VARIoT IoT vulnerabilities database

Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system. Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

FiberHome, abbreviated as FiberHome, is a company headquartered in Wuhan, China Listed companies in the communications equipment manufacturing industry. FiberHome routers has an RCE vulnerability. Attackers can use this vulnerability to execute arbitrary commands on the target device with root privileges.

Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system. Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

The Tricon safety instrumented system is a safety instrumented system of Schneider Electric Co., Ltd. The TCM 4351B communication card is the communication card of Schneider's Tricon safety instrumented system, which supports Ethernet and serial communication. Schneider Tricon safety instrumented system TCM 4351B communication card has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services. ASUS DSL-N14U-B1 Is vulnerable to an unlimited upload of dangerous types of files.Denial of service (DoS) It may be put into a state. ASUS DSL-N14U-B1 is a router device from China ASUS (ASUS)

JumpServer is the world's first fully open source bastion machine. It uses the GNU GPL v2.0 open source protocol and is a 4A-compliant professional operation and maintenance audit system. JumpServer unauthorized file reading vulnerability, attackers obtain sensitive information such as log files through carefully constructed requests, and can execute arbitrary commands through related operation APIs.

Shenzhen Zhongda Youkong Technology Co., Ltd. is a company that concentrates on industrial visual touch control products---Human-machine interface, text display, programmable logic controller (PLC) core technology research and development, professional development and sales. High-Tech Companies. There is a binary vulnerability in the TP220 PC screen setting tool of Zhongda Youkong. Attackers can use the vulnerability to cause a denial of service.

Sixnet has more than 30 years of industrial automation product design and manufacturing experience, fully understands the application requirements of various industrial occasions, and injects its mature industrial automation product design concepts into industrial Ethernet switch products. Sixnet switch SLX-18MG has a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

Beijing Century Changqiu Technology Co., Ltd. is a high-tech enterprise engaged in the research and development of industrial automation software, providing a complete set of services such as software development, sales, service and industrial automation system integration. Century Star configuration software has a binary vulnerability, which can be exploited by an attacker to cause a denial of service.

Shenzhen Zhongda Youkong Technology Co., Ltd. is a company that concentrates on industrial visual touch control products---Human-machine interface, text display, programmable logic controller (PLC) core technology research and development, professional development and sales. High-Tech Companies. There is a binary vulnerability in the TP220 PC screen setting tool of Zhongda Youkong. Attackers can use the vulnerability to cause a denial of service.

FX3U-ENET-L has 4 communication channels. Mitsubishi PLC Ethernet module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication via MC series, e-mail sending and other functions. When MELSOFT is connected, remote maintenance of PLC programs can be realized through GX Work2. MITSUBISHI FX3U-ENET-L has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

FX3U-ENET-L has 4 communication channels, Mitsubishi PLC Ethernet module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication through MC series, email sending and other functions. When MELSOFT is connected, remote maintenance of PLC programs can be realized through GX Work2. MITSUBISHI FX3U-ENET-L has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

C2000-B2-SFE0101-BB1 serial port server provides serial port to network function, which can convert RS-232 serial port into TCP/IP protocol network interface. Cognex serial server C2000-B2-SFE0101-BB1 has a stored XSS vulnerability, which can be exploited by attackers to obtain sensitive information.

ACS Motion Control is an OEM-oriented motion controller and drive solutions provider headquartered in Israel. Its products are widely used in semiconductor manufacturing, laser processing, additive manufacturing, flat panel display manufacturing, electronic assembly, life sciences and other fields. Technology system. ACS SpiiPlusEC-08 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

ACS Motion Control is an OEM-oriented motion controller and drive solutions provider headquartered in Israel. Its products are widely used in semiconductor manufacturing, laser processing, additive manufacturing, flat panel display manufacturing, electronic assembly, life sciences and other fields. Technology system. ACS SpiiPlusEC-08 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

YKBuilder is a software suitable for constructing embedded integrated development. There are binary vulnerabilities in YKBuilder V5.1. Attackers can use this vulnerability to construct malformed files and cause the program to crash.

China United Network Communications Group Co., Ltd. (English name China Unicom, abbreviated as "China Unicom", "Unicom") was formed on the basis of the merger of the original China Netcom and the original China Unicom on January 6, 2009. It is established in 31 provinces in China. (Autonomous regions, municipalities directly under the Central Government) and many overseas countries and regions have branches. It is China's only telecommunications operating company listed in New York, Hong Kong, and Shanghai at the same time. The LTE core network has a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service attack.

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. AirWave Glass Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HPE Aruba Airwave Glass is a smart glasses device from HPE. HPE Aruba Airwave Glass 1.3.3 has an input verification error vulnerability before 1.3.3. The vulnerability is due to insufficient input verification

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31

Wanglun Tianxia (Beijing) Intelligent Technology Co., Ltd. is a technology-based enterprise focusing on the Internet of Things for commercial vehicle tires. It is the first cooperative development unit of smart tires in China. It has a number of invention patents and software copyrights, and has obtained the European Union CE and North America FCC certification. Netlun Tianxia (Beijing) Intelligent Technology Co., Ltd. has a file upload vulnerability in its intelligent tire monitoring management system. An attacker can use the vulnerability to upload a webshell to gain server permissions.