VARIoT IoT vulnerabilities database

Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics

Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. DOPSoft ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27275 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27277 CNCSoft ScreenEditor ‥ * Buffer overflow (CWE-121) - CVE-2020-27281Both vulnerabilities could allow arbitrary code to be executed by processing a specially crafted project file. This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore Contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell EMC PowerStore is a storage device of Dell (Dell) in the United States

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore Contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell EMC PowerStore is a storage device of Dell (Dell) in the United States

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore Contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell EMC PowerStore is a storage device of Dell (Dell) in the United States. The vulnerability stems from the fact that the program stores passwords in clear text

An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021). This vulnerability is Samsung ID: SVE-2020-19216 It is published as.Denial of service (DoS) It may be put into a state. Samsung Note20 is a smart phone of South Korea's Samsung company. No detailed vulnerability details are currently provided

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master. Apache Flink Exists in a vulnerability in externally accessible files or directories.Information may be obtained. Apache Flink is an efficient and distributed general data processing platform. Attackers can use this vulnerability to read sensitive files on the server, use hard-coded credentials to use the vulnerability to read and write HMI configuration files and reset the device

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master. Apache Flink Contains a path traversal vulnerability.Information may be tampered with. Apache Flink is an efficient and distributed general data processing platform. There is an arbitrary file writing vulnerability in Apache Flink products. Attackers can use this vulnerability to read sensitive files on the server, use hard-coded credentials to use the vulnerability to read and write HMI configuration files and reset the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Fuse 7.9.0 release and security update Advisory ID: RHSA-2021:3140-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2021:3140 Issue date: 2021-08-11 CVE Names: CVE-2017-5645 CVE-2017-18640 CVE-2019-12402 CVE-2019-14887 CVE-2019-16869 CVE-2019-20445 CVE-2020-1695 CVE-2020-1925 CVE-2020-1935 CVE-2020-1938 CVE-2020-5410 CVE-2020-5421 CVE-2020-6950 CVE-2020-9484 CVE-2020-10688 CVE-2020-10693 CVE-2020-10714 CVE-2020-10719 CVE-2020-11996 CVE-2020-13920 CVE-2020-13934 CVE-2020-13935 CVE-2020-13936 CVE-2020-13954 CVE-2020-13956 CVE-2020-14040 CVE-2020-14297 CVE-2020-14338 CVE-2020-14340 CVE-2020-17510 CVE-2020-17518 CVE-2020-25633 CVE-2020-25638 CVE-2020-25640 CVE-2020-25644 CVE-2020-26258 CVE-2020-26945 CVE-2020-27216 CVE-2020-28052 CVE-2021-27807 CVE-2021-27906 CVE-2021-28165 ===================================================================== 1. Summary: A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hawtio-osgi (CVE-2017-5645) * prometheus-jmx-exporter: snakeyaml (CVE-2017-18640) * apache-commons-compress (CVE-2019-12402) * karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445) * tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996) * spring-cloud-config-server (CVE-2020-5410) * velocity (CVE-2020-13936) * httpclient: apache-httpclient (CVE-2020-13956) * shiro-core: shiro (CVE-2020-17510) * hibernate-core (CVE-2020-25638) * wildfly-openssl (CVE-2020-25644) * jetty (CVE-2020-27216, CVE-2021-28165) * bouncycastle (CVE-2020-28052) * wildfly (CVE-2019-14887, CVE-2020-25640) * resteasy-jaxrs: resteasy (CVE-2020-1695) * camel-olingo4 (CVE-2020-1925) * springframework (CVE-2020-5421) * jsf-impl: Mojarra (CVE-2020-6950) * resteasy (CVE-2020-10688) * hibernate-validator (CVE-2020-10693) * wildfly-elytron (CVE-2020-10714) * undertow (CVE-2020-10719) * activemq (CVE-2020-13920) * cxf-core: cxf (CVE-2020-13954) * fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040) * jboss-ejb-client: wildfly (CVE-2020-14297) * xercesimpl: wildfly (CVE-2020-14338) * xnio (CVE-2020-14340) * flink: apache-flink (CVE-2020-17518) * resteasy-client (CVE-2020-25633) * xstream (CVE-2020-26258) * mybatis (CVE-2020-26945) * pdfbox (CVE-2021-27807, CVE-2021-27906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 5. References: https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/cve/CVE-2017-18640 https://access.redhat.com/security/cve/CVE-2019-12402 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-16869 https://access.redhat.com/security/cve/CVE-2019-20445 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1925 https://access.redhat.com/security/cve/CVE-2020-1935 https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/cve/CVE-2020-5410 https://access.redhat.com/security/cve/CVE-2020-5421 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/cve/CVE-2020-11996 https://access.redhat.com/security/cve/CVE-2020-13920 https://access.redhat.com/security/cve/CVE-2020-13934 https://access.redhat.com/security/cve/CVE-2020-13935 https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2020-13954 https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-14340 https://access.redhat.com/security/cve/CVE-2020-17510 https://access.redhat.com/security/cve/CVE-2020-17518 https://access.redhat.com/security/cve/CVE-2020-25633 https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25640 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-26258 https://access.redhat.com/security/cve/CVE-2020-26945 https://access.redhat.com/security/cve/CVE-2020-27216 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2021-27807 https://access.redhat.com/security/cve/CVE-2021-27906 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRQVh9zjgjWX9erEAQjAxg/+O0wRNyDejQCX7SWv2Lvo5YZVE9Azv+hd pWFbtNu1cruoiUWY2vqArIH8KmZXWYS/EDQCe4PfIB0wKZfx9dS7y19Ct4swE4Y2 3L0DRVp9YLoqZC3ndVIk3W+RSLEODc5S3IAi6twXlmiZlAwPJXDvcs7aeUAPGc0m 93Y3lZofrpaEnyEVdoUsz0M47mQQYxNJ1nPF9FuUDsOXUqiu18JS9DsuyWwONyKw dPCxfHf3ioI+ymsYjoO+fIcu3dR6lGryvsEFY3dnXePiLlp5NBrRW359K6EQGM/e f1PsXzVYrWMikmxpGaOM7KkoLPAcvtznd4G62ZGUODyAEUKLderr9M7zG88Eg2gG Ycw5D4UkJ+QZB/qHlQJHLrrzuPybGBXSdl2VLTF/m7YZSE9C2yW1ZatyahhdEP3T +MmzU6mnbuPCrYjwL/AgCGx3ap52+2eL5HvDzf7+5plY6MVpHZQb2iiIj6H58P6g ffxr6dGJdDtw5ovzls0Gor4sb69KJ+3xrRLg2C7cndd+3RJc8SCiCRUV9QE2IHTb H3cDXlNbYcqzDxQZNUUO13+GOEgXQLrIJokA3zNXzzYFr2tivmiWF6rKrJ6UnECl 86tpZfh4vcosv3nN6Cg9VAizrMm/84B4L3T4jm/mrN4SGg3CSJqa03r7ig3+oHFX H9jzBVxbmuk= =jp7z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. RouterOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Mikrotik MikroTik RouterOS is a set of router operating systems based on Linux developed by Latvia MikroTik (Mikrotik). The system can be deployed in a PC so that it provides router functionality

Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions , Is a leading supplier of machine automation and factory intelligent solutions in China. There is a binary vulnerability in the processing of TGA images in the Kinco Designer configuration software of Shanghai Baike. Attackers can use this vulnerability to cause the program to crash.

Huawei HG532 router is a wireless router product designed for home and small office users. The Huawei HG532 router has a command execution vulnerability. An attacker can use this vulnerability to send malicious messages to the device to launch an attack, and successfully exploit the vulnerability to execute arbitrary code remotely.

Huawei HG532 router is a wireless router product designed for home and small office users. Huawei HG532 router has a command injection vulnerability. An attacker can use this vulnerability to gain control of the server.

Shenzhen Qiaoan Technology Co., Ltd. is a professional R&D and manufacturer of surveillance cameras, specializing in the production of Qiaoan surveillance, Qiaoan surveillance cameras, etc. Several webcams of Shenzhen Qiaoan Technology Co., Ltd. have information disclosure vulnerabilities, which can be exploited by attackers to obtain sensitive information.

Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device. Vigor2960 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings. ASUS DSL-N17U There is an authentication vulnerability in modem firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ASUS DSL-N17U is a router from ASUS Corporation of China. An unauthorized attacker can modify the admin password by submitting specially crafted content to Advanced_System_Content.asp

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651. (DoS) It may be in a state. Shenzhen Qiaoan Technology Co., Ltd. is a professional R&D and manufacturer of surveillance cameras, specializing in the production of Qiaoan surveillance, Qiaoan surveillance cameras, etc. Several webcams of Shenzhen Qiaoan Technology Co., Ltd. have information disclosure vulnerabilities, which can be exploited by attackers to obtain sensitive information