VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202206-2262 CVE-2022-29964 Hardcoded Credentials Usage Vulnerability in Multiple Emerson Products CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System
VAR-202208-2220 CVE-2022-37122 plural  CAREL INDUSTRIES S.p.a.  Past traversal vulnerabilities in products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. CAREL INDUSTRIES S.p.a. of pCOWeb card firmware, applica , pcoweb hvac bacnet gateway Exists in a past traversal vulnerability.Information may be obtained. pCO sistema is the solution CAREL offers its customers for managing HVAC/Rapplications and systems. It consists of programmable controllers, user interfaces,gateways and communication interfaces, remote management systems to offer the OEMsworking in HVAC/R a control system that is powerful yet flexible, can be easily interfacedto the more widely-used Building Management Systems, and can also be integrated intoproprietary supervisory systems.The device suffers from an unauthenticated arbitrary file disclosure vulnerability.Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash scriptis not properly verified before being used to download log files
VAR-202206-2270 CVE-2022-33329 robustel  of  r1510  in the firmware  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
VAR-202206-2267 CVE-2022-33313 robustel  of  r1510  in the firmware  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
VAR-202206-2136 CVE-2021-40597 EDIMAX Technology  of  IC-3140W  Vulnerability related to use of hardcoded credentials in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. EDIMAX Technology of IC-3140W A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202206-2135 CVE-2022-33948 HOME SPOT CUBE2  In  OS  Command injection vulnerability CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Corporation of Japan
VAR-202206-2277 CVE-2022-31233 Vulnerability in incorrect movement of resources between regions in multiple Dell products CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. eVASA Provider Virtual Appliance , Dell Solutions Enabler , Solutions Enabler Virtual Appliance Multiple Dell products are vulnerable to incorrect movement of resources between regions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. Dell EMC Unisphere for PowerMax has a security vulnerability. An attacker exploited this vulnerability to bypass the restrictions of Dell EMC Unisphere for PowerMax to elevate his privileges
VAR-202206-2047 CVE-2022-2143 Advantech Co., Ltd.  iView  Vulnerability in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
VAR-202206-2046 CVE-2022-2142 Advantech Co., Ltd.  iView  In  SQL  Injection vulnerability CVSS V2: -
CVSS V3: 5.9
Severity: MEDIUM
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView
VAR-202206-2226 CVE-2022-33735 Huawei  of  WS7200-10  Firmware Improperly Limiting Excessive Authentication Attempts Vulnerability CVSS V2: 6.1
CVSS V3: 6.5
Severity: MEDIUM
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. Huawei of WS7200-10 A vulnerability exists in firmware that improperly limits excessive authentication attempts.Information may be obtained. Huawei ws7200-10 is a wireless router of China Huawei (HUAWEI). Huawei WS7200-10 11.0.2.13 has an access control error vulnerability
VAR-202206-2048 CVE-2022-2139 Advantech Co., Ltd.  iView  Past traversal vulnerability in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
VAR-202205-1116 CVE-2022-2137 Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability CVSS V2: -
CVSS V3: 4.9
Severity: MEDIUM
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM
VAR-202206-2145 CVE-2022-30276 Motorola Solutions, Inc  of  MOSCAD IP Gateway  firmware and  ace ip gateway (4600)  Vulnerability related to lack of authentication for critical functions in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. Motorola Solutions, Inc of MOSCAD IP Gateway firmware and ace ip gateway (4600) Firmware has a lack of authentication vulnerability for critical functionality.Information may be tampered with
VAR-202206-2045 CVE-2022-2136 Advantech Co., Ltd.  iView  In  SQL  Injection vulnerability CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
VAR-202206-2042 CVE-2022-31205 Vulnerability related to plain text storage of important information in multiple OMRON Corporation products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain vulnerabilities related to the storage of important information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
VAR-202206-2043 CVE-2022-31207 Vulnerability related to digital signature verification in multiple OMRON Corporation products CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several OMRON Corporation products, including firmware, contain vulnerabilities related to digital signature verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
VAR-202206-2044 CVE-2022-31204 Vulnerability related to sending sensitive information in plain text in multiple OMRON Corporation products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
VAR-202206-2053 CVE-2022-31229 Dell's  powerscale onefs  Vulnerability regarding information leakage due to error messages in CVSS V2: 4.0
CVSS V3: 4.9
Severity: MEDIUM
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources
VAR-202206-2084 CVE-2022-31230 Dell's  powerscale onefs  Vulnerability in using cryptographic algorithms in CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. Dell's powerscale onefs Exists in the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202206-2049 CVE-2022-2138 Advantech Co., Ltd.  iView  Vulnerability regarding lack of authentication for critical features in CVSS V2: -
CVSS V3: 8.2
Severity: HIGH
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView