VARIoT IoT vulnerabilities database

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 MS3000 Migration Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. MS3000 Migration Server is one of them

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18290 , CVE-2019-18291 , CVE-2019-18292 , CVE-2019-18294 , CVE-2019-18298 , CVE-2019-18299 , CVE-2019-18300 , CVE-2019-18301 , CVE-2019-18302 , CVE-2019-18304 , CVE-2019-18305 , CVE-2019-18306 , CVE-2019-18307 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. MS3000 Migration Server is one of them

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18289 , CVE-2019-18295 , CVE-2019-18296 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18308 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 MS3000 Migration Server Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. MS3000 Migration Server is one of them

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. Advantech WebAccess Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of HMI / SCADA software based on browser architecture by Advantech of Taiwan, China. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess versions prior to 8.4.3. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC(R) Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel NUC 8 Mainstream Game Kit and so on are a small desktop computer of Intel Corporation of the United States. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18291 , CVE-2019-18292 , CVE-2019-18294 , CVE-2019-18298 , CVE-2019-18299 , CVE-2019-18300 , CVE-2019-18301 , CVE-2019-18302 , CVE-2019-18303 , CVE-2019-18304 , CVE-2019-18305 , CVE-2019-18306 , CVE-2019-18307 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Application Server is one of the application servers that provides the main system services, including access control, data distribution to thin clients, and archiving. There is a security vulnerability in the Siemens SPPA-T3000 Application Server

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. Omron PLC CJ and Omron PLC CS The series contains an unspecified vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Omron PLC CJ and CS series is the PLC of Omron. An attacker could exploit this vulnerability with a specially crafted request to bypass access restrictions to control locking

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. MS3000 Migration Server is one of them

This vulnerability allows network-adjacent attackers to disclose sensitive information on vulnerable installations of NETGEAR AC1200 Smart WiFi Router. Authentication is required to exploit this vulnerability.The specific flaw exists within the storage of administrator credentials. The credentials are stored in a recoverable format making them subject to password reuse attacks. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC(R) Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel NUC 8 Mainstream Game Kit and so on are a small desktop computer of Intel Corporation of the United States

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) FPGA SDK for OpenCL(TM) Pro Edition Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel FPGA SDK for OpenCL Pro is a software development toolkit for building OpenCL applications developed by Intel Corporation. The Linux kernel driver is one of the drivers for the Linux platform. The Linux kernel driver in versions prior to Intel FPGA SDK for OpenCL Pro 19.4 has a code issue vulnerability. A local attacker could exploit this vulnerability to cause a denial of service

Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access. A local attacker could exploit this vulnerability to elevate privileges

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming. A code issue vulnerability exists in the FPGA kernel driver in versions prior to Intel Quartus Prime Pro 19.3. A local attacker could exploit this vulnerability to cause a denial of service

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus Prime Pro Edition Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming. There is a security vulnerability in the installer of the License Server in versions prior to Intel Quartus Prime Pro 19.3. A local attacker could exploit this vulnerability to elevate privileges

Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Control Center-I Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Intel Control Center-I 2.1.0.0 and earlier versions. A local attacker could exploit this vulnerability to elevate privileges

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Messaging Gateway Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18317 and CVE-2019-18318 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants