VARIoT IoT vulnerabilities database

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Interactive Graphical SCADA System (IGSS) Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (Data Acquisition and Supervisory Control System) system used by French Schneider Electric (Schneider Electric) to monitor and control industrial processes. Interactive Graphical SCADA System (IGSS) Definition V15.0.0.21041 and earlier versions have a buffer overflow vulnerability

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Interactive Graphical SCADA System (IGSS) Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (data acquisition and monitoring system) system used to monitor and control industrial processes of Schneider Electric in France

Xiamen Haiwei Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production, sales and service. Xiamen Haiwell Technology Co., Ltd. cloud configuration software Cloud SCADA has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Ruijie Networks Co., Ltd. is a company that uses new technologies such as cloud computing, SDN, mobile internet, big data, and the Internet of Things to provide end-to-end solutions for users in various industries. Ruijie's unified online behavior management and audit system has weak password vulnerabilities. Attackers can use this vulnerability to log in to the background to obtain sensitive information.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks routers have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. plural Schneider Electric The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric) company. Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators. PowerLogic ION7400, PM8000 and ION9000 have a buffer overflow vulnerability, which stems from improper restrictions on operations in the memory buffer

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. D-Link DIR-3060 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-3060 is a router of China D-Link Corporation. D-Link DIR-3060 has a command injection vulnerability

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. Vendor exploits this vulnerability IBM X-Force ID: 189965 Is published as.Information may be obtained. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform

A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Wind River VxWorks Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Wind River VxWorks is an operating system of Wind River Company in the United States. The industry-leading real-time operating system for building embedded devices and systems. Remote attackers can use this vulnerability to submit special requests, causing the application to crash or execute arbitrary code in the application context

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). D-Link DIR-841 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-841 is an AC1200 MU-MIMO Wi-Fi Gigabit router. There is a command injection vulnerability in /jsonrpc in D-Link DIR-841 3.03 and 3.04

