VARIoT latest news about IoT security

Critical Infrastructure at Risk from New Vulnerabilities Found in Industrial IoT Devices - UMBRA \| Nation State Threat Intelligence, Pre-Crime, Cyberdefense, Encrypted Comms, Intelligence Platorms, MIlitary AI, Predictive Analytics Trust: 3.25 Fetched: Feb. 15, 2023, 9:21 a.m., Published: Feb. 14, 2023, midnight	Vulnerabilities: code execution, denial of service

Affected products

External IDs

vendor:	cisco	model:	ip phones
vendor:	cisco	model:	access points

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution Trust: 3.5 Fetched: Feb. 15, 2023, 9:21 a.m., Published: Feb. 8, 2023, midnight	Vulnerabilities: code execution

Affected products	External IDs

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers Trust: 4.75 Fetched: Feb. 15, 2023, 9:20 a.m., Published: Feb. 4, 2023, 5:30 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-21974

Apple users should install latest security updates to fix vulnerability, Latest Tech News - The New Paper Trust: 3.0 Fetched: Feb. 15, 2023, 9:20 a.m., Published: Feb. 14, 2023, 12:53 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air

Apple patches zero-day flaw affecting iPhones, iPads, and Macs Related entries in the VARIoT vulnerabilities database: VAR-202302-1097 Trust: 6.0 Fetched: Feb. 15, 2023, 9:19 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2023-23529

“Understanding IoT Device Vulnerabilities and Hacking Threats” - Qodeit Trust: 3.0 Fetched: Feb. 15, 2023, 9:18 a.m., Published: Feb. 9, 2023, 8:03 a.m.	Vulnerabilities: -

Affected products	External IDs

Apple users should install latest security updates to fix vulnerability: SingCert \| The Straits Times Trust: 3.0 Fetched: Feb. 15, 2023, 9:16 a.m., Published: Feb. 14, 2023, 12:19 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	safari

CSW's Threat Intelligence - January 30, 2022 - February 3, 2022 Related entries in the VARIoT vulnerabilities database: VAR-202212-1751, VAR-202302-0029 Trust: 5.5 Fetched: Feb. 15, 2023, 9:15 a.m., Published: Jan. 30, 2023, midnight	Vulnerabilities: access control flaw, code execution, sql injection...

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-31710, CVE-2022-21587, CVE-2022-47966, CVE-2023-22952, CVE-2022-0543, CVE-2022-42856, CVE-2022-31704, CVE-2022-34689, CVE-2017-11357, CVE-2022-38023, CVE-2022-31711, CVE-2023-24055, CVE-2022-27596, CVE-2021-4034, CVE-2022-31706, CVE-2023-22374, CVE-2022-27925, CVE-2022-37042

Apple issues emergency security updates for all of its platforms - update your iPhone, iPad and Mac Now \| Tom's Guide Related entries in the VARIoT vulnerabilities database: VAR-202302-1097 Trust: 3.75 Fetched: Feb. 15, 2023, 9:15 a.m., Published: Feb. 14, 2023, 3:07 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	imac
vendor:	apple	model:	macbook
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air

db:

NVD

ids:

CVE-2023-23529

Apple patches two dangerous zero-day vulnerabilities - Techzine Europe Related entries in the VARIoT vulnerabilities database: VAR-202302-1097, VAR-202302-1169 Trust: 3.75 Fetched: Feb. 15, 2023, 9:15 a.m., Published: Feb. 14, 2023, 9:38 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2023-23529, CVE-2023-23514

Apple iOS Brings Vulnerabilities: Have you updated your iPhone? - Texaport Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 3.5 Fetched: Feb. 15, 2023, 9:14 a.m., Published: Dec. 14, 2022, 2:08 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-42856

Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers - SecurityWeek Trust: 3.75 Fetched: Feb. 15, 2023, 9:13 a.m., Published: Nov. 16, 2022, midnight	Vulnerabilities: control bypass

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	realtek	model:	realtek sdk

Vulnerabilities open Korenix JetWave industrial networking devices to attack - Help Net Security Trust: 3.0 Fetched: Feb. 15, 2023, 9:13 a.m., Published: Feb. 13, 2023, 2:24 p.m.	Vulnerabilities: command injection, default credentials, request forgery...

Affected products	External IDs

Apple's iOS and macOS have a nasty vulnerability, so update now \| Mashable Trust: 3.75 Fetched: Feb. 15, 2023, 9:13 a.m., Published: Feb. 14, 2023, 1:07 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	safari

Vulnerability in QTS and QuTS hero - Security Advisory \| QNAP (IN) Trust: 3.25 Fetched: Feb. 12, 2023, 9:14 a.m., Published: Feb. 2, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Security Advisory - Unauthorized device timestamp modification vulnerability exists in some Dahua embedded products Trust: 3.75 Fetched: Feb. 12, 2023, 9:12 a.m., Published: May 12, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dahua	model:	sd5a
vendor:	dahuasecurity	model:	sd5a

db:

NVD

ids:

CVE-2022-30564

Thousands of Sophos Firewall devices at risk of RCE attacks \| SC Media Trust: 3.25 Fetched: Feb. 12, 2023, 9:11 a.m., Published: Jan. 18, 2023, 6:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

sophos

model:

firewall

Siemens S7-1500 CPU devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 3.5 Fetched: Feb. 12, 2023, 9:10 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	cpu 1512sp-1 pn
vendor:	siemens	model:	cpu 1515t-2 pn
vendor:	siemens	model:	cpu 1515-2
vendor:	siemens	model:	simatic s7-1500 cpu 1512c
vendor:	siemens	model:	cpu 1513pro f-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1513f-1 pn
vendor:	siemens	model:	cpu 1513r-1 pn
vendor:	siemens	model:	cpu 1515tf-2 pn
vendor:	siemens	model:	cpu 1516f-3
vendor:	siemens	model:	cpu 1513f-1 pn
vendor:	siemens	model:	cpu 1516pro-2 pn
vendor:	siemens	model:	cpu 1511c-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1516-3 pn
vendor:	siemens	model:	cpu 1512sp f-1 pn
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-1500 cpu 1518-4 pn
vendor:	siemens	model:	cpu 1515f-2
vendor:	siemens	model:	simatic s7-1500 cpu 1518
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	simatic s7-1500 cpu 1511f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511-1 pn
vendor:	siemens	model:	cpu 1507d tf
vendor:	siemens	model:	cpu 1516pro f-2 pn
vendor:	siemens	model:	cpu 1513-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515f-2 pn
vendor:	siemens	model:	cpu 1504d tf
vendor:	siemens	model:	simatic
vendor:	siemens	model:	cpu 1512c-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511c
vendor:	siemens	model:	cpu 1515r-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1513-1 pn
vendor:	siemens	model:	cpu 1516-3
vendor:	siemens	model:	simatic s7-1500 cpu 1517-3 pn
vendor:	siemens	model:	s7-1500 cpu

db:

NVD

ids:

CVE-2022-38773

Lazarus campaign exploits unpatched Zimbra devices, targets medical data \| SC Media Trust: 3.0 Fetched: Feb. 12, 2023, 9:10 a.m., Published: Feb. 2, 2023, 6:18 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41352

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - AI Home Security Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630 Trust: 4.75 Fetched: Feb. 10, 2023, 11:25 a.m., Published: Feb. 9, 2023, 9:31 p.m.	Vulnerabilities: information disclosure, code execution, command injection...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

VARIoT news about IoT security