VARIoT IoT vulnerabilities database

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI. Siemens SINEC Traffic Analyzer has an insufficient credential protection vulnerability, which is caused by the web server storing passwords in plain text, which can be exploited by attackers to obtain access passwords

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. Siemens' sinec traffic analyzer Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized access. Siemens' sinec traffic analyzer contains a session expiration vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains. This could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300

A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. TIA Administrator is a web-based framework that can merge different functional modules to complete management tasks and manage SIMATIC software and license functions

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. PowerSys is a service program used for debugging, maintenance and diagnosis of PowerLink 50/100 or SWT 3000 devices

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. of netgear WNR614 There are unspecified vulnerabilities in the firmware.Information may be obtained and information may be tampered with

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. HCL Technologies Limited of Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Authentication is required to exploit this vulnerability.The specific flaw exists within the HTTP Inspection component. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the coreServiceShell. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

Information disclosure in Video while parsing mp2 clip with invalid section length. AQT1000 firmware, fastconnect 6200 firmware, fastconnect 6700 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Multiple Qualcomm products, such as firmware, contain vulnerabilities related to authentication.Information may be tampered with

Raisecom Technology Development Co., Ltd. is a provider of optical network products and system solutions. Raisecom iSDC of Raisecom Technology Development Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. AutomationDirect P3-550E is a programmable control system (PLC) of AutomationDirect, Inc., USA

A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability. AutomationDirect P3-550E is a programmable control system (PLC) of AutomationDirect, Inc. of the United States

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability. AutomationDirect P3-550E is a programmable control system (PLC) of AutomationDirect, Inc. of the United States

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth. TOTOLINK CP900L is a wireless router from China's TOTOLINK Electronics. There is a buffer overflow vulnerability in the TOTOLINK CP900L v4.1.5cu.798_B20221228 version. The vulnerability is caused by the password parameter of the loginAuth function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CP900L is a wireless router from China's TOTOLINK Electronics

HP DesignJet T730 is a printer. HP DesignJet T730 of HP Trading (Shanghai) Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode. TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. It is designed to provide fast and convenient NR fixed data service deployment for homes and offices. TOTOLINK NR1800X v9.1.0u.6681_B20230703 version has a buffer overflow vulnerability. The vulnerability is caused by the password parameter in the urldecode function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service