while the app is messaging. Attackers can exploit this vulnerability to access IMSI and ICCID through logs
| VAR-202207-0763 | CVE-2022-22682 | Synology Calendar Cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors
| VAR-202207-0732 | CVE-2021-40013 | HUAWEI EMUI Authorization problem vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. HUAWEI EMUI/Magic UI is a mobile operating system developed by China Huawei (HUAWEI) based on Android. There is an authorization issue vulnerability in HUAWEI EMUI/Magic UI