VARIoT IoT vulnerabilities database

Schneider M340 is a controller widely used in industrial control field. Schneider M340 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service on the server.

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP Contains an information disclosure vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell Inspiron 15 7579 2-in-1 (Dell Inspiron) is a notebook computer of Dell (Dell) in the United States

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. frame touch module Is vulnerable to an out-of-bounds read.Denial of service (DoS) It may be put into a state. Vivo Frame Touch Module for Android 10 is a static capacitance click module of China's Vivo Mobile Communications (Vivo) company. No detailed vulnerability details are currently provided

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. Several Siemens products contain resource exhaustion vulnerabilities.Denial of service (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPUs are a CPU (Central Processing Unit) module of Siemens (Siemens), Germany. Siemens SINUMERIK 840D sl is a set of advanced machine tool CNC system from Siemens (Siemens) in Germany. Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller have a denial of service vulnerability

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. ‥ * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 ‥ * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 ‥ * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 ‥ * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) is a set of programming software for Schneider Electric logic controller products from French Schneider Electric (Schneider Electric). No detailed vulnerability details are currently provided

OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. OSIsoft of OSIsoft PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

S7-300 is a modular small PLC system. SIMATIC S7-300 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.

S7-300 is a modular small PLC system. SIMATIC S7-300 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI Runtime has an integer overflow vulnerability. Attackers can use the vulnerability to cause server denial of service. Service.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI Runtime has a stack overflow vulnerability. Attackers can use this vulnerability to cause a denial of service on the server.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech WebAccess HMI Runtime has a binary vulnerability that can be exploited by attackers to cause a denial of service on the server.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI PanelSim.exe has an integer overflow vulnerability. Attackers can use the vulnerability to cause an integer overflow and cause the program to crash.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI PanelSim.exe has a heap overflow vulnerability. Attackers can use the vulnerability to cause heap overflow and cause the program to crash.

S7-300 is a modular small PLC system. SIMATIC S7-300 PLC has a vulnerability in industrial control equipment. Attackers can use the vulnerability to cause a denial of service on the server.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI PanelSim.exe has a binary vulnerability that can be exploited to cause a denial of service on the server.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI PanelSim.exe has a stack overflow vulnerability, which can be exploited by attackers to make the server denial of service.

Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool. Advantech's WebAccess HMI Runtime has a heap overflow vulnerability. Attackers can use this vulnerability to cause a denial of service on the server.