Sign-up

VARIoT news about IoT security

Siemens SIPROTEC 5 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202502-0263

Trust: 4.5

Fetched: Feb. 14, 2025, 9:23 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: siemens model: cp300
vendor: siemens model: siprotec
vendor: siemens model: siprotec 5
db: NVD ids: CVE-2024-54015

Protect iOS from CVE-2025-24200: USB Security Guide

Trust: 4.25

Fetched: Feb. 14, 2025, 9:22 a.m., Published: Feb. 11, 2025, midnight
 Vulnerabilities: authorization issue, authorization flaw
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: software update
db: NVD ids: CVE-2025-24200

Researcher Details Fortinet FortiOS Vulnerabilities Allowing DoS & RCE Attacks

Trust: 3.0

Fetched: Feb. 14, 2025, 9:22 a.m., Published: Feb. 11, 2025, 4:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-46666, CVE-2024-46668

Mirai Botnet Exploiting Router Vulnerabilities to Gain Complete Device Control

Related entries in the VARIoT vulnerabilities database: VAR-202403-0576, VAR-202412-2441, VAR-202407-2637, VAR-202401-2141, VAR-202401-2259

Trust: 4.5

Fetched: Feb. 14, 2025, 9:22 a.m., Published: Feb. 12, 2025, 1:25 p.m.
 Vulnerabilities: os command injection, command injection, authentication bypass
Affected productsExternal IDs
vendor: tenda model: router
vendor: four-faith model: four-faith
vendor: draytek model: routers
vendor: draytek model: vigor2960
vendor: draytek model: vigor300b
db: NVD ids: CVE-2024-9916, CVE-2024-9644, CVE-2024-2353, CVE-2024-12987, CVE-2024-41473, CVE-2024-24329, CVE-2024-24328

CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface

Trust: 3.5

Fetched: Feb. 14, 2025, 9:21 a.m., Published: Feb. 12, 2025, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-0111

Salt Typhoon compromises telecom providers' Cisco devices | TechTarget

Trust: 5.5

Fetched: Feb. 14, 2025, 9:20 a.m., Published: Feb. 13, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: routers
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198, CVE-2023-20273

RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign

Trust: 5.5

Fetched: Feb. 14, 2025, 9:20 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198, CVE-2023-20273

NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely - Update Now

Trust: 4.0

Fetched: Feb. 14, 2025, 9:13 a.m., Published: Feb. 3, 2025, 10:54 a.m.
 Vulnerabilities: memory corruption, code execution, denial of service...
Affected productsExternal IDs

January 2025 Patch Tuesday: Updates and Analysis | CrowdStrike

Trust: 4.5

Fetched: Feb. 12, 2025, 9:33 a.m., Published: Jan. 15, 2025, 5:19 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-21298, CVE-2025-21307, CVE-2025-21186, CVE-2025-21311, CVE-2025-21297, CVE-2025-21354, CVE-2025-21296, CVE-2025-21366, CVE-2025-21309, CVE-2025-21333, CVE-2025-21308, CVE-2025-21334, CVE-2025-21294, CVE-2025-21362, CVE-2025-21295, CVE-2025-21335, CVE-2025-21395, CVE-2025-21275

CVE-2024-40890 - Zyxel DSL CPE OS Command Injection Vulnerability | ScyScan

Trust: 4.25

Fetched: Feb. 12, 2025, 9:29 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890

CVE-2024-40891 - Zyxel DSL CPE OS Command Injection Vulnerability | ScyScan

Trust: 4.25

Fetched: Feb. 12, 2025, 9:29 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Apple fixes vulnerability in USB restricted mode

Trust: 3.5

Fetched: Feb. 12, 2025, 9:28 a.m., Published: Feb. 11, 2025, 11:58 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

iOS 18.3.1 - update your iPhone right now to fix critical zero-day vulnerability | Tom's Guide

Trust: 4.75

Fetched: Feb. 12, 2025, 9:27 a.m., Published: Feb. 10, 2025, 9:18 p.m.
 Vulnerabilities: authorization issue
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

Apple has issued a statement on an iPhone vulnerability: 12 February 2025, 11:42 - news on Tengrinews.kz

Trust: 3.0

Fetched: Feb. 12, 2025, 9:27 a.m., Published: Feb. 12, 2025, 6:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone

Update Canonical Ubuntu Server: USN-7260-1: OpenRefine vulnerabilities

Trust: 5.0

Fetched: Feb. 12, 2025, 9:26 a.m., Published: Jan. 12, 7260, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-37476, CVE-2024-47880, CVE-2024-47878, CVE-2024-47882, CVE-2024-47879, CVE-2023-41887, CVE-2024-47881, CVE-2024-23833, CVE-2023-41886, CVE-2024-49760

FortiOS Security Fabric Vulnerability Allows Escaltion to Super-admin

Trust: 4.0

Fetched: Feb. 12, 2025, 9:26 a.m., Published: Feb. 11, 2025, 5:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591

Microsoft Configuration Manager Vulnerability Allows Remote Code Execution

Trust: 3.75

Fetched: Feb. 12, 2025, 9:25 a.m., Published: Jan. 20, 2025, 3:47 a.m.
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-43468

Update Canonical Ubuntu Desktop: USN-7260-1: OpenRefine vulnerabilities

Trust: 5.0

Fetched: Feb. 12, 2025, 9:25 a.m., Published: Jan. 12, 7260, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-37476, CVE-2024-47880, CVE-2024-47878, CVE-2024-47882, CVE-2024-47879, CVE-2023-41887, CVE-2024-47881, CVE-2024-23833, CVE-2023-41886, CVE-2024-49760

CVE-2025-26411 : Remote Code Execution Vulnerability in Wattsense Bridge Devices | SecurityVulnerability.io

Trust: 3.25

Fetched: Feb. 12, 2025, 9:25 a.m., Published: Feb. 11, 2025, 9:21 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-26411

Massive Brute Force Attack Targets VPN and Firewall Logins Using 2.8 Million IPs

Trust: 5.75

Fetched: Feb. 12, 2025, 9:24 a.m., Published: Feb. 10, 2025, 3:16 a.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: check point model: check point
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik
vendor: cisco model: cisco routers
vendor: cisco model: routers
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: sonicwall model: remote access
vendor: sonicwall model: netextender
vendor: huawei model: huawei
db: NVD ids: CVE-2024-8190, CVE-2025-23006