VARIoT IoT vulnerabilities database

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled. Siemens' SINEC INS contains a session expiration vulnerability.Information may be obtained and information may be tampered with

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. Siemens' SINEC INS contains resource exhaustion vulnerabilities and out-of-bounds read vulnerabilities.Service operation interruption (DoS) It may be in a state

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. Siemens' SINEC INS for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. Siemens' SINEC INS contains a vulnerability related to the use of hardcoded encryption keys.Information may be obtained

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device. Siemens' SINEC INS Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. Siemens' OZW672 firmware and OZW772 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OZW devices (web servers) are used to remotely monitor building controller devices, such as heating controls or air conditioning. Siemens OZW devices (web servers) have a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code

A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. Siemens' Spectrum Power 7 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Spectrum Power provides essential components for SCADA, communication, and data modeling for control and monitoring systems

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 SP5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 SP5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions < V17 Update 8), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and some other PLC derivatives, shipped as part of SIMATIC STEP 7. SIMATIC step7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. simmocode ES is the core software package for simmocode pro configuration, commissioning, operation and diagnostics. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in TIA Portal. TIA Portal is a PC software that provides the full range of Siemens digital automation services from digital planning and integrated engineering to transparent operation. TIA Portal Cloud makes it possible to use the main package and main option package of TIA Portal in a virtualized environment

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. D-Link Systems, Inc. of DIR-820L The firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-820L is a dual-band wireless router from D-Link, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary code

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. D-Link Systems, Inc. of dsl6740c The firmware has privilege API A vulnerability exists related to improper use of .Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China. D-Link DSL6740C has a security vulnerability

The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password. D-Link Systems, Inc. of dsl6740c The firmware contains a relative path traversal vulnerability.Information may be obtained. D-Link DSL6740C is a wireless VDSL router from D-Link, a Chinese company. D-Link DSL6740C has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in resource or file paths

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. D-Link Systems, Inc. of dsl6740c The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link, a Chinese company. D-Link DSL6740C has an operating system command injection vulnerability

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. D-Link Systems, Inc. of dsl6740c The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China. D-Link DSL6740C has an operating system command injection vulnerability

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. D-Link Systems, Inc. of dsl6740c The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China. D-Link DSL6740C has an operating system command injection vulnerability

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. D-Link Systems, Inc. of dsl6740c The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link, a Chinese company

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. D-Link Systems, Inc. of dsl6740c The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China. D-Link DSL6740C has an operating system command injection vulnerability