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. PowerLogic Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.). GNOME Glib is a multi-platform toolkit for creating graphical user interfaces, and is the underlying core library of GTK+ and GNOME projects. The vulnerability is caused by g_file_replace and G_FILE_CREATE_REPLACE_DESTINATION incorrectly creating the target of a symbolic link as an empty file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: glib2 security and bug fix update Advisory ID: RHSA-2021:4385-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4385 Issue date: 2021-11-09 CVE Names: CVE-2021-3800 CVE-2021-28153 ==================================================================== 1. Summary: An update for glib2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib2: Possible privilege escalation thourgh pkexec and aliases (CVE-2021-3800) * glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink (CVE-2021-28153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1938284 - CVE-2021-3800 glib2: Possible privilege escalation thourgh pkexec and aliases 1938291 - CVE-2021-28153 glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink 1948988 - Refcounting issue causes crashes and slow workarounds 1971533 - MD5 HMAC computation should not cause glib to segfault in FIPS mode 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: glib2-2.56.4-156.el8.src.rpm aarch64: glib2-2.56.4-156.el8.aarch64.rpm glib2-debuginfo-2.56.4-156.el8.aarch64.rpm glib2-debugsource-2.56.4-156.el8.aarch64.rpm glib2-devel-2.56.4-156.el8.aarch64.rpm glib2-devel-debuginfo-2.56.4-156.el8.aarch64.rpm glib2-fam-2.56.4-156.el8.aarch64.rpm glib2-fam-debuginfo-2.56.4-156.el8.aarch64.rpm glib2-tests-2.56.4-156.el8.aarch64.rpm glib2-tests-debuginfo-2.56.4-156.el8.aarch64.rpm ppc64le: glib2-2.56.4-156.el8.ppc64le.rpm glib2-debuginfo-2.56.4-156.el8.ppc64le.rpm glib2-debugsource-2.56.4-156.el8.ppc64le.rpm glib2-devel-2.56.4-156.el8.ppc64le.rpm glib2-devel-debuginfo-2.56.4-156.el8.ppc64le.rpm glib2-fam-2.56.4-156.el8.ppc64le.rpm glib2-fam-debuginfo-2.56.4-156.el8.ppc64le.rpm glib2-tests-2.56.4-156.el8.ppc64le.rpm glib2-tests-debuginfo-2.56.4-156.el8.ppc64le.rpm s390x: glib2-2.56.4-156.el8.s390x.rpm glib2-debuginfo-2.56.4-156.el8.s390x.rpm glib2-debugsource-2.56.4-156.el8.s390x.rpm glib2-devel-2.56.4-156.el8.s390x.rpm glib2-devel-debuginfo-2.56.4-156.el8.s390x.rpm glib2-fam-2.56.4-156.el8.s390x.rpm glib2-fam-debuginfo-2.56.4-156.el8.s390x.rpm glib2-tests-2.56.4-156.el8.s390x.rpm glib2-tests-debuginfo-2.56.4-156.el8.s390x.rpm x86_64: glib2-2.56.4-156.el8.i686.rpm glib2-2.56.4-156.el8.x86_64.rpm glib2-debuginfo-2.56.4-156.el8.i686.rpm glib2-debuginfo-2.56.4-156.el8.x86_64.rpm glib2-debugsource-2.56.4-156.el8.i686.rpm glib2-debugsource-2.56.4-156.el8.x86_64.rpm glib2-devel-2.56.4-156.el8.i686.rpm glib2-devel-2.56.4-156.el8.x86_64.rpm glib2-devel-debuginfo-2.56.4-156.el8.i686.rpm glib2-devel-debuginfo-2.56.4-156.el8.x86_64.rpm glib2-fam-2.56.4-156.el8.x86_64.rpm glib2-fam-debuginfo-2.56.4-156.el8.i686.rpm glib2-fam-debuginfo-2.56.4-156.el8.x86_64.rpm glib2-tests-2.56.4-156.el8.x86_64.rpm glib2-tests-debuginfo-2.56.4-156.el8.i686.rpm glib2-tests-debuginfo-2.56.4-156.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): aarch64: glib2-debuginfo-2.56.4-156.el8.aarch64.rpm glib2-debugsource-2.56.4-156.el8.aarch64.rpm glib2-devel-debuginfo-2.56.4-156.el8.aarch64.rpm glib2-fam-debuginfo-2.56.4-156.el8.aarch64.rpm glib2-static-2.56.4-156.el8.aarch64.rpm glib2-tests-debuginfo-2.56.4-156.el8.aarch64.rpm noarch: glib2-doc-2.56.4-156.el8.noarch.rpm ppc64le: glib2-debuginfo-2.56.4-156.el8.ppc64le.rpm glib2-debugsource-2.56.4-156.el8.ppc64le.rpm glib2-devel-debuginfo-2.56.4-156.el8.ppc64le.rpm glib2-fam-debuginfo-2.56.4-156.el8.ppc64le.rpm glib2-static-2.56.4-156.el8.ppc64le.rpm glib2-tests-debuginfo-2.56.4-156.el8.ppc64le.rpm s390x: glib2-debuginfo-2.56.4-156.el8.s390x.rpm glib2-debugsource-2.56.4-156.el8.s390x.rpm glib2-devel-debuginfo-2.56.4-156.el8.s390x.rpm glib2-fam-debuginfo-2.56.4-156.el8.s390x.rpm glib2-static-2.56.4-156.el8.s390x.rpm glib2-tests-debuginfo-2.56.4-156.el8.s390x.rpm x86_64: glib2-debuginfo-2.56.4-156.el8.i686.rpm glib2-debuginfo-2.56.4-156.el8.x86_64.rpm glib2-debugsource-2.56.4-156.el8.i686.rpm glib2-debugsource-2.56.4-156.el8.x86_64.rpm glib2-devel-debuginfo-2.56.4-156.el8.i686.rpm glib2-devel-debuginfo-2.56.4-156.el8.x86_64.rpm glib2-fam-debuginfo-2.56.4-156.el8.i686.rpm glib2-fam-debuginfo-2.56.4-156.el8.x86_64.rpm glib2-static-2.56.4-156.el8.i686.rpm glib2-static-2.56.4-156.el8.x86_64.rpm glib2-tests-debuginfo-2.56.4-156.el8.i686.rpm glib2-tests-debuginfo-2.56.4-156.