VARIoT IoT vulnerabilities database

Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) EMA Contains a path traversal vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Intel Active Management Technology versions prior to 1.3.3 have an access control error vulnerability, which stems from the fact that network systems or products do not properly restrict resource access from unauthorized roles

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) XTU Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Battery Life Diagnostic Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Battery Life Diagnostic Tool is a battery life analysis software developed by Intel Corporation

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Unite Client Is vulnerable to a buffer error.Information may be obtained. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. An attacker could exploit this vulnerability to cause information leakage

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. plural Huawei The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is a vulnerability in the firmware regarding improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Document Title: =============== Intel NUC - Local Privilege Escalation Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2267 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525 CVE-ID: ======= CVE-2020-24525 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID (VL-ID): ==================================== 2267 Common Vulnerability Scoring System: ==================================== 6.7 Vulnerability Class: ==================== Privilege Escalation Current Estimated Price: ======================== 10.000€ - 25.000€ Product & Service Introduction: =============================== The Intel® NUC kit consists of a customizable mainboard and housing. You can choose from a large selection of memory and data storage as well as the operating system. (Copy of the Homepage: https://www.intel.de/content/www/de/de/products/boards-kits/nuc/kits.html ) Abstract Advisory Information: ============================== A vulnerability laboratory core team researcher discovered a local privilege escalation in the official Intel® NUC. Affected Product(s): ==================== Intel® NUC Intel® NUC Board DE3815TYBE with a SA number H27002-500 and later. The SA number is located on the back of the chassis. TYBYT20H.86A Intel® NUC Kit DE3815TYKHE with an AA number H26998-500 and later. The AA number is found on the board’s memory module socket. TYBYT20H.86A Intel® NUC Board DE3815TYBE with the following SA numbers: H27002-400, -401, -402, -404, and -404. The SA number is located on the back of the chassis. TYBYT10H.86A Intel® NUC Kit DE3815TYKHE with the following AA numbers: H26998-401, -402, -403, -404, and -405. The AA number is found on the board’s memory module socket. TYBYT10H.86A Intel® NUC 8 Rugged Kit NUC8CCHKR CHAPLCEL.0049 Intel® NUC Board NUC8CCHB CHAPLCEL.0049 Intel® NUC 8 Pro Mini PC NUC8i3PNK PNWHL357.0037 Intel® NUC 8 Pro Kit NUC8i3PNK PNWHL357.0037 Intel® NUC 8 Pro Kit NUC8i3PNH PNWHL357.0037 Intel® NUC 8 Pro Board NUC8i3PNB PNWHL357.0037 Intel® NUC 9 Pro Kit - NUC9V7QNX QNCFLX70.34 Intel® NUC 9 Pro Kit - NUC9VXQNX QNCFLX70.34 Intel® NUC 8 Mainstream-G kit (NUC8i5INH) INWHL357.0036 Intel® NUC 8 Mainstream-G kit (NUC8i7INH) INWHL357.0036 Intel® NUC 8 Mainstream-G mini PC (NUC8i5INH) INWHL357.0036 Intel® NUC 8 Mainstream-G mini PC (NUC8i7INH) INWHL357.0036 Vulnerability Disclosure Timeline: ================================== 2020-11-13: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Local Severity Level: =============== Medium Authentication Type: ==================== Restricted Authentication (User Privileges) User Interaction: ================= No User Interaction Disclosure Type: ================ Bug Bounty Technical Details & Description: ================================ Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user with system privileges to potentially enable an escalation of the local process privilege via local system access. Solution - Fix & Patch: ======================= Intel recommends that users update to the latest NUC firmware version (see provided table). Intel recommends users update HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN to an updated version 1.76 via the following URL: https://downloadcenter.intel.com/download/27315?v=t Security Risk: ============== The security risk of the local privilege escalation vulnerability in the intel nuc is estimated as medium. Credits & Authors: ================== S.AbenMassaoud [Core Research Team] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: www.vulnerability-lab.com www.vuln-lab.com www.vulnerability-db.com Services: magazine.vulnerability-lab.com paste.vulnerability-db.com infosec.vulnerability-db.com Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php vulnerability-lab.com/rss/rss_upcoming.php vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php vulnerability-lab.com/register.php vulnerability-lab.com/list-of-bug-bounty-programs.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@) to get a ask permission. Copyright © 2020 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com

PACsystem RX7i is an intelligent platform product of General Electric Company in the United States. It is often used in steel, aluminum plants, automobile plants, nuclear power plants, and high-speed production lines for production control. GE PACsystem RX7i has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.

PACsystem RX7i is an intelligent platform product of General Electric Company in the United States. It is often used in steel, aluminum plants, automobile plants, nuclear power plants, and high-speed production lines for production control. GE PACsystem RX7i has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.

General Electric (GE) is the world's largest multinational company providing technology and services, headquartered in Boston, USA. The American general PACsystem RX3i has a vulnerability in industrial control equipment, which can be exploited by attackers to make the server denial of service.

Schneider M340 is a controller widely used in industrial control field. Schneider M340 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service on the server.

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP Contains an information disclosure vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell Inspiron 15 7579 2-in-1 (Dell Inspiron) is a notebook computer of Dell (Dell) in the United States

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. frame touch module Is vulnerable to an out-of-bounds read.Denial of service (DoS) It may be put into a state. Vivo Frame Touch Module for Android 10 is a static capacitance click module of China's Vivo Mobile Communications (Vivo) company. No detailed vulnerability details are currently provided

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. Several Siemens products contain resource exhaustion vulnerabilities.Denial of service (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPUs are a CPU (Central Processing Unit) module of Siemens (Siemens), Germany. Siemens SINUMERIK 840D sl is a set of advanced machine tool CNC system from Siemens (Siemens) in Germany. Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller have a denial of service vulnerability

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. ‥ * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 ‥ * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 ‥ * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 ‥ * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) is a set of programming software for Schneider Electric logic controller products from French Schneider Electric (Schneider Electric). No detailed vulnerability details are currently provided