VARIoT IoT vulnerabilities database

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 ‥ * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 ‥ * Past traversal (CWE-22) - CVE-2021-27461 ‥ * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 ‥ * Cross-site scripting (CWE-79) - CVE-2021-27465 ‥ * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 ‥ * Arbitrary code executed by a remote third party - CVE-2021-27459 ‥ * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 ‥ * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 ‥ * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 ‥ * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 ‥ * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 ‥ * Past traversal (CWE-22) - CVE-2021-27461 ‥ * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 ‥ * Cross-site scripting (CWE-79) - CVE-2021-27465 ‥ * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 ‥ * Arbitrary code executed by a remote third party - CVE-2021-27459 ‥ * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 ‥ * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 ‥ * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 ‥ * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 ‥ * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 ‥ * Past traversal (CWE-22) - CVE-2021-27461 ‥ * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 ‥ * Cross-site scripting (CWE-79) - CVE-2021-27465 ‥ * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 ‥ * Arbitrary code executed by a remote third party - CVE-2021-27459 ‥ * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 ‥ * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 ‥ * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 ‥ * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 ‥ * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 ‥ * Past traversal (CWE-22) - CVE-2021-27461 ‥ * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 ‥ * Cross-site scripting (CWE-79) - CVE-2021-27465 ‥ * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 ‥ * Arbitrary code executed by a remote third party - CVE-2021-27459 ‥ * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 ‥ * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 ‥ * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 ‥ * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 ‥ * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 ‥ * Past traversal (CWE-22) - CVE-2021-27461 ‥ * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 ‥ * Cross-site scripting (CWE-79) - CVE-2021-27465 ‥ * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 ‥ * Arbitrary code executed by a remote third party - CVE-2021-27459 ‥ * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 ‥ * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 ‥ * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 ‥ * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. Prosody Is vulnerable to a race condition.Information may be obtained. Prosodical Thoughts Prosody is an open source application system of Prosodical Thoughts. A modern XMPP communication server. Remote attackers can use this vulnerability to obtain sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Prosŏdy IM: Multiple vulnerabilities Date: May 26, 2021 Bugs: #771144, #789969 ID: 202105-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Prosŏdy IM, the worst of which could result in a Denial of Service condition. It aims to be easy to set up and configure, and efficient with system resources. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/prosody < 0.11.9 >= 0.11.9 Description =========== Multiple vulnerabilities have been discovered in Prosŏdy IM. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Prosŏdy IM users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-im/prosody-0.11.9" References ========== [ 1 ] CVE-2021-32917 https://nvd.nist.gov/vuln/detail/CVE-2021-32917 [ 2 ] CVE-2021-32918 https://nvd.nist.gov/vuln/detail/CVE-2021-32918 [ 3 ] CVE-2021-32919 https://nvd.nist.gov/vuln/detail/CVE-2021-32919 [ 4 ] CVE-2021-32920 https://nvd.nist.gov/vuln/detail/CVE-2021-32920 [ 5 ] CVE-2021-32921 https://nvd.nist.gov/vuln/detail/CVE-2021-32921 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (buster), these problems have been fixed in version 0.11.2-1+deb10u1. We recommend that you upgrade your prosody packages. For the detailed security status of prosody please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCi0+8ACgkQEMKTtsN8 TjZnCg/+NZAMCpnKUqKs3vy7pZkXJXgCmCQgs3TYMXPGty3GuhjCO6Ao2sLnb0OE Jh6QBpgUmGknhMEuU6wbscBK8oMUEkVvvrlFv1sjp8yHwqQ65KkZvnNNbOsVBFXB Yy/aQzk8bYe601ZLXLR29IBVGPUA9+rjUXMqeBNok5LyEQW00yhe/WOOf8UqU7Ly NteRRmc8aR3WL392EVChvKNtVftC+5n6CtegXwzD+OQYCWFEmKbo449ySQJDHHfY oWvQBH9mk+lrfrRgIXqqZ9zFCEAg1cRaUQc0EBLkHFmRbHWCk/Ybk7mUm0dc3BFv OdOHYR3+IHedOjhuBaDnbexffQaVpP8G8/av9Hpzu+SRbmlDVRNfzrtG6M3k3SGn S9j7ah/uxsmuwYXQ4gjnYAhlpRDRkswpms22fZr4wEWRy17LgIIWQh1zIwii3s+U M1uMhU56F0jjZ/X+SGhIdUIKhcKIv+vPbxlBM700T3VLDhpoWhd4+K6JZFcXhMeT mIv12dghuHXwNp9ONw3kC946CLIMcerRqI1eB13f0XZw//+IcqBMPR6PzSkxqRdA KxEOPLzipHNtnNTo/RevUyI1hbi1eWW0QT/sLtuhFSzQUtOW0EFf8ZxJFHBaADeu vBvc9XewmRRGPpwXj42GaYZ/5c7VE3hiMEvdhFimSt666MnwhKg= =miBj -----END PGP SIGNATURE-----

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.40, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.9, 6.41, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42, 6.42.1, 6.42.2, 6.42.3, 6.42. Advisory: four vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team Product Description ================== RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point. Description of vulnerabilities ========================== These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one. 1. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: /nova/bin/btest 2020.06.19-15:51:36.94@0: --- signal=6 -------------------------------------------- 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880 esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8 This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability. 2. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: /nova/bin/sniffer 2020.06.19-16:36:18.33@0: --- signal=11 -------------------------------------------- 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8 esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56 This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability. 3. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: /nova/bin/sniffer 2020.06.19-16:58:33.42@0: --- signal=11 -------------------------------------------- 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428 esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08 This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability. 4. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: /nova/bin/sniffer 2020.06.19-17:58:43.98@0: --- signal=11 -------------------------------------------- 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38 esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42 Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2. # cat /rw/logs/backtrace.log 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: /nova/bin/sniffer 2021.05.07-16:02:37.25@0: --- signal=6 -------------------------------------------- 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8 esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8 This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc. Solution ======== No upgrade firmware available yet References ========== [1] https://mikrotik.com/download/changelogs/stable-release-tree

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team Product Description ================== RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point. Description of vulnerabilities ========================== These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one. 1. There is a reachable assertion in the btest process. By sending a crafted packet, an authenticated remote user can crash the btest process due to assertion failure. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: /nova/bin/btest 2020.06.19-15:51:36.94@0: --- signal=6 -------------------------------------------- 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880 esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8 This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability. 2. By sending a crafted packet, an authenticated remote user can crash the sniffer process due to NULL pointer dereference. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: /nova/bin/sniffer 2020.06.19-16:36:18.33@0: --- signal=11 -------------------------------------------- 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8 esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56 This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability. 3. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: /nova/bin/sniffer 2020.06.19-16:58:33.42@0: --- signal=11 -------------------------------------------- 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428 esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08 This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability. 4. Against stable 6.46.5, the poc resulted in the following crash dump. # cat /rw/logs/backtrace.log 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: /nova/bin/sniffer 2020.06.19-17:58:43.98@0: --- signal=11 -------------------------------------------- 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38 esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42 Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2. # cat /rw/logs/backtrace.log 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: /nova/bin/sniffer 2021.05.07-16:02:37.25@0: --- signal=6 -------------------------------------------- 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8 esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8 This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc. Solution ======== No upgrade firmware available yet References ========== [1] https://mikrotik.com/download/changelogs/stable-release-tree

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition. Multiple Siemens products contain buffer error vulnerabilities.Denial of service (DoS) It may be put into a state. Siemens SmartVNC is an industrial control equipment of Germany's Siemens (Siemens) company. Provides a function to access the smartserver in the HMI. Siemens SmartVNC has security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. FortiSandbox and FortiAuthenticator Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiSandbox and Fortinet FortiAuthenticator are products of Fortinet. Fortinet FortiSandbox is an APT (advanced persistent threat) protection device. The appliance offers features such as dual sandboxing technology, dynamic threat intelligence system, real-time dashboard and reporting. Fortinet FortiAuthenticator is a centralized user identity management solution

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. FortiSandbox Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides functions such as dual sandbox technology, dynamic threat intelligence system, real-time control panel and reports. No detailed vulnerability details are currently provided. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1). The Huawei mobile phone is a smart phone of Huawei from China's Huawei (Huawei) company. A logic error vulnerability in many Huawei smartphones is caused by the system not reasonably restricting certain operations when the function of healthy use of the phone is turned on. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS). eCNS280_TD and eSE620X vESS Is vulnerable to an out-of-bounds read.Denial of service (DoS) It may be put into a state. Huawei eCNS280_TD is the core network device of Huawei's wireless broadband trunking system. The Huawei ESE620X vESS is a virtual enterprise service controller from the Chinese company Huawei. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. InterNiche Technologies NicheStack has an input validation error vulnerability, which exists due to insufficient input validation provided by users in the TCP component. A remote attacker can use this vulnerability to pass specially crafted input to the application and perform a denial of service (DoS) attack. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. InterNiche Technologies NicheStack has an input validation error vulnerability, which stems from the boundary conditions of ICMP components. An attacker can use this vulnerability to trigger an out-of-bounds read error and cause a system denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. Cisco Small Business RV160 and RV260 are routers. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200. eCNS280_TD and eSE620X vESS Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei eCNS280_TD is the core network equipment of the wireless broadband trunking system of China's Huawei (Huawei) company. Huawei ESE620X vESS is a virtual enterprise service controller of China's Huawei (Huawei) company. The vulnerabilities stem from that the product does not properly impose security restrictions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.). HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers, providing connections via PROFINET IO and Modbus TCP. SENTRON 3WL COM35 is an accessory module of 3WL circuit breaker, which provides connection through PROFINET IO and Modbus TCP. SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module is a plug-in device that provides switched Ethernet PROFINET V3 connections for 7KM PAC32x0/4200 and 3VA COM100/800 devices. The Siemens Interniche IP stack low-voltage equipment has security vulnerabilities. No detailed vulnerability details are currently provided. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. Contiki-NG Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Attackers can use this vulnerability to effectively shut down the operation of the system