VARIoT IoT vulnerabilities database

Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. There is a security hole in WAGO PFC 200

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation

Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products. Huawei USG6000V Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Huawei USG6000V is a virtual service gateway product based on Network Function Virtualization (NFV) of China's Huawei company. Huawei USG6000V V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have security vulnerabilities. Remote attackers can use this vulnerability to cause service anomalies

Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html. plural Intel(R) The product contains a vulnerability related to information leakage.Information may be obtained. There are security vulnerabilities in several Intel products, which originate from the fact that the program does not forward data correctly in the data cache. The following products and versions are affected: Intel Xeon Processor D-1518; Xeon Processor D-1519; Xeon Processor D-1521; Xeon Processor D-1527; Xeon Processor D-1528; Xeon Processor D-1529; Xeon Processor D-1533, etc

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RPT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks. SiNVR 3 is a video management platform

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. plural Lexmark A path traversal vulnerability exists in the device.Information may be obtained. Lexmark CX410 is a printer of Lexmark Corporation. Attackers can use this vulnerability to access sensitive files

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. SAP NetWeaver UDDI Server (Services Registry) Exists in a past traversal vulnerability.Information may be obtained and tampered with

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled. SiNVR 3 Central Control Server (CCS) and Video Server Exists in a past traversal vulnerability.Information may be obtained and information may be tampered with. SiNVR 3 is a video management platform. SiNVR 3 has a path traversal vulnerability in its implementation

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the plaintext storage of important information.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems. A number of Rockwell Automation products have information disclosure vulnerabilities. The vulnerability stems from the fact that the program writes the authentication data to the project file in clear text. The attacker can use this vulnerability to obtain SMTP server authentication data

A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1). Spectrum Power 5 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Siemens Spectrum Power is a system that provides basic components for SCADA, communication and data modeling of control and monitoring systems

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-300n and SINUMERIK 840D sl Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPU is a modular general-purpose controller for the manufacturing industry from Siemens. Siemens SIMATIC S7-300 CPU and SINUMERIK Controller have a resource management error vulnerability, which can be exploited by an attacker to cause a denial of service

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests. SiNVR 3 Central Control Server (CCS) and Video Server There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. SiNVR 3 is a video management platform. SiNVR 3 has an input verification vulnerability in its implementation

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server. SiNVR 3 Central Control Server (CCS) and Video Server Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. SiNVR 3 is a video management platform

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems. Vulnerabilities in trust management issues exist in many Rockwell Automation products. The vulnerability stems from the RSLogix 500 binary file with a hard-coded encryption key used to protect the account password

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains an authentication vulnerability.Information may be obtained. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service. SiNVR 3 is a video management platform. SiNVR 3 saves the login credentials in plain text in the log file. There is an information disclosure vulnerability in the implementation. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log. Siemens' SiNVR 3 Central Control Server and SiNVR 3 Video Server contains an insufficient logging vulnerability.Information may be tampered with. SiNVR 3 is a video management platform. SiNVR 3 has an insufficient security operation record in the XML-based communication protocol implementation. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements