Sign-up

VARIoT news about IoT security

Security flaw in Rockwell ControlLogix 1756 devices exposed by Claroty’s Team82 - Industrial Cyber

Trust: 4.5

Fetched: Aug. 4, 2024, 9:56 a.m., Published: Aug. 2, 2024, 1:47 p.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: 1756-en2tr series
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: 1756-en2t series a
vendor: rockwell automation model: 1756-en2f series a
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: controllogix controller
vendor: rockwell automation model: 1756-en2tr series a
vendor: rockwell automation model: controllogix 5580
vendor: snort model: snort
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: 1756-en2tr series
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: 1756-en2t series a
vendor: rockwell model: 1756-en2f series a
vendor: rockwell model: controllogix
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: automation controllogix
vendor: rockwell model: controllogix controller
vendor: rockwell model: 1756-en2tr series a
vendor: rockwell model: controllogix 5580
db: NVD ids: CVE-2024-6242

Re: OpenSSL vulnerability in icls driver version 1.71.99.0 - Intel Community

Trust: 3.0

Fetched: Aug. 4, 2024, 9:54 a.m., Published: May 13, 2024, 5:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: bios

Security alert for Apple users: Govt issues 'high risk' advisory for several devices; check the full list - The Economic Times

Trust: 4.75

Fetched: Aug. 4, 2024, 9:54 a.m., Published: Aug. 20, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watchos

Best streaming devices in 2024 | Tom's Guide

Trust: 3.25

Fetched: Aug. 4, 2024, 9:52 a.m., Published: Sept. 30, 2022, 2:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: roku model: roku ultra
vendor: roku model: streaming stick
vendor: roku model: roku express
vendor: roku model: roku premiere
vendor: roku model: express
vendor: roku model: roku streaming stick
vendor: roku model: premiere
vendor: roku model: ultra
vendor: roku model: roku
vendor: amazon model: fire tv
vendor: google model: chromecast
vendor: google model: google home
vendor: google model: android
vendor: google model: home
vendor: apple model: watch
vendor: apple model: iphone
vendor: apple model: apple tv
vendor: apple model: tvos

CVE-2024-39496 - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Aug. 4, 2024, 9:52 a.m., Published: July 12, 2024, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39496

Check Point Cyber Threat Report 2024: Notable Trends, Incidents, and Insights

Trust: 3.5

Fetched: Aug. 4, 2024, 9:50 a.m., Published: July 12, 2024, 9:23 a.m.
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
vendor: check point model: check point
vendor: google model: android
vendor: checkpoint model: check point
vendor: trend model: security
vendor: tp-link model: routers

CVE-2024-33893 - Cosy+ Devices Cross-Site Scripting Vulnerability

Trust: 5.0

Fetched: Aug. 4, 2024, 9:50 a.m., Published: Aug. 2, 2024, 6:16 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-33893

The Anatomy of SLUBStick: Dissecting the Linux Vulnerability That Grants Full...

Trust: 3.25

Fetched: Aug. 4, 2024, 9:48 a.m., Published: Feb. 4, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ansible model: ansible

CVE-2024-7205 - eWeLink Cloud Service Data Exposure and Command Injection Vulnerability

Trust: 5.0

Fetched: Aug. 4, 2024, 9:46 a.m., Published: July 31, 2024, 6:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-7205

How Cybersecurity Can Shield Your IoT Devices from Blackmail and Sextortion

Trust: 3.5

Fetched: Aug. 4, 2024, 9:45 a.m., Published: July 29, 2024, 12:09 p.m.
 Vulnerabilities: denial of service

[AiProtection] How to set Network Protection in ASUS Router ? | Official Support | ASUS Global

Trust: 4.5

Fetched: Aug. 4, 2024, 9:44 a.m., Published: Aug. 4, 2024, 9:44 a.m.
 Vulnerabilities: factory default setting
Affected productsExternal IDs
vendor: trend micro model: internet security
vendor: trend micro model: security
vendor: asus model: router
vendor: asus model: asus
vendor: asus model: asuswrt
vendor: asuswrt model: router
vendor: asuswrt model: asus
vendor: asuswrt model: asuswrt
vendor: trendmicro model: internet security
vendor: trendmicro model: security
vendor: trend model: internet security
vendor: trend model: security

CVE-2024-39950 - vulnerability database | Vulners.com

Trust: 3.5

Fetched: Aug. 4, 2024, 9:43 a.m., Published: July 31, 2024, 3:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39950

Vulnerability Management: Best practice software vulnerability processes and procedures

Trust: 3.5

Fetched: Aug. 4, 2024, 9:43 a.m., Published: June 1, 2018, 9:41 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: trend model: security
vendor: google model: wifi

CVE-2024-39947 - "Dahua Device Crash Vulnerability"

Trust: 3.0

Fetched: Aug. 4, 2024, 9:42 a.m., Published: July 31, 2024, 4:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39947

Ubiquiti G4 instant camera and Cloud Key+ device vulnerabilities - InfotechLead

Trust: 4.0

Fetched: Aug. 4, 2024, 9:41 a.m., Published: Aug. 2, 2024, 3:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2017-0938

Remote Code Execution (RCE) Explained in Detail | Splunk

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202104-0752

Trust: 4.75

Fetched: Aug. 4, 2024, 9:40 a.m., Published: Aug. 24, 2024, midnight
 Vulnerabilities: code injection, buffer overflow, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2019-8942, CVE-2021-44228, CVE-2021-1844, CVE-2020-17051

The Global Impact of CVE-2024-24919 in CheckPoint VPN Gateways | Censys

Trust: 3.5

Fetched: Aug. 4, 2024, 9:38 a.m., Published: June 5, 2024, 5:11 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: security gateway
vendor: check point model: check point
vendor: check point model: check point vpn
vendor: check point model: quantum security gateway
vendor: checkpoint model: security gateway
vendor: checkpoint model: check point
vendor: checkpoint model: check point vpn
vendor: checkpoint model: quantum security gateway
db: NVD ids: CVE-2024-24919

Vulnerability impacting Check Point Network Security Gateways (CVE-2024-24919) - Canadian Centre for Cyber Security

Trust: 3.75

Fetched: Aug. 4, 2024, 9:37 a.m., Published: May 31, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2024-24919

Android Security Bulletin-June 2024 | Android Open Source Project

Trust: 4.5

Fetched: Aug. 4, 2024, 9:36 a.m., Published: June 4, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: motorola
vendor: motorola model: android
vendor: samsung model: notes
vendor: samsung model: note
db: NVD ids: CVE-2024-31328, CVE-2024-31329, CVE-2024-31330

IoT | Free Full-Text | Investigating Radio Frequency Vulnerabilities in the Internet of Things (IoT)

Trust: 4.0

Fetched: Aug. 4, 2024, 9:34 a.m., Published: June 4, 2024, midnight
 Vulnerabilities: denial of service, replay attack, authentication attack
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: essential model: phone
vendor: belkin model: router