VARIoT IoT vulnerabilities database

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. There is a denial of service vulnerability in the SIEMENS SCALAN CES-600 family. An attacker could use the vulnerability to send packets to the affected device's 443 / tcp port, resulting in a denial of service situation

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. A denial of service vulnerability exists in Intel Ethernet 700 Series Controllers prior to 7.0. The vulnerability stems from insufficient input validation of the controller's i40e driver. An attacker could exploit this vulnerability to cause a denial of service

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. An attacker could exploit this vulnerability to achieve privilege escalation

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. SIMATIC S7-1200 CPU family and S7-200 SMART CPU family Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A security hole exists in the Siemens SIMATIC S7-1200 CPU. At the time of advisory publication no public exploitation of this security vulnerability was known

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an unauthorized authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service

Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) CSME and Intel(R) TXE Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in the MEInfo software in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to elevate privileges, cause a denial of service, or obtain information

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) PTT , TXE , SPS Contains a race condition vulnerability.Information may be obtained. Intel Server Platform Services (SPS) and others are products of Intel Corporation of the United States. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Platform Trust Technology (PTT) is an Intel platform trusted technology, mainly used for key management (key encryption and storage) and security authentication. Security vulnerabilities exist in subsystems in Intel PTT, Intel TXE, and Intel SPS. An attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel PTT before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.0, before 14.0.10; Intel TXE 3.1.70 Version, version 4.0.20; Intel SPS version before SPS_E5_04.01.04.305.0, version before SPS_SoC-X_04.00.04.108.0, version before SPS_SoC-A_04.00.04.191.0, version before SPS_E3_04.01.04.086.0, version before SPS_E3_04.08.04.0 previous version

Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) DAL software, Intel(R) CSME , Intel(R) TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel DAL is one of the dynamic application loaders. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME and Intel(R) TXE Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in a subsystem in Intel CSME and Intel TXE due to the program's insufficient authentication of sessions. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE before 3.1.70, before 4.0.20

Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Management Engine Consumer Drivers and TXE Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel TXE and Intel Management Engine Consumer Driver are products of Intel Corporation of the United States. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Management Engine Consumer Driver is a management engine Consumer driver. A security vulnerability exists in the installer of Intel TXE and the Intel Management Engine Consumer Driver for Windows-based platforms. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Management Engine Consumer Driver prior to 11.8.70, prior to 11.11.70, prior to 11.22.70, prior to 12.0.45, prior to 13.0.10, prior to 14.0.10; Intel TXE Versions before 3.1.70 and versions before 4.0.20

Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker in physical proximity could exploit this vulnerability to elevate privileges

Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access. Intel(R) SPS Has unspecified vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Server Platform Services (SPS) is a server platform service program of Intel Corporation. Security vulnerabilities exist in the subsystems of Intel SPS versions prior to SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0. A local attacker could exploit this vulnerability to cause a denial of service

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel There are unspecified vulnerabilities in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). INTEL-SA-00086 Detection Tool is a detection tool for detecting INTEL-SA-00086 security issues. A security vulnerability exists in several Intel products. The vulnerability is caused by the program's insufficient access control. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.0, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20; INTEL-SA-00086 Detection Tool 1.2.7.0 and earlier versions; INTEL-SA-00125 Detection Tool 1.0.45.0 and earlier versions

Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME and TXE Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Security vulnerabilities exist in subsystems in Intel CSME and Intel TXE. A local attacker could exploit this vulnerability to bypass authentication and elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20

Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access. Intel(R) AMT Contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. A subsystem in Intel AMT has a cross-site scripting vulnerability. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel AMT versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45

Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in the subsystems of Intel CSME prior to 12.0.45 and prior to 13.0.10 due to insufficient input validation. A local attacker could exploit this vulnerability to elevate privileges

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. plural Lenovo ThinkPad The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. Intel(R) Graphics Driver Contains a buffer error vulnerability.Information may be obtained. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to obtain sensitive information