Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Volume of attacks on network devices shows need to replace end of life devices quickly - Source: www.csoonline.com - CISO2CISO.COM & CYBER SECURITY GROUP

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202404-0069

Trust: 4.5

Fetched: April 29, 2025, 9:53 a.m., Published: April 1, 2025, 6:03 p.m.
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
vendor: check point model: check point
vendor: cisco model: routers
vendor: cisco systems model: routers
db: NVD ids: CVE-2024-3273, CVE-2023-26801, CVE-2022-30023, CVE-2024-3272, CVE-2023-38035, CVE-2024-24919

Update Canonical Ubuntu Server: USN-7261-2: Vim vulnerability

Trust: 5.25

Fetched: April 29, 2025, 9:51 a.m., Published: Feb. 28, 7261, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Kaspersky Threats

Trust: 3.0

Fetched: April 29, 2025, 9:51 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel

Update Canonical Ubuntu Server: USN-7414-1: XZ Utils vulnerability

Trust: 4.25

Fetched: April 29, 2025, 9:50 a.m., Published: Jan. 29, 7414, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

CISA Releases 9 ICS Advisories Covering Vulnerabilities & Exploits

Trust: 4.5

Fetched: April 29, 2025, 9:49 a.m., Published: April 16, 2025, 11:05 a.m.
 Vulnerabilities: code execution, use after free, integer overflow...
Affected productsExternal IDs
vendor: delta electronics model: commgr
vendor: delta model: commgr
vendor: mitsubishi model: smartrtu
vendor: siemens model: simocode
vendor: siemens model: simatic
vendor: national instruments model: labview
vendor: national instruments model: national
vendor: mitsubishi electric model: smartrtu
db: NVD ids: CVE-2025-30280, CVE-2025-2567, CVE-2024-23814, CVE-2025-2632, CVE-2025-3128, CVE-2025-2631, CVE-2025-3232, CVE-2025-3495, CVE-2024-54092

Update Canonical Ubuntu Desktop: USN-7457-1: OpenSSH vulnerability

Trust: 3.25

Fetched: April 29, 2025, 9:48 a.m., Published: Jan. 29, 7457, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

SonicWall VPN Exploited, 16,000 Fortinet Devices Compromised | OpenVPN

Related entries in the VARIoT vulnerabilities database: VAR-202109-0375, VAR-202212-1132

Trust: 5.25

Fetched: April 29, 2025, 9:47 a.m., Published: April 29, 2025, midnight
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: sonicwall model: ssl-vpn
vendor: sonicwall model: sma100
vendor: sonicwall model: remote access
vendor: sonicwall model: sma1000
db: NVD ids: CVE-2023-27997, CVE-2024-21762, CVE-2021-20035, CVE-2022-42475

What is a Network Mapper? - GreenCloud - Affordable KVM and Windows VPS

Trust: 3.0

Fetched: April 29, 2025, 9:47 a.m., Published: April 13, 2025, 2:08 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Critical Vulnerability in Nice eMerge E3 Security Devices: What You Need to Know | Windows Forum

Trust: 3.5

Fetched: April 29, 2025, 9:46 a.m., Published: May 29, 2025, midnight
 Vulnerabilities: default credentials, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-9441

CISA flags critical ICS vulnerabilities in Siemens, Schneider Electric, ABB equipment affecting critical sectors - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202504-1085, VAR-202504-1138, VAR-202504-1081, VAR-202504-1128, VAR-202504-1127, VAR-202504-1093, VAR-202504-1086, VAR-202504-1134, VAR-202504-1106, VAR-202504-1100

Trust: 4.5

Fetched: April 29, 2025, 9:45 a.m., Published: April 23, 2025, 10:51 a.m.
 Vulnerabilities: information exposure, sql injection
Affected productsExternal IDs
vendor: trend model: security
vendor: schneider model: m580
vendor: schneider model: modicon m580
vendor: codesys model: control
vendor: codesys model: runtime
vendor: codesys model: codesys
vendor: codesys model: web server
vendor: trend micro model: security
vendor: schneider electric model: m580
vendor: schneider electric model: modicon m580
vendor: siemens model: telecontrol server basic
db: NVD ids: CVE-2025-31351, CVE-2025-30003, CVE-2024-6407, CVE-2025-31352, CVE-2025-30030, CVE-2025-31349, CVE-2025-31343, CVE-2025-27539, CVE-2025-30031, CVE-2025-30002, CVE-2025-31353, CVE-2025-32475, CVE-2025-30032, CVE-2025-29931, CVE-2025-29905, CVE-2025-31350, CVE-2025-27540, CVE-2025-27495

