VARIoT IoT vulnerabilities database

In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03. Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. A vulnerability exists in Patient Information. The following products and versions are affected: B.02, C.02, C.03

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03. Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03

Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. plural BIG-IP The product contains unspecified vulnerabilities.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Configuration utility is one of the configuration utilities. A security vulnerability exists in the F5 BIG-IP. The vulnerability originates from SSL/TLS ADH/DHE. An attacker could exploit this vulnerability to bypass access restrictions on data

Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Driver & Support Assistant Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. Intel Driver & Support Assistant prior to version 20.7.26.7 has a security vulnerability. An attacker could exploit this vulnerability to bypass authentication

Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Security vulnerabilities exist in Intel(R) Core(TM), Intel(R) Celeron(R) 8th and 9th generation versions. The vulnerability stems from reading firmware outside the BIOS of 4000 series processors

Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. This vulnerability is being referred to as BLURtooth.CVE-2020-15802 AffectedCVE-2020-15802 Affected

Tuya Intelligence is a global intelligent platform, "AI+IoT" developer platform. There is an unauthorized access vulnerability in the Tuya Smart Platform of Hangzhou Tuya Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information under certain conditions.

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges. License Management Utility (LMU) Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Several Siemens products are vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC HMI panels are used to control and monitor HMI software for machines and equipment. Siemens SIMATIC HMI products have security vulnerabilities

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. Several Siemens products contain vulnerabilities to inadequate protection of credentials.Information may be obtained. Siemens SIMATIC S7-300 CPU is a modular universal controller of Siemens (Siemens) for the manufacturing industry. Products in the Siemens SIMATIC S7-400 CPU series have been designed for process control in an industrial environment

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. SIMATIC HMI Unified Comfort Panels Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC HMI panels are used to control and monitor HMI software for machines and equipment. Siemens SIMATIC HMI products have security vulnerabilities

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack. Spectrum Power™4 provides basic components for data modeling of SCADA, communication and control and monitoring systems. Siemens Spectrum Power™4 has security vulnerabilities. Attackers can exploit the vulnerability to be attacked by directory listings

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. Spectrum Power™4 provides basic components for data modeling of SCADA, communication and control and monitoring systems. Siemens Spectrum Power™4 has security vulnerabilities. An attacker can exploit the vulnerability to cause the user name to be retrieved

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service. SIMATIC RTLS Locating Manager There is a vulnerability in the search path or element that is not quoted.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SIMATIC RTLS is a real-time wireless positioning system for positioning solutions. Siemens SIMATIC RTLS Locating Manager is used for the configuration, operation and maintenance of SIMATIC RTLS installation

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts. SIMATIC RTLS Locating Manager Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SIMATIC RTLS is a real-time wireless positioning system for positioning solutions. Siemens SIMATIC RTLS Locating Manager is used for the configuration, operation and maintenance of SIMATIC RTLS installation