VARIoT IoT vulnerabilities database

VAR-202108-1803	CVE-2021-36763	CODESYS V3 web server Vulnerability in externally accessible files or directories in	CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties

VAR-202108-2538	No CVE	Denver smart wifi camera shc-150telnet command execution vulnerability	CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM

Denve is a European supplier of consumer electronics products. Denver smart wifi camera shc-150telnet command execution vulnerability, attackers can use this vulnerability to execute arbitrary code.

VAR-202108-2420	No CVE	Konica Minolta printers have weak password vulnerabilities	CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM

Both bizhub C364 and bizhub C280 are color printers launched by Konica Minolta. Many Konica Minolta printers have weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.

VAR-202108-0941	CVE-2021-31630	Open PLC Webserver v3 In OS Command injection vulnerability	CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. Open PLC Webserver v3 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

VAR-202108-0508	CVE-2021-21581	Dell EMC iDRAC9 Cross-site scripting vulnerability	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link

VAR-202108-0507	CVE-2021-21580	DELL Dell EMC iDRAC9 and Dell EMC iDRAC8 Injection vulnerability	CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate

VAR-202108-0506	CVE-2021-21579	Dell EMC iDRAC9 Input validation error vulnerability	CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links

VAR-202108-0505	CVE-2021-21578	Dell EMC iDRAC9 Input validation error vulnerability	CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links

VAR-202108-0504	CVE-2021-21577	DELL Dell EMC iDRAC9 Cross-site scripting vulnerability	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link

VAR-202108-0503	CVE-2021-21576	DELL Dell EMC iDRAC9 Cross-site scripting vulnerability	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link

VAR-202108-0291	CVE-2021-22425	Huawei HarmonyOS Resource Management Error Vulnerability	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges

VAR-202108-0290	CVE-2021-22424	HarmonyOS Vulnerabilities in lack of free memory after expiration	CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. HarmonyOS Is vulnerable to a lack of free memory after expiration.Denial of service (DoS) It may be put into a state

VAR-202108-0289	CVE-2021-22423	Huawei HarmonyOS Buffer error vulnerability	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow

VAR-202108-0288	CVE-2021-22422	HarmonyOS Integer overflow vulnerability in	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

VAR-202108-0285	CVE-2021-22421	HarmonyOS Vulnerability in privilege management	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. HarmonyOS Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

VAR-202108-0282	CVE-2021-22418	HarmonyOS Integer overflow vulnerability in	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

VAR-202108-0284	CVE-2021-22420	HarmonyOS Vulnerability in externally controllable reference to another area resource in	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. HarmonyOS Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

VAR-202108-0283	CVE-2021-22419	HarmonyOS Vulnerability for inadequate validation of data reliability in	CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. HarmonyOS Exists in an inadequate validation of data reliability vulnerabilities.Denial of service (DoS) It may be put into a state

VAR-202108-0280	CVE-2021-22416	HarmonyOS Vulnerability in	CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. HarmonyOS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

VAR-202108-0281	CVE-2021-22417	HarmonyOS Vulnerability in	CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. HarmonyOS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state