VARIoT IoT vulnerabilities database

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All versions < V2412.0004), Tecnomatix Plant Simulation V2404 (All versions < V2404.0013). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions < V2.135), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions < V2.135), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions < V2.135), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions < V2.135), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions < V2.135), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions < V2.135), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions < V2.135). Affected devices contain Modbus service enabled by default. This could allow an attacker connected to the same network to remotely control the EV charger. VersiCharge AC Series electric vehicle charging station is an electric vehicle charging device launched by Siemens, which is suitable for various application scenarios, including workplaces, retail, parking lots, multi-unit residential, public charging and home charging. Siemens VersiCharge AC Series EV charger Modbus port has an arbitrary code execution vulnerability, which is caused by the Modbus service enabled by default on the affected device

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions), UL Resi High End 40A w/15118 Hw (8EM1312-4CF18-0FA3) (All versions), UL Resi High End 48A w/15118 Hw (8EM1312-5CF18-0FA3) (All versions), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions). Affected devices do not contain an Immutable Root of Trust in M0 Hardware. An attacker with physical access to the device could use this to execute arbitrary code. VersiCharge AC Series electric vehicle charging station is an electric vehicle charging device launched by Siemens, suitable for various application scenarios, including workplaces, retail, parking lots, multi-unit residential, public charging and home charging. Siemens VersiCharge AC Series EV charger M0 firmware has an arbitrary code execution vulnerability

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. SIMATIC PCS neo , SINEC NMS , SINEMA Remote Connect Client Several Siemens products, including the above, contain vulnerabilities related to out-of-bounds reading.Service operation interruption (DoS) It may be in a state

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. SIMATIC PCS neo , SINEC NMS , SINEMA Remote Connect Client Several Siemens products contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. SINEC NMS , SINEMA Remote Connect Client , totally integrated automation portal Several Siemens products, including the above, contain vulnerabilities related to out-of-bounds reading.Service operation interruption (DoS) It may be in a state

CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform of Schneider Electric of France

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. SAP of SAP NetWeaver There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in deserialization of data in the application leading to execution of arbitrary OS command on target as SAP Administrator. This vulnerability has High impact on confidentiality, integrity, and availability of the application.

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application.

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user. Siemens' OZW672 firmware and OZW772 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens' OZW672 firmware and OZW772 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Shenzhen Tenda Technology Co.,Ltd. of fh451 Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently available

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently available

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a dual-band Gigabit wireless router launched by China's Tenda. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. D-Link Systems, Inc. of di-8100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a network device that is mainly used to provide network connection and management functions. Attackers can exploit this vulnerability to execute arbitrary code

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. A3000RU firmware, A810R firmware, t10 firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state