VARIoT IoT vulnerabilities database
| VAR-202103-1588 | CVE-2021-27414 | Ellipse Enterprise Asset Management Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. Ellipse Enterprise Asset Management (Ellipse EAM) is a business process management software Ellipse application provided by Ellipse in the UK. There is a cross-site scripting vulnerability. The browser runs these codes
| VAR-202103-1587 | CVE-2021-27416 | Ellipse Enterprise Asset Management Cross-site scripting vulnerability |
CVSS V2: 5.8 CVSS V3: 5.4 Severity: MEDIUM |
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. Ellipse Enterprise Asset Management (Ellipse EAM) is a business process management software provided by Ellipse Industrial Equipment in the UK
| VAR-202103-0638 | CVE-2021-21514 | Dell EMC OpenManage Server Administrator Traversal Vulnerability in Japan |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. The solution supports online diagnosis, system operation detection, equipment management, etc
| VAR-202103-0637 | CVE-2021-21513 | Dell EMC OpenManage Server Administrator Authentication vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. DELL Dell EMC OpenManage Server Administrator is a set of system management solutions from DELL Corporation in the United States. The solution supports online diagnosis, system operation detection, equipment management, etc. Microsoft Windows is a desktop operating system of Microsoft Corporation in the United States
| VAR-202103-0511 | CVE-2021-22294 | HarmonyOS Vulnerability in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. HarmonyOS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system
| VAR-202103-0512 | CVE-2021-22296 | HarmonyOS Vulnerability in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. HarmonyOS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system
| VAR-202103-0033 | CVE-2020-11189 | plural Qualcomm Out-of-bounds read vulnerabilities in the product |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state
| VAR-202103-1789 | No CVE | Huafu Kaiwu controX has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The controX (Huafu Kaiwu) series of industrial configuration software is a cross-platform general-purpose operating system for the next generation of operating systems developed by Beijing Huafu Yuanke Technology Co., Ltd. after years of development in full integration of user needs and the latest development direction in the field of industrial automation Configuration platform software products.
Huafu Kaiwu controX has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.
| VAR-202103-1792 | No CVE | Huafu Kaiwu controX has an unauthorized access vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The controX (Huafu Kaiwu) series of industrial configuration software is a cross-platform general-purpose operating system for the next generation of operating systems developed by Beijing Huafu Yuanke Technology Co., Ltd. after years of development in full integration of user needs and the latest development direction in the field of industrial automation Configuration platform software products.
Huafu Kaiwu controX has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202103-1794 | No CVE | Huafu Kaiwu controX has an information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The controX (Huafu Kaiwu) series of industrial configuration software is a cross-platform general-purpose operating system for the next generation of operating systems developed by Beijing Huafu Yuanke Technology Co., Ltd. after years of development in full integration of user needs and the latest development direction in the field of industrial automation Configuration platform software products.
Huafu Kaiwu controX has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202103-1641 | No CVE | Universal Technology Co., Ltd. TL-ER6110G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment.
The TL-ER6110G of Universal Technology Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202103-1642 | No CVE | Universal Technology Co., Ltd. WTC181 has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment.
Universal Technology Co., Ltd. WTC181 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202103-1643 | No CVE | Universal Technology Co., Ltd. TL-XDR3250 has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment.
Universal Technology Co., Ltd. TL-XDR3250 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202103-0640 | CVE-2021-21517 | SRS Policy Manager In XML External entity vulnerabilities |
CVSS V2: 6.4 CVSS V3: 7.2 Severity: HIGH |
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. Dell SRS Policy Manager is an application software of Dell (Dell)
| VAR-202103-0639 | CVE-2021-21515 | Dell EMC SourceOne Cross-site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. Dell EMC SourceOne is an application software of Dell (Dell)
| VAR-202103-0049 | CVE-2020-11309 | plural Qualcomm Product Free Memory Usage Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202103-0046 | CVE-2020-11299 | plural Qualcomm Classic buffer overflow vulnerability in the product |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202103-0045 | CVE-2020-11290 | plural Qualcomm Product Free Memory Usage Vulnerability |
CVSS V2: 6.9 CVSS V3: 7.0 Severity: HIGH |
Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202103-0041 | CVE-2020-11226 | plural Qualcomm Out-of-bounds read vulnerabilities in the product |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to out-of-bounds reading and a vulnerability related to array index validation.Information may be obtained
| VAR-202103-0042 | CVE-2020-11227 | plural Qualcomm Product index validation vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to array index validation and a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state