VARIoT IoT vulnerabilities database
| VAR-202011-1507 | CVE-2020-25167 | OSIsoft of OSIsoft PI Vision Fraud related to unauthorized authentication in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. OSIsoft of OSIsoft PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained
| VAR-202011-1506 | CVE-2020-25163 | OSIsoft of OSIsoft PI Vision Cross-site scripting vulnerability in |
CVSS V2: 4.9 CVSS V3: 7.3 Severity: HIGH |
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202011-1598 | No CVE | A denial of service vulnerability exists in SIMATIC S7-300 |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
S7-300 is a modular small PLC system.
SIMATIC S7-300 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.
| VAR-202011-1546 | No CVE | A denial of service vulnerability exists in SIMATIC S7-300 |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
S7-300 is a modular small PLC system.
SIMATIC S7-300 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.
| VAR-202011-1547 | No CVE | Advantech WebAccess HMI Runtime has an integer overflow vulnerability (CNVD-2020-61109) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Runtime has an integer overflow vulnerability. Attackers can use the vulnerability to cause server denial of service.
Service.
| VAR-202011-1551 | No CVE | Advantech WebAccess HMI Runtime has stack overflow vulnerability (CNVD-2020-61110) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Runtime has a stack overflow vulnerability. Attackers can use this vulnerability to cause a denial of service on the server.
| VAR-202011-1552 | No CVE | Advantech WebAccess HMI Runtime has a binary vulnerability (CNVD-2020-61111) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech WebAccess HMI Runtime has a binary vulnerability that can be exploited by attackers to cause a denial of service on the server.
| VAR-202011-1554 | No CVE | Advantech WebAccess HMI PanelSim.exe has integer overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has an integer overflow vulnerability. Attackers can use the vulnerability to cause an integer overflow and cause the program to crash.
| VAR-202011-1555 | No CVE | Advantech WebAccess HMI PanelSim.exe has heap overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has a heap overflow vulnerability. Attackers can use the vulnerability to cause heap overflow and cause the program to crash.
| VAR-202011-1556 | No CVE | SIMATIC S7-300 PLC has industrial control equipment vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
S7-300 is a modular small PLC system.
SIMATIC S7-300 PLC has a vulnerability in industrial control equipment. Attackers can use the vulnerability to cause a denial of service on the server.
| VAR-202011-1557 | No CVE | Advantech WebAccess HMI PanelSim.exe has binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has a binary vulnerability that can be exploited to cause a denial of service on the server.
| VAR-202011-1567 | No CVE | Advantech WebAccess HMI PanelSim.exe has stack overflow vulnerability (CNVD-2020-61115) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has a stack overflow vulnerability, which can be exploited by attackers to make the server denial of service.
| VAR-202011-1568 | No CVE | Advantech WebAccess HMI Runtime has a heap overflow vulnerability (CNVD-2020-61112) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Runtime has a heap overflow vulnerability. Attackers can use this vulnerability to cause a denial of service on the server.
| VAR-202011-1569 | No CVE | Advantech WebAccess HMI Designer has dll hijacking vulnerability (CNVD-2020-61113) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Designer has a dll hijacking vulnerability, which can be exploited by attackers to gain administrator rights.
| VAR-202011-1570 | No CVE | Advantech WebAccess HMI Designer has dll hijacking vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Designer has a dll hijacking vulnerability, which can be exploited by attackers to gain administrator rights.
| VAR-202011-0869 | CVE-2020-28373 | plural NETGEAR Out-of-bounds write vulnerability in device |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44. plural NETGEAR The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202011-0859 | CVE-2020-28349 | ChirpStack Network Server Input confirmation vulnerability |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network. ** Unsettled ** This case has not been confirmed as a vulnerability. ChirpStack Network Server There is an input verification vulnerability in. Vendors have challenged this vulnerability. For more information, please see below NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2020-28349Denial of service (DoS) It may be put into a state. The software is applied to the wireless connection of the Internet of Things, and has the characteristics of low power consumption, long distance and high capacity. No detailed vulnerability details are currently provided
| VAR-202011-0857 | CVE-2020-28347 | TP-Link Archer A7 AC1750 Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. TP-Link Archer A7 AC1750 A command injection vulnerability exists in the device. This vulnerability is CVE-2020-10882 It is a vulnerability caused by an incomplete fix.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router from China TP-Link Company
| VAR-202011-1544 | No CVE | Omron small PLC series CP1L has a denial of service vulnerability (CNVD-2020-58493) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions.
Omron small PLC series CP1L has a denial of service vulnerability, which can be exploited by attackers to cause device connection interruption.
| VAR-202011-1553 | No CVE | Omron small PLC series CP1L has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions.
Omron's small PLC series CP1L has a denial of service vulnerability. Attackers can use the vulnerability to stop the program running on the device itself.