Sign-up

VARIoT news about IoT security

Cisco Issues Warning on Security Flaws in Routers | MG|Computer, Inc.

Trust: 3.0

Fetched: Jan. 20, 2023, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: rv082
vendor: cisco model: small business
vendor: cisco model: rv042g
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: routers
vendor: cisco model: rv042

Has adoption of “connected devices” outpaced security? - Techgoondu Techgoondu

Trust: 3.0

Fetched: Jan. 20, 2023, 9:22 a.m., Published: Jan. 19, 2023, 10:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks | Vumetric Cyber Portal

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 6.0

Fetched: Jan. 20, 2023, 9:22 a.m., Published: Jan. 20, 2023, midnight
 Vulnerabilities: code execution, authentication bypass, code injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2022-3236

The prevalence of RCE exploits and what you should know about RCEs | Tripwire

Trust: 4.5

Fetched: Jan. 20, 2023, 9:21 a.m., Published: Jan. 17, 2023, midnight
 Vulnerabilities: improper access control, code execution, privilege escalation...
Affected productsExternal IDs
vendor: imperva model: web application firewall

Cisco CX Cloud Agent Privilege Escalation Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202301-1328, VAR-202301-1814

Trust: 5.25

Fetched: Jan. 20, 2023, 9:20 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-20043, CVE-2023-20044

Hackers are using device monitoring software Cacti to install malware | TechRadar

Trust: 5.0

Fetched: Jan. 20, 2023, 9:19 a.m., Published: Jan. 17, 2023, 7 p.m.
 Vulnerabilities: command injection, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-46169

Vulnerability Management Standard | Office of the Vice Chancellor for IT and Chief Information Officer | University of Colorado Boulder

Trust: 3.0

Fetched: Jan. 20, 2023, 9:18 a.m., Published: Nov. 18, 2022, 12:52 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202212-1313, VAR-202212-1311, VAR-202212-1314, VAR-202212-1312

Trust: 4.75

Fetched: Jan. 20, 2023, 9:18 a.m., Published: Jan. 13, 2023, midnight
 Vulnerabilities: improper validation, denial of service
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500 software controller
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: simatic s7-1500
vendor: siemens model: s7-1200 cpu
vendor: siemens model: et 200sp open controller
vendor: siemens model: simatic et 200sp
vendor: siemens model: simatic s7-plcsim
vendor: siemens model: s7-1500 cpu
vendor: siemens model: simatic s7-plcsim advanced
vendor: siemens model: tim 1531 irc
vendor: siemens model: simatic et 200sp open controller
vendor: siemens model: simatic drive controller family
vendor: siemens model: simatic et 200sp open
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc2
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: simatic
vendor: siemens model: simatic et
vendor: siemens model: simatic s7-1500 cpu family
vendor: siemens model: simatic s7-1200
db: NVD ids: CVE-2021-40365, CVE-2021-44693, CVE-2021-44695, CVE-2021-44694

Apple iOS < 16.1.2 Vulnerability (HT213516) | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 4.25

Fetched: Jan. 20, 2023, 9:18 a.m., Published: Jan. 16, 2002, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone_os
db: NVD ids: CVE-2022-42856

Hacker Fails for the Win

Trust: 3.0

Fetched: Jan. 20, 2023, 9:17 a.m., Published: Dec. 8, 2022, 1:55 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Trust: 3.75

Fetched: Jan. 20, 2023, 9:16 a.m., Published: Jan. 18, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome

The Journey to 300,000 Vulnerabilities: The Good, The Bad, and The Bizarre | Flashpoint

Trust: 3.5

Fetched: Jan. 20, 2023, 9:16 a.m., Published: Nov. 21, 2022, 4:48 p.m.
 Vulnerabilities: cross-site request forgery, cross-site scripting, buffer overflow...
Affected productsExternal IDs

How to Protect Your Apple Devices From a 0-Day Type Confusion Vulnerability in iOS, iPadOS, macOS, tvOS, and Safari Web Browser - The Sec Master

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 4.75

Fetched: Jan. 20, 2023, 9:15 a.m., Published: Dec. 15, 2022, 10:30 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: iphone
vendor: apple model: mac os
vendor: apple model: mac os x
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: macos
db: NVD ids: CVE-2022-42856

Cisco's patch day plugs six vulnerabilities - Security - iTnews

Related entries in the VARIoT vulnerabilities database: VAR-202211-0352, VAR-202211-0677, VAR-202211-0485, VAR-202211-0351

Trust: 5.75

Fetched: Jan. 20, 2023, 9:13 a.m., Published: Jan. 5, 2023, midnight
 Vulnerabilities: cross-site request forgery, improper access control, privilege escalation...
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: evolved programmable network manager
vendor: cisco model: sd-wan vmanage software
vendor: cisco model: email security appliance
vendor: cisco model: sd-wan vmanage
vendor: cisco model: iot field network director
vendor: cisco model: identity services engine
db: NVD ids: CVE-2022-20961, CVE-2022-20951, CVE-2022-20867, CVE-2022-20956, CVE-2022-20868, CVE-2022-20958

Vulnerabilities found affecting OT products from German companies Festo and CODESYS - The Record from Recorded Future News

Trust: 3.0

Fetched: Jan. 20, 2023, 9:13 a.m., Published: Nov. 29, 2022, 5:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: codesys model: codesys

Fortinet SSL-VPN RCE Vulnerability (CVE-2022-40684) Exploited In The Wild - Blumira

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.25

Fetched: Jan. 20, 2023, 9:13 a.m., Published: Dec. 13, 2022, 2:34 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: node.js model: node.js
db: NVD ids: CVE-2022-40684

ICS vulnerabilities found in Siemens, Sewio, InHand Networks, SAUTER Controls, Hitachi Energy, Johnson Controls hardware - Industrial Cyber

Trust: 4.25

Fetched: Jan. 20, 2023, 9:12 a.m., Published: Jan. 16, 2023, 2:37 p.m.
 Vulnerabilities: cross-site request forgery, improper access control, cross-site scripting...
Affected productsExternal IDs
vendor: siemens model: automation license manager
vendor: siemens model: s7-1500 cpu

WAGO fixes config export flaw threatening data leak from industrial devices | The Daily Swig

Related entries in the VARIoT vulnerabilities database: VAR-202301-1424

Trust: 4.75

Fetched: Jan. 20, 2023, 9:11 a.m., Published: Jan. 18, 2023, 3:34 p.m.
 Vulnerabilities: command injection, path traversal
Affected productsExternal IDs
vendor: wago model: pfc200
vendor: wago model: series pfc100
vendor: wago model: pfc100
vendor: wago model: series
db: NVD ids: CVE-2022-3738

OpenSSL update patches high-severity vulnerabilities | Venafi

Trust: 4.5

Fetched: Jan. 20, 2023, 9:11 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: buffer overflow, code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-3786, CVE-2022-3602

A security vulnerability requiring immediate updates to your Apple devices (Dec 2022) - NUS Information Technology

Trust: 3.0

Fetched: Jan. 20, 2023, 9:10 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: macos
vendor: apple model: watch