Sign-up

VARIoT news about IoT security

A device takeover vulnerability exists in the Rockwell... · CVE-2024-12371 · GitHub Advisory Database · GitHub

Related entries in the VARIoT vulnerabilities database: VAR-202412-2454

Trust: 3.0

Fetched: Dec. 22, 2024, 9:36 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-12371

CISA Warns of 4 New Vulnerabilities Exploited in the Wild

Related entries in the VARIoT vulnerabilities database: VAR-202201-2026, VAR-201904-1024, VAR-202201-0642, VAR-201808-0424

Trust: 5.5

Fetched: Dec. 22, 2024, 9:35 a.m., Published: Dec. 19, 2024, 9:50 a.m.
 Vulnerabilities: command injection, os command injection, authentication flaw
Affected productsExternal IDs
vendor: reolink model: rlc-511w
vendor: reolink model: c2 pro
vendor: reolink model: rlc-410w
vendor: reolink model: c1 pro
vendor: reolink model: rlc-422w
vendor: nuuo model: nvrmini 2
vendor: nuuo model: nvrmini
db: NVD ids: CVE-2022-23227, CVE-2019-11001, CVE-2021-40407, CVE-2018-14933

Apache Struts Vulnerability CVE-2024-53677 - in the Identity Management Suite (IGA)

Trust: 3.25

Fetched: Dec. 22, 2024, 9:30 a.m., Published: Dec. 14, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-53677

Sophos Firewall Update Resolves RCE and Privilege Escalation Vulnerabilities (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) - SOCRadar® Cyber Intelligence Inc.

Trust: 5.5

Fetched: Dec. 22, 2024, 9:28 a.m., Published: Dec. 20, 2024, 10:09 a.m.
 Vulnerabilities: sql injection, code injection, code execution...
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12728, CVE-2024-12729, CVE-2024-12727

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities | CISA

Trust: 4.5

Fetched: Dec. 22, 2024, 9:22 a.m., Published: Dec. 22, 2024, midnight
 Vulnerabilities: default credentials, denial of service, brute force attack...
Affected productsExternal IDs
vendor: unitronics model: visilogic

Secure Access 13.52

Trust: 3.25

Fetched: Dec. 22, 2024, 9:19 a.m., Published: Dec. 13, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

Trust: 3.75

Fetched: Dec. 22, 2024, 9:18 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-52564, CVE-2024-47133, CVE-2024-45841

Vulnerability Analysis of IoT Devices (IP Cameras) in Ocaña Norte de Santander | SpringerLink

Trust: 4.0

Fetched: Dec. 22, 2024, 9:17 a.m., Published: Dec. 22, 2024, midnight
 Vulnerabilities: -

Citrix NetScaler Devices Under Attack, Brute-force Attacks Exploiting Zero-days

Trust: 4.5

Fetched: Dec. 22, 2024, 9:15 a.m., Published: Dec. 13, 2024, 4:57 a.m.
 Vulnerabilities: denial of service, memory corruption
Affected productsExternal IDs
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
db: NVD ids: CVE-2024-8535, CVE-2024-8534

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202105-0073

Trust: 4.0

Fetched: Dec. 22, 2024, 9:14 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500 software controller
vendor: siemens model: simatic s7-1200
vendor: siemens model: s7-1500 cpu
vendor: siemens model: et 200sp open controller
vendor: siemens model: simatic et 200sp open controller
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: simatic s7-plcsim advanced
vendor: siemens model: simatic drive controller family
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc2
vendor: siemens model: s7-1200 cpu
vendor: siemens model: simatic s7-1500 cpu family
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic
vendor: siemens model: plc systems
vendor: siemens model: simatic et 200sp
vendor: siemens model: simatic et
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: simatic s7-plcsim
vendor: siemens model: tia portal
vendor: siemens model: simatic et 200sp open
vendor: siemens model: simatic s7-1500
db: NVD ids: CVE-2020-15782

GitHub - millersartin/Hikvision-Vulnerability-Scanner-POC: POC for hikivison devices based on the following vulnerability https://www.exploit-db.com/exploits/44328

Trust: 3.25

Fetched: Dec. 22, 2024, 9:14 a.m., Published: Dec. 11, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision

CISA Warns of Active Exploitation of Critical Array Networks Vulnerability

Trust: 4.25

Fetched: Dec. 20, 2024, 10:01 a.m., Published: Nov. 26, 2024, 10:01 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-28461

Update Canonical Ubuntu Desktop: USN-7154-1: Linux kernel vulnerabilities

Trust: 3.25

Fetched: Dec. 20, 2024, 9:58 a.m., Published: Jan. 20, 7154, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7158-1: Smarty vulnerabilities

Trust: 6.0

Fetched: Dec. 20, 2024, 9:58 a.m., Published: Jan. 20, 7158, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2018-25047, CVE-2023-28447, CVE-2024-35226

Update Canonical Ubuntu Server: USN-7089-6: Linux kernel vulnerabilities

Trust: 3.75

Fetched: Dec. 20, 2024, 9:56 a.m., Published: June 20, 7089, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: alsa model: alsa
db: NVD ids: CVE-2024-25741

Cyware Daily Threat Intelligence, December 19, 2024 - Dec 19, 2024 | Cyware

Related entries in the VARIoT vulnerabilities database: VAR-202412-2453

Trust: 4.0

Fetched: Dec. 20, 2024, 9:56 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2024-48889, CVE-2024-50570, CVE-2024-51479, CVE-2023-34990

Patch Tuesday - December 2024 - Cyber Security Review

Trust: 4.5

Fetched: Dec. 20, 2024, 9:53 a.m., Published: Dec. 10, 2024, 11 a.m.
 Vulnerabilities: code execution, certificate validation vulnerability
Affected productsExternal IDs
vendor: qnap model: helpdesk
vendor: sonicwall model: sma100
vendor: sonicwall model: netextender
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: remote access
vendor: apple model: software update
vendor: apple model: safari
db: NVD ids: CVE-2024-48865, CVE-2024-29014, CVE-2024-12356

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

Trust: 3.75

Fetched: Dec. 20, 2024, 9:53 a.m., Published: Dec. 17, 2024, 7:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-50623, CVE-2024-55956

آسیب پذیری بحرانی OpenWrt منجر به تزریق فریمور مخرب به دستگاه‌ها می‌شود - Vulnerbyte

Trust: 3.0

Fetched: Dec. 20, 2024, 9:52 a.m., Published: Dec. 17, 2024, 1:06 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-5414, CVE-2024-54143

Breached but not broken.

Related entries in the VARIoT vulnerabilities database: VAR-202412-2453

Trust: 5.25

Fetched: Dec. 20, 2024, 9:51 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: default credentials, path traversal, command injection...
Affected productsExternal IDs
vendor: google model: chrome
vendor: check point model: check point
vendor: tp-link model: routers
db: NVD ids: CVE-2024-48889, CVE-2024-46873, CVE-2023-34990