FastCGI Library Vulnerability Exposes Embedded Devices to Code Execution Attacks

Trust: 5.0

Fetched: April 29, 2025, 9:44 a.m., Published: April 28, 2025, 10:19 a.m.
 Vulnerabilities: code execution, buffer overflow, integer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2025-23016

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop

Trust: 3.0

Fetched: April 29, 2025, 9:41 a.m., Published: April 24, 2025, 10:57 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Critical FastCGI Vulnerability (CVE-2025-23016) Exposes Embedded Devices to Remote Code Execution - UNDERCODE NEWS

Trust: 4.5

Fetched: April 29, 2025, 9:41 a.m., Published: April 28, 2025, 12:55 p.m.
 Vulnerabilities: code execution, integer overflow, command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-23016

Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends - Blog | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416, VAR-202401-2573, VAR-202401-1629

Trust: 4.25

Fetched: April 29, 2025, 9:28 a.m., Published: April 23, 2025, 4:05 a.m.
 Vulnerabilities: access control vulnerability, sql injection, authentication vulnerability...
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks
vendor: cisco model: netscaler gateway
vendor: trend model: security
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: netscaler
vendor: citrix model: application delivery controller
vendor: sonicwall model: sonicos
vendor: palo model: pan-os
vendor: palo model: networks globalprotect
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks
db: NVD ids: CVE-2024-3400, CVE-2023-36846, CVE-2023-36851, CVE-2023-36845, CVE-2023-36847, CVE-2023-46805, CVE-2023-36844, CVE-2023-48788, CVE-2023-4966, CVE-2024-21893, CVE-2023-6548, CVE-2024-20359, CVE-2024-21887, CVE-2024-40766, CVE-2023-6549, CVE-2024-47575, CVE-2024-21762, CVE-2024-23113

Siemens Industrial Edge Devices - Cyber & Coffee

Trust: 3.5

Fetched: April 29, 2025, 9:28 a.m., Published: April 10, 2025, 4:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: scalance
vendor: siemens model: simatic
vendor: siemens model: simatic ipc127e
vendor: siemens model: simatic ipc427e
vendor: siemens model: simatic ipc847e
vendor: siemens model: siemens simatic ipc227e
vendor: siemens model: simatic ipc227e
vendor: siemens model: siemens simatic ipc847e
vendor: siemens model: siemens simatic ipc127e
vendor: siemens model: siemens simatic ipc427e
db: NVD ids: CVE-2024-54092

Netizen: April 2025 Vulnerability Review | Netizen Blog and News

Trust: 5.25

Fetched: April 29, 2025, 9:27 a.m., Published: April 25, 2025, 8:57 p.m.
 Vulnerabilities: code execution, buffer overflow, privilege escalation...
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: tvos
vendor: apple model: macos
vendor: alsa model: alsa
db: NVD ids: CVE-2025-31200, CVE-2024-53197, CVE-2024-53150, CVE-2025-29824, CVE-2025-22457

IT Vulnerability Report: VMware, Microsoft Urged To Fix

Trust: 4.5

Fetched: April 29, 2025, 9:23 a.m., Published: April 7, 2025, 5:06 p.m.
 Vulnerabilities: authentication bypass, improper access control
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2025-24201, CVE-2025-23120, CVE-2025-2783, CVE-2025-26633, CVE-2025-2825, CVE-2024-20440, CVE-2025-29927, CVE-2024-20439, CVE-2025-22230

CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability - Blog | TenableĀ®

Trust: 5.0

Fetched: April 29, 2025, 9:23 a.m., Published: April 18, 2025, 3:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-32433

Privilege Escalation Vulnerability in Chromium on Android - CVE-2025-3067

Trust: 5.75

Fetched: April 29, 2025, 9:22 a.m., Published: April 11, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2025-3067

Update Canonical Ubuntu Server: USN-7411-1: OpenVPN vulnerability

Trust: 4.25

Fetched: April 29, 2025, 9:21 a.m., Published: Jan. 29, 7411, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu