Siemens PROFINET Stack Integrated on Interniche Stack Denial of Service Vulnerability

The SIMATIC S7-400 CPU series is designed for process control in industrial environments.The SIMATIC S7-300 CPU series is designed for discrete and continuous control in industrial environments.The SIMATIC S7-1500 CPU series is designed for discrete and continuous control in industrial...

Iteris Vantage Velocity Field Unit Cross-Site Scripting Vulnerability

The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. A cross-site scripting vulnerability exists in all parameters of the Start Data Viewer function of the /cgi-bin/loaddata.py script in the Iteris Vantage Velocity Field Unit version 2.4.2. The vulnerability ste...

An unspecified vulnerability exists in the Iteris Vantage Velocity Field Unit.

The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. A security vulnerability exists in the Iteris Vantage Velocity Field Unit version 2.3.1 and 2.4.2, which originates from a program that assigns global writable privileges to the /root/cleardata.pl and...

CVE-2020-9025

Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...

Design/Logic Flaw

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

CVE-2020-9020

CVE-2020-9020 affects Iteris Vantage Velocity Field Unit firmware versions 2.3.1, 2.4.2, and 3.0. The root cause is an OS command injection via shell metacharacters entered in the NTP Server field processed by the CGI script cgi-bin/timeconfig.py. This could enable remote command execution with h...

CVE-2020-9023

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...

CVE-2020-9023

Affected product: Iteris Vantage Velocity Field Unit, firmware versions 2.3.1 and 2.4.2. Vulnerability: two undocumented accounts configured with weak credentials (bluetooth:bluetooth; eclipse:eclipse); the Bluetooth account is stated as the root password. Implication: configuration weakness that...

CVE-2020-9024

The CVE concerns Iteris Vantage Velocity Field Unit, versions 2.3.1 and 2.4.2. The underlying issue is world-writable permissions on two scripts: /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot). This improper permissions setup can allow unauthorized...

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

CVE-2020-9025

CVE-2020-9025 affects Iteris Vantage Velocity Field Unit, version 2.4.2. The vulnerability is a class of stored XSS occurring in all parameters of the Start Data Viewer feature implemented by the /cgi-bin/loaddata.py script. The root cause is stated as a lack of proper validation of client-side d...

Siemens SIMATIC Compact Field Unit PA Edition PROFINET Interface Detection

Binary data 765350.prm...