Sign-up

VARIoT news about IoT security

Apple fixes zero-day vulnerability used in "extremely sophisticated attack" | Malwarebytes

Trust: 3.75

Fetched: Feb. 19, 2025, 9:07 a.m., Published: Feb. 11, 2025, 2:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

Dell Precision 3540 and Latitude 5400/5500 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Feb. 18, 2025, 9:26 a.m., Published: Feb. 18, 3540, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: latitude

Dell Precision 7865 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 18, 2025, 9:25 a.m., Published: Feb. 18, 7865, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

System BIOS komputerów Dell Vostro 3890 i 3690 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 18, 2025, 9:25 a.m., Published: Feb. 18, 3890, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Dell Precision 7865 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 18, 2025, 9:25 a.m., Published: Feb. 18, 7865, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

A Comprehensive Survey on the Requirements, Applications, and Future Challenges for Access Control Models in IoT: The State of the Art

Trust: 4.0

Fetched: Feb. 18, 2025, 9:21 a.m., Published: Jan. 24, 2025, midnight
 Vulnerabilities: information exposure, denial of service, access control problem
Affected productsExternal IDs
vendor: trend model: security
vendor: delegate model: delegate
vendor: google model: home

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

Trust: 3.75

Fetched: Feb. 18, 2025, 9:20 a.m., Published: Feb. 12, 2025, 8:43 a.m.
 Vulnerabilities: code injection, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-12058, CVE-2024-10644, CVE-2025-22467

Windows File Explorer Elevation Of Privilege Vulnerability(CVE-2024-38100) Exploited

Trust: 4.25

Fetched: Feb. 18, 2025, 9:17 a.m., Published: Jan. 22, 2025, 2:13 p.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2024-38100

Hyperconnectivity, Hypervulnerability: How IoT Creates More Security Risks Than Value

Trust: 5.0

Fetched: Feb. 18, 2025, 9:15 a.m., Published: Feb. 3, 2025, midnight
 Vulnerabilities: denial of service, weak password, cross-site scripting...
Affected productsExternal IDs
vendor: cherokee model: cherokee
vendor: cisco model: h
vendor: cisco model: threat response
vendor: cisco model: network access control
vendor: cisco model: routers
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: integrity
vendor: cisco systems model: h
vendor: cisco systems model: threat response
vendor: cisco systems model: network access control
vendor: cisco systems model: routers
vendor: google model: home
vendor: tesla model: model

Active Exploitation Targets Zyxel CPE Devices Due to Unpatched CVE-2024-40891 - Rewterz

Trust: 4.0

Fetched: Feb. 18, 2025, 9:14 a.m., Published: Jan. 29, 2025, 6:50 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-57728, CVE-2024-40891, CVE-2024-57727, CVE-2024-40890, CVE-2024-57726

MDR Intelligence | 2025-02-14

Trust: 4.5

Fetched: Feb. 18, 2025, 9:12 a.m., Published: Feb. 14, 2025, midnight
 Vulnerabilities: request forgery, cross-site request forgery, symbolic link attack...
Affected productsExternal IDs
db: NVD ids: CVE-2025-1247, CVE-2025-26550, CVE-2025-26547, CVE-2025-26582, CVE-2025-26569, CVE-2025-26580, CVE-2024-10763, CVE-2025-1270, CVE-2025-1094, CVE-2024-13770, CVE-2025-26572, CVE-2025-26571, CVE-2025-26577, CVE-2025-26562, CVE-2025-26552, CVE-2025-26570, CVE-2025-24903, CVE-2025-26511, CVE-2024-13606, CVE-2025-26543, CVE-2024-13346, CVE-2025-0327, CVE-2024-12011, CVE-2025-26545, CVE-2025-1070, CVE-2025-26568, CVE-2025-26549, CVE-2024-13345, CVE-2024-12013, CVE-2025-24904, CVE-2025-26578, CVE-2025-21700, CVE-2025-1058, CVE-2025-26551, CVE-2024-13182, CVE-2025-1059, CVE-2025-22480, CVE-2025-1060

PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

Trust: 4.0

Fetched: Feb. 18, 2025, 9:11 a.m., Published: Feb. 10, 2025, 7:36 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-12754

China-backed hackers continue cyberattacks on telecom companies | Cybersecurity Dive

Trust: 4.5

Fetched: Feb. 18, 2025, 9:10 a.m., Published: Feb. 13, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
db: NVD ids: CVE-2023-20198, CVE-2023-20273

FortiOS Auth Bypass Vulnerability Exploited to Gain Super-Admin Access

Trust: 4.5

Fetched: Feb. 18, 2025, 9:10 a.m., Published: Jan. 28, 2025, 4:38 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Siemens SIPROTEC 5 Vulnerability: Implications for Industrial Control Security | Windows Forum

Trust: 3.75

Fetched: Feb. 18, 2025, 9:09 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: siprotec
vendor: siemens model: siprotec 5
db: NVD ids: CVE-2024-53648

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits

Related entries in the VARIoT vulnerabilities database: VAR-202502-0112, VAR-202502-0123, VAR-202502-0124, VAR-202501-1996, VAR-202502-0189, VAR-202210-0428, VAR-202502-0263, VAR-202502-0246, VAR-202502-0188, VAR-202502-0237, VAR-202502-0122, VAR-202501-2383, VAR-202502-0191, VAR-202502-0190, VAR-202502-0121, VAR-202502-0199, VAR-202502-0219

Trust: 5.5

Fetched: Feb. 18, 2025, 9:08 a.m., Published: Feb. 14, 2025, 1:35 p.m.
 Vulnerabilities: authentication flaw, os command injection, privilege escalation...
Affected productsExternal IDs
vendor: myscada model: mypro
vendor: qardio model: qardioarm
vendor: siemens model: apogee pxc
vendor: siemens model: pcs neo
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: teamcenter
vendor: siemens model: simatic pcs
vendor: siemens model: siprotec
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: simatic ipc diagmonitor
vendor: siemens model: s7-1200 cpu
vendor: siemens model: ruggedcom
vendor: siemens model: siprotec 5
vendor: siemens model: scalance w700
vendor: siemens model: talon tc
vendor: siemens model: tia administrator
vendor: siemens model: siemens simatic pcs
vendor: siemens model: scalance
vendor: siemens model: simatic s7-1200
vendor: siemens model: simatic pcs neo
vendor: siemens model: simatic
db: NVD ids: CVE-2025-24956, CVE-2023-37482, CVE-2024-5410, CVE-2025-24811, CVE-2024-48885, CVE-2024-46666, CVE-2025-26490, CVE-2024-52963, CVE-2024-46670, CVE-2024-53648, CVE-2024-46669, CVE-2025-22896, CVE-2022-38465, CVE-2024-46668, CVE-2024-54015, CVE-2024-36504, CVE-2023-6943, CVE-2025-20615, CVE-2025-1283, CVE-2024-53977, CVE-2025-25067, CVE-2025-24861, CVE-2025-23403, CVE-2024-46665, CVE-2022-22128, CVE-2023-6942, CVE-2025-23363, CVE-2025-25281, CVE-2025-26473, CVE-2025-23421, CVE-2024-54089, CVE-2024-5411, CVE-2024-48884, CVE-2022-22127, CVE-2025-23411, CVE-2025-24836, CVE-2025-24865, CVE-2024-54090, CVE-2024-53651, CVE-2024-54021, CVE-2024-45386, CVE-2023-46604

CVE-2025-0110 PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin

Trust: 4.5

Fetched: Feb. 18, 2025, 9:08 a.m., Published: Feb. 12, 2025, 5 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2025-0110

Critical Vulnerabilities in Siemens SCALANCE W700: Implications for Windows Users | Windows Forum

Trust: 4.25

Fetched: Feb. 18, 2025, 9:07 a.m., Published: May 18, 2025, midnight
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: siemens model: scalance w700
vendor: siemens model: scalance
db: NVD ids: CVE-2022-2588

CISA Warns of Apple iOS Vulnerability Exploited in Wild

Trust: 3.75

Fetched: Feb. 18, 2025, 9:06 a.m., Published: Feb. 17, 2025, 12:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

Trust: 4.25

Fetched: Feb. 16, 2025, 9:34 a.m., Published: Feb. 15, 2025, 5:37 p.m.
 Vulnerabilities: command injection, injection attack
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2024-41710, CVE-2025-24200