VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. SIMATIC RTLS Locating Manager Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SIMATIC RTLS is a real-time wireless positioning system for positioning solutions. Siemens SIMATIC RTLS Locating Manager is used for the configuration, operation and maintenance of SIMATIC RTLS installation. Attackers can use vulnerabilities to execute arbitrary commands

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. CodeMeter Contains a cryptographic vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. Many Siemens products have security vulnerabilities. Attackers can use the vulnerability to communicate with CodeMeter API remotely

An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. CodeMeter Is vulnerable to an improper shutdown and release of resources.Information may be obtained. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. Many Siemens products have security vulnerabilities

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool. Many Siemens products have security vulnerabilities

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. CodeMeter Exists in a vulnerability related to same-origin policy violations.Information may be tampered with. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to change or create license files

CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software

A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. Polarion Subversion Webclient Contains a cross-site request forgery vulnerability.Information may be obtained and information may be tampered with. It is an SVN client that enables Subversion users to use a web browser to process SVN repositories

A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code. It is an SVN client that enables Subversion users to use a web browser to process SVN repositories

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. CodeMeter There is a vulnerability in accessing the buffer with an improper length value.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. Many Siemens products have memory corruption vulnerabilities

A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. Siveillance Video (formerly known as Siveillance VMS) is an IP video management software

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> . Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to set a second cookie. The following products and versions are affected: ASP.NET Core 2.1 version, ASP.NET Core 3.1 version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux Advisory ID: RHSA-2020:3697-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3697 Issue date: 2020-09-08 CVE Names: CVE-2020-1045 ==================================================================== 1. Summary: An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1045 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX1fMj9zjgjWX9erEAQh6wA/+NBE91/LaDoq9eYFxfrqVguYZ1Pmb0oBs B4B0pXCUloGDDFTLmFPyIXPwXt1oklGPJ7/UuA4A6Bn2pNNLCGCbP/sDRHOoqcoe NMWrC5z3f8eHU0A+OLZjCfUBHrkZl3FCgDqGW4h5un0TCfCA/x5RRq/3gp/QKYmq cIckR5jkQtw9HrAsUdhjNfnapqGOpryMj0BEy43p1sr3dWeR4vndaddjz7ghbddZ yt2igJzvQJzaY4f788dGqC07HzPL0ehEhqyvyyJtRK7Mg97q+rai5xyQuVS76y94 aogTKj8YI4r0FI0yhz5v+4Skr7osCSoodIucTEpYuB3i1A+ZLg+3hlSSogsryOUA jy46wqFivHPMggNXXKrE0usJNPZf3+7dpuSarNtm57SFKKCx18dAhWUkK0WjTYox aa9NEAT5+z7NSI8snTwVP7bVbTRGIZPZbWEzMcL4VGjo05iGm32UCj1tHJYUWEhS sZD7gSqAk/ieuRAYXAd9DStKFPmjf5lKe823L1Fjw6fIGHGXfjeAyhuvIArL1UJc K9IKEBrG9FoxXd/01jOrjvobbEeMbLnFo3mRSMd6n1/nBGNbp9cTbELzQzX13Vf8 /LNeD82fuk2reO7w430Zx0AJZH3kyjLB5zbtLtVwC8f2oOVYbGgJY4gcWTOgp5ej gKRtEISquJk=Nco9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. Lenovo System Interface Foundation Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state. Both Lenovo System Interface Foundation and Lenovo Vantage are products of Lenovo, a Chinese company. Lenovo System Interface Foundation is a set of software for communicating with hardware devices. Lenovo Vantage is a computer management application. The program supports features such as driver updates, device status diagnostics, and computer configuration

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Lenovo System Update Has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. A security vulnerability exists in Lenovo System Update. An attacker could exploit this vulnerability to escalate privileges

Siemens is a global technology company that provides customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software by virtue of innovations in the fields of electrification, automation and digitalization. The Siemens PLC of Siemens (China) Co., Ltd. has a binary vulnerability. Attackers can use the vulnerability to use malicious code to pass the security verification of the PLC, thereby completely controlling the PLC device.

Schneider Electric Modicon M580 PLC belongs to Schneider Company and is a programmable controller (PLC) for complex equipment and medium-sized projects. Schneider's Modicon M580 PLC segment has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information.

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd., which is used for PLC design, debugging, and maintenance. It is widely used in power, machinery manufacturing, steel, petroleum, chemical and other industrial control fields. Mitsubishi Electric Corporation GX Works2 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. It is used for PLC design, debugging, and maintenance. It is widely used in power, machinery manufacturing, steel, petroleum, chemical and other industrial control fields. Mitsubishi Electric Corporation GX Works2 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. It is used for PLC design, debugging, and maintenance. It is widely used in power, machinery manufacturing, steel, petroleum, chemical and other industrial control fields. Mitsubishi Electric Corporation GX Works2 has a denial of service vulnerability. A remote attacker can send a constructed malicious data packet, causing it to access illegal memory and cause a denial of service. This vulnerability may also lead to remote code execution.

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. It is used for PLC design, debugging, and maintenance. It is widely used in power, machinery manufacturing, steel, petroleum, chemical and other industrial control fields. Mitsubishi Electric Corporation GX Works2 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The intelligent instrument collection management system is an industrial control management system that controls statistics and manages some data in the energy industry. A directory traversal vulnerability exists in the intelligent meter copy management system of Qingdao Automation Instrument Co., Ltd., and attackers can use the vulnerability to read the content of any file on the server.