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdwdzjgjWX9erEAQj1Ww//TA/kISfe8RjrOJ3//LZrFuwYWT/lYRvA azcyR6n+o/hSTHmAJ0ccc8y2SVdh/ukBI96cB8n4BKAYlZhbdXFm3btcItT8rpqP Cc0z1SIhna+nm8Kdo4eDmjgMUm96E+uKq2bgmxduLWjYfKr/AB0n25nSn1o9sdAl F2iL6vlgmVtfGfa3ODovzIDwas7udIlaRzjnAmA9QSnnQUfZhvsBJbWcMJWJxej9 SrT5lkwPXYJxyGuXN8MD+kfgwjyXS3G+Svv//YkBmuiYjqpQJghRe3YfHCeQ6ow6 NlMOs2ZgNVIN8c03mhpZj6vUIr2qO7LcfUZaKCdIoTbVZKZY1yPkLxQ63EEB/AnP 2pnAwybjS06Izr8JWjwGt/20+gsq1sGWKKU1T/yuLtj6kADbDrY/T6ApnBxF5ajD 6h6Q5UebLHX3p/ks8Kz4V+/hqHXjjWfqy9x16909n2TSwjuGeszqaNrQYjF3lwqt J04E3kWavzyHK5Gr4ZwuS/lLoTNfvWHLRY8GoySL6Wt2agLskbDTgqBoe1NptbT+ siyOCEMFaWC7g5dhzdAusTzHUUJnnLbZzypb1581Ie42A4un+x3F7epktk462WKl uXmc5Big8aODwsVuMd+foFkOD0JKmK8RcfT8W0WciRAPycj5yq009wavogQ/7AEa Kweg3HIZMNU\xc8A2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 General Availability release images, which provide one or more container updates and bug fixes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Bugs fixed (https://bugzilla.redhat.com/): 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images 5. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. ========================================================================== Ubuntu Security Notice USN-4764-1 March 15, 2021 glib2.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: GLib could be made to create files if it opened a specially crafted archive. Software Description: - glib2.0: GLib library of C routines Details: It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libglib2.0-0 2.66.1-2ubuntu0.2 Ubuntu 20.04 LTS: libglib2.0-0 2.64.6-1~ubuntu20.04.3 Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.8 Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.8 In general, a standard system update will make all the necessary changes. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-2235 - Release RHOSDT 2.1 6

On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. BIG-IQ has a cross-site scripting vulnerability that could be exploited by an attacker using a specially crafted URL to reflect cross-site scripting in an unpublished page of the BIG-IQ user interface

On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Contains an unspecified vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Contains an authentication vulnerability.Information may be obtained. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Centralized Management Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ high availability There is a vulnerability in the lack of authentication for critical features.Information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that does not implement any form of authentication using the Corosync daemon

The SIEMENS RWG1.M12D S55370-C170 programmable general-purpose controller combines Siemens' years of experience in the building, HVAC and other industries, based on general hardware design, programmable software platform, and powerful communication processing capabilities. SIEMENS RWG1.M12D S55370-C170 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

SIEMENS-SCALANCE-W788-1 is a controller product of the SCALANCE series of German Siemens (SIEMENS). SIEMENS-SCALANCE-W788-1 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

NARI Automation is a high-tech entity integrating software development, hardware development, technical services, equipment production, and system integration. MB80-CPU721E has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.