Sign-up

VARIoT news about IoT security

Cyble Warns: ICS Vulnerability Puts Patient Monitors At Risk

Trust: 3.75

Fetched: Feb. 14, 2025, 9:34 a.m., Published: Feb. 12, 2025, 9:14 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-0626, CVE-2024-12248, CVE-2025-0683

Patch Tuesday - February 2025 | Rapid7 Blog

Trust: 5.5

Fetched: Feb. 14, 2025, 9:32 a.m., Published: Feb. 11, 2025, 9:30 p.m.
 Vulnerabilities: feature bypass, code execution, denial of service...
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2025-21420, CVE-2025-21419, CVE-2025-21201, CVE-2025-21392, CVE-2025-0451, CVE-2025-21406, CVE-2025-21177, CVE-2025-21391, CVE-2025-21206, CVE-2024-38193, CVE-2025-24039, CVE-2025-21400, CVE-2025-21377, CVE-2025-21351, CVE-2025-21418, CVE-2025-21407, CVE-2025-21283, CVE-2025-21267, CVE-2025-21387, CVE-2025-21394, CVE-2025-21208, CVE-2025-21198, CVE-2025-21200, CVE-2025-21352, CVE-2025-21190, CVE-2025-21347, CVE-2025-21397, CVE-2025-21254, CVE-2025-21379, CVE-2025-21414, CVE-2025-21368, CVE-2025-21371, CVE-2025-21308, CVE-2025-21188, CVE-2025-21212, CVE-2025-21342, CVE-2025-21383, CVE-2025-21182, CVE-2025-21373, CVE-2025-21349, CVE-2025-21408, CVE-2025-24036, CVE-2025-21216, CVE-2025-21367, CVE-2025-24042, CVE-2025-21184, CVE-2025-21259, CVE-2025-21410, CVE-2025-21350, CVE-2025-21322, CVE-2025-21279, CVE-2025-21179, CVE-2025-21375, CVE-2025-21359, CVE-2025-21194, CVE-2025-21390, CVE-2025-21337, CVE-2025-21369, CVE-2025-0444, CVE-2025-21253, CVE-2025-21381, CVE-2025-21404, CVE-2023-32002, CVE-2025-21358, CVE-2025-21183, CVE-2025-21181, CVE-2025-21386, CVE-2025-21376, CVE-2025-0445

CVE-2025-1070 - Apache Device Unrestricted File Upload Vulnerability - مدیریت منیج سرور ثبت دامنه

Trust: 5.0

Fetched: Feb. 14, 2025, 9:31 a.m., Published: Feb. 13, 2025, 7:40 a.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-1070

Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications

Trust: 4.25

Fetched: Feb. 14, 2025, 9:30 a.m., Published: Feb. 12, 2025, 9 a.m.
 Vulnerabilities: certificate validation vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-11621, CVE-2025-1193

CVE-2025-0110 PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin

Trust: 4.5

Fetched: Feb. 14, 2025, 9:30 a.m., Published: Feb. 12, 2025, 5 p.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-0110

CVE-2024-11345 : Heap-Based Memory Vulnerability in Lexmark Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 14, 2025, 9:28 a.m., Published: Feb. 13, 2025, 6:46 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark
db: NVD ids: CVE-2024-11345

Microsoft Patch Tuesday February 2025 - 61 Vulnerabilities Fixed, 3 Were Actively Exploited in The Wild

Trust: 5.5

Fetched: Feb. 14, 2025, 9:28 a.m., Published: Feb. 11, 2025, 6:47 p.m.
 Vulnerabilities: feature bypass, code execution, denial of service...
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2025-21420, CVE-2025-21419, CVE-2025-21201, CVE-2025-21392, CVE-2025-21406, CVE-2025-21391, CVE-2025-21206, CVE-2025-24039, CVE-2025-21400, CVE-2025-21351, CVE-2025-21377, CVE-2025-21418, CVE-2025-21407, CVE-2023-24932, CVE-2025-21387, CVE-2025-21176, CVE-2025-21394, CVE-2025-21208, CVE-2025-21198, CVE-2025-21352, CVE-2025-21200, CVE-2025-21190, CVE-2025-21347, CVE-2025-21397, CVE-2025-21254, CVE-2025-21379, CVE-2025-21414, CVE-2025-21368, CVE-2025-21371, CVE-2025-21188, CVE-2025-21212, CVE-2025-21383, CVE-2025-21182, CVE-2025-21373, CVE-2025-21349, CVE-2025-21178, CVE-2025-24036, CVE-2025-21216, CVE-2025-21367, CVE-2025-24042, CVE-2025-21184, CVE-2025-21259, CVE-2025-21172, CVE-2025-21410, CVE-2025-21350, CVE-2025-21179, CVE-2025-21322, CVE-2025-21375, CVE-2025-21359, CVE-2025-21194, CVE-2025-21390, CVE-2025-21337, CVE-2025-21369, CVE-2025-21381, CVE-2025-21183, CVE-2023-32002, CVE-2025-21358, CVE-2025-21181, CVE-2025-21386, CVE-2025-21376

Siemens RUGGEDCOM APE1808 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202501-2383, VAR-202501-1996

Trust: 5.5

Fetched: Feb. 14, 2025, 9:27 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: integer overflow, path traversal
Affected productsExternal IDs
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2024-46665, CVE-2024-46670, CVE-2024-36504, CVE-2024-52963, CVE-2024-48884, CVE-2024-46666, CVE-2024-54021, CVE-2024-48885, CVE-2024-46669, CVE-2024-46668

The Impact of the Fortinet Vulnerability | January 2025

Trust: 6.0

Fetched: Feb. 14, 2025, 9:27 a.m., Published: Jan. 14, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2025-24472, CVE-2024-55591

CVE-2024-11344 : Type Confusion Vulnerability in Lexmark Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 14, 2025, 9:26 a.m., Published: Feb. 13, 2025, 6:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark
db: NVD ids: CVE-2024-11344

ORing IAP-420 Security Vulnerabilities: Threats & Mitigation for Windows Users | Windows Forum

Trust: 3.5

Fetched: Feb. 14, 2025, 9:25 a.m., Published: -
 Vulnerabilities: information exposure, command injection, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-5411, CVE-2024-5410

CVE-2025-24836 : Denial of Service Vulnerability in Qardio's Medical Device via Unencrypted Bluetooth | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 14, 2025, 9:25 a.m., Published: Feb. 13, 2025, 9:55 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-24836

Microsoft Surface CVE-2025-21194: Understanding the Security Bypass Vulnerability | Windows Forum

Trust: 4.75

Fetched: Feb. 14, 2025, 9:24 a.m., Published: May 14, 2025, midnight
 Vulnerabilities: feature bypass, security bypass, security feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-21194

Siemens SIPROTEC 5 Vulnerability: Security Risks for Windows Environments | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-202502-0199

Trust: 3.5

Fetched: Feb. 14, 2025, 9:24 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: siprotec
vendor: siemens model: cp100
vendor: siemens model: cp300
vendor: siemens model: cp200
vendor: siemens model: siprotec 5
db: NVD ids: CVE-2024-53651

OpenSSH Vulnerabilities - Technical Support - Toradex Community

Trust: 3.25

Fetched: Feb. 14, 2025, 9:24 a.m., Published: Feb. 13, 2025, 8:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39894

Siemens SIPROTEC 5 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202502-0263

Trust: 4.5

Fetched: Feb. 14, 2025, 9:23 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: siemens model: cp300
vendor: siemens model: siprotec
vendor: siemens model: siprotec 5
db: NVD ids: CVE-2024-54015

Protect iOS from CVE-2025-24200: USB Security Guide

Trust: 4.25

Fetched: Feb. 14, 2025, 9:22 a.m., Published: Feb. 11, 2025, midnight
 Vulnerabilities: authorization issue, authorization flaw
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: software update
db: NVD ids: CVE-2025-24200

Researcher Details Fortinet FortiOS Vulnerabilities Allowing DoS & RCE Attacks

Trust: 3.0

Fetched: Feb. 14, 2025, 9:22 a.m., Published: Feb. 11, 2025, 4:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-46666, CVE-2024-46668

Mirai Botnet Exploiting Router Vulnerabilities to Gain Complete Device Control

Related entries in the VARIoT vulnerabilities database: VAR-202403-0576, VAR-202412-2441, VAR-202407-2637, VAR-202401-2141, VAR-202401-2259

Trust: 4.5

Fetched: Feb. 14, 2025, 9:22 a.m., Published: Feb. 12, 2025, 1:25 p.m.
 Vulnerabilities: os command injection, command injection, authentication bypass
Affected productsExternal IDs
vendor: tenda model: router
vendor: four-faith model: four-faith
vendor: draytek model: routers
vendor: draytek model: vigor2960
vendor: draytek model: vigor300b
db: NVD ids: CVE-2024-9916, CVE-2024-9644, CVE-2024-2353, CVE-2024-12987, CVE-2024-41473, CVE-2024-24329, CVE-2024-24328

CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface

Trust: 3.5

Fetched: Feb. 14, 2025, 9:21 a.m., Published: Feb. 12, 2025, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-0111