VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202006-1894 No CVE Yinghantong InRouter615-S series industrial LTE router has command execution vulnerability CVSS V2: 6.6
CVSS V3: -
Severity: MEDIUM
Yinghantong InRouter615-S series industrial LTE router is a 4G industrial router. There is a command execution vulnerability in InRouter615-S series industrial LTE routers, which can be exploited by attackers to execute malicious code.
VAR-202006-1892 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability (CNVD-2020-29382) CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
AC9V3.0 upgrade software is a Gigabit Ethernet wireless router of Shenzhen Jixiang Tengda Technology Co., Ltd. Shenzhen Jixiang Tengda Technology Co., Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability. An attacker can use this vulnerability to cause a denial of service (override the return value of the function). The constructed payload can obtain device control.
VAR-202006-1298 CVE-2020-3928 GeoVision Door Access Control Vulnerability in using hard-coded credentials on devices CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices
VAR-202006-1299 CVE-2020-3929 GeoVision Door Access Control Cryptographic strength vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages
VAR-202006-1300 CVE-2020-3930 GeoVision Door Access Control Information leakage vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 3.3
Severity: LOW
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. An information disclosure vulnerability exists in GeoVision GV-GF192x v1.10. Attackers can use this vulnerability to obtain log information
VAR-202006-1549 CVE-2020-9289 FortiManager Vulnerability in using hard-coded credentials in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. FortiManager Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite
VAR-202006-1811 CVE-2020-12001 Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in CVSS V2: 7.5
CVSS V3: 9.8
Severity: Critical
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input
VAR-202006-1961 No CVE Command execution vulnerability exists in WideField3 CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
WideField3 is a PLC programming software developed by Yokogawa Electric Group. WideField3 has a command execution vulnerability, which can be exploited by attackers to execute malicious code.
VAR-202006-1920 No CVE Advantech WebAccess/SCADA has arbitrary file deletion vulnerability (CNVD-2020-29402) CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files on the server.
VAR-202006-1903 No CVE Advantech WebAccess/SCADA has arbitrary file deletion vulnerability (CNVD-2020-29403) CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files on the server.
VAR-202006-1904 No CVE Advantech WebAccess/SCADA has arbitrary file deletion vulnerability (CNVD-2020-29405) CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files on the server.
VAR-202006-1910 No CVE Advantech WebAccess/SCADA has command execution vulnerability (CNVD-2020-29400) CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). Advantech WebAccess/SCADA has a command execution vulnerability that an attacker can use to execute malicious code.
VAR-202006-1911 No CVE Advantech WebAccess/SCADA has arbitrary file deletion vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files on the server.
VAR-202006-1912 No CVE Advantech WebAccess/SCADA has command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). Advantech WebAccess/SCADA has a command execution vulnerability that an attacker can use to execute malicious code.
VAR-202006-1889 No CVE Advantech WebAccess/SCADA has a denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Chinese company Advantech (Advantech). There is a denial of service vulnerability in Advantech WebAccess/SCADA, which can be exploited by an attacker to cause the program to crash.
VAR-202006-1918 No CVE WideField2 has command execution vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
WideField2 is a PLC programming software developed by Yokogawa Electric Group. WideField2 has a command execution vulnerability, which can be exploited by attackers to gain server permissions.
VAR-202006-0319 CVE-2020-12021 OSIsoft Made PI Web API 2019 Cross-site scripting vulnerability in CVSS V2: 6.0
CVSS V3: 9.0
Severity: CRITICAL
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. PI Web API Is PI System Used when accessing RESTful The interface. This product supports client applications to read and write access to its AF and PI data via HTTPS
VAR-202006-0317 CVE-2020-11999 Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in CVSS V2: 5.5
CVSS V3: 8.1
Severity: Critical
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility
VAR-202006-0362 CVE-2020-12003 Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in CVSS V2: 5.0
CVSS V3: 7.5
Severity: Critical
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility
VAR-202006-0364 CVE-2020-12005 Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in CVSS V2: 7.8
CVSS V3: 7.5
Severity: Critical
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility