VARIoT IoT vulnerabilities database
| VAR-202207-0931 | CVE-2022-33695 | Samsung InputManagerService Unauthorized Access Vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. Samsung InputManagerService is a service of Samsung (SAMSUNG) mobile devices. It is a service abstracted by Android to handle various user operations. It can be regarded as a Binder service entity, instantiated when the SystemServer process starts, and registered with ServiceManager go in.
An unauthorized access vulnerability exists in Samsung InputManagerService that stems from a lack of proper modification permissions in InputManagerService. An attacker could exploit this vulnerability to gain unauthorized access to the service
| VAR-202207-0733 | CVE-2022-33691 | Samsung score drive race condition vulnerability |
CVSS V2: 1.9 CVSS V3: 4.7 Severity: MEDIUM |
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. Samsung score drive is a driver for Samsung mobile devices.
There is a race condition vulnerability in Samsung score drive. The vulnerability stems from the lack of proper synchronization points, which could be exploited by an attacker to perform malicious actions
| VAR-202207-0865 | CVE-2022-30758 | Samsung Finder Information Disclosure Vulnerability (CNVD-2022-76481) |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. Samsung Finder is a search phone feature for Samsung mobile devices
| VAR-202207-0948 | CVE-2022-33690 | Samsung Contacts Storage Path Traversal Vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. Samsung Contacts Storage is a contact storage for Samsung (SAMSUNG) mobile devices.
A path traversal vulnerability exists in Samsung Contacts Storage that stems from a lack of proper validation logic in Samsung Contacts Storage. An attacker could exploit this vulnerability to access arbitrary files
| VAR-202207-0514 | CVE-2022-34663 | Siemens' RUGGEDCOM ROS Code injection vulnerability in |
CVSS V2: 6.0 CVSS V3: 8.0 Severity: HIGH |
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices are vulnerable to a web-based code injection attack via the console.
An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected
device. Siemens' RUGGEDCOM ROS There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM ROS-based devices, typically switches and serial-to-Ethernet devices, are used to connect devices operating in harsh environments, such as power substations and traffic control cabinets. A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions)
| VAR-202207-0706 | CVE-2022-33694 | SAMSUNG Mobile devices CSC application information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc. An attacker could exploit this vulnerability to gain access to wifi information
| VAR-202207-0847 | CVE-2022-33686 | Samsung GsmAlarmManager Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: 2.3 Severity: LOW |
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Samsung GsmAlarmManager is a scheduled task for Samsung (Samsung) mobile devices
| VAR-202207-0777 | CVE-2022-30751 | Samsung Mobile devices SemWifiApClient Access Control Vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. Samsung Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc.
There is an access control vulnerability in Samsung Mobile devices SemWifiApClient. The vulnerability stems from improper access control in the sendDHCPACKBroadcast function of SemWifiApClient
| VAR-202207-0775 | CVE-2022-30752 | Samsung Mobile devices SemWifiApClient Access Control Vulnerability (CNVD-2022-65119) |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. Samsung Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc.
There is an access control vulnerability in Samsung Mobile devices SemWifiApClient. The vulnerability stems from improper access control in the sendDHCPACKBroadcast function of SemWifiApClient
| VAR-202207-0774 | CVE-2022-30753 | Samsung SecSoterService Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. Samsung SecSoterService is a service for Samsung mobile devices
| VAR-202207-0903 | CVE-2022-33692 | Samsung Message App Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Samsung Message App is a messaging feature for Samsung (SAMSUNG) mobile devices.
An information disclosure vulnerability exists in the Samsung Message App that stems from exposing sensitive information while the app is messaging. Attackers can exploit this vulnerability to access IMSI and ICCID through logs
| VAR-202207-0817 | CVE-2022-33693 | SAMSUNG Mobile devices CID Manager Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: 2.3 Severity: LOW |
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc.
An information disclosure vulnerability exists in the SAMSUNG Mobile devices CID Manager that arises from exposing sensitive information during messaging in the CID Manager. An attacker can exploit this vulnerability to access iccid through logs
| VAR-202207-0868 | CVE-2022-33696 | Samsung Telephony service Information Disclosure Vulnerability (CNVD-2022-76487) |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. The Samsung Telephony service is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface (TAPI). Attackers can exploit this vulnerability to access IMSI and ICCID through logs
| VAR-202207-0773 | CVE-2022-30757 | Samsung isemtelephony information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. Samsung isemtelephony is a phone service for Samsung (SAMSUNG) mobile devices
| VAR-202207-0711 | CVE-2022-29884 | Lack of Freeing Resources After Valid Lifetime Vulnerability in Multiple Siemens Products |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens' SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply
| VAR-202207-0821 | CVE-2022-33706 | Samsung Gallery Access Control Error Vulnerability |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. Samsung Gallery is an application of Samsung Corporation. The best image and video viewing app for Galaxy users. This vulnerability stems from an incorrect access verification logic in the Gallery
| VAR-202207-0776 | CVE-2022-30750 | Samsung SemWifiApClient Access Control Error Vulnerability (CNVD-2022-76485) |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. Samsung SemWifiApClient is a Wifi component for Samsung mobile devices
| VAR-202207-0621 | CVE-2022-34821 | Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability |
CVSS V2: 9.3 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based. A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46)
| VAR-202207-0710 | CVE-2022-33704 | Samsung KnoxSDK Input Validation Error Vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Samsung KnoxSDK is a security solution based on the open source Android platform of Samsung (Samsung) in South Korea. It can comprehensively enhance the security through the combination of physical means and software system. Individual employees bring industry-leading enterprise mobility security solutions.
There is an input validation error vulnerability in Samsung KnoxSDK, which stems from the lack of correct validation logic in ucmRetParcelable in KnoxSDK
| VAR-202207-0737 | CVE-2022-33711 | Samsung's Windows for android usb driver Vulnerability related to insufficient data integrity verification in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction. Samsung's Windows for android usb driver contains a vulnerability related to insufficient data integrity verification.Information may be tampered with. Samsung USB Driver Windows Installer for Mobile Phones is a driver used when Samsung (SAMSUNG) mobile devices are connected to PC. The vulnerability stems from incorrect validation logic in the program, and an attacker can exploit this vulnerability to delete any directory