Sign-up

VARIoT news about IoT security

Vulnerabilities in BMC Firmware Affect OT/IoT Device Security - Part 1

Trust: 5.25

Fetched: Nov. 23, 2022, 9:57 a.m., Published: Nov. 22, 2022, 8:35 a.m.
 Vulnerabilities: session fixation, code execution, buffer overflow...
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: bmc firmware
vendor: lenovo model: bios
vendor: lenovo model: system
vendor: lenovo model: bios firmware
vendor: dell model: bios
db: NVD ids: CVE-2021-26731, CVE-2021-26729, CVE-2021-26730, CVE-2021-4228, CVE-2021-44467, CVE-2021-45925, CVE-2021-26732, CVE-2021-26733, CVE-2021-44769, CVE-2021-26727, CVE-2021-26728, CVE-2021-44776, CVE-2021-46279

OpenSSL update patches high-severity vulnerabilities | Venafi

Trust: 3.5

Fetched: Nov. 23, 2022, 9:56 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: denial of service, buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-3602, CVE-2022-3786

Delta Electronics InfraSuite Device Master | CISA

Trust: 5.25

Fetched: Nov. 23, 2022, 9:56 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-41778, CVE-2022-41688, CVE-2022-41657, CVE-2022-40202, CVE-2022-41629, CVE-2022-38142, CVE-2022-41776, CVE-2022-41779, CVE-2022-41772, CVE-2022-41644

Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Trust: 4.25

Fetched: Nov. 23, 2022, 9:55 a.m., Published: Nov. 22, 2022, 5 p.m.
 Vulnerabilities: default credentials, information disclosure
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: snort model: snort
db: NVD ids: CVE-2021-35395, CVE-2021-33558, CVE-2022-27255, CVE-2017-9833

Millions of Android phones may be vulnerable to camera spying vulnerability

Trust: 3.0

Fetched: Nov. 23, 2022, 9:54 a.m., Published: May 23, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks | SecurityWeek.Com

Trust: 3.5

Fetched: Nov. 23, 2022, 9:54 a.m., Published: Nov. 23, 2022, midnight
 Vulnerabilities: access control issue, code execution, command injection
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: bmc firmware
vendor: lenovo model: system

Linux has been bitten by its most high-severity vulnerability in years | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202203-0043

Trust: 3.0

Fetched: Nov. 23, 2022, 9:51 a.m., Published: March 8, 2022, 2:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-0847

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks - Blog - OrbitBrain

Trust: 3.25

Fetched: Nov. 23, 2022, 9:50 a.m., Published: Nov. 22, 2022, 8:53 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: bmc firmware
vendor: lenovo model: system

Simon Hartley on LinkedIn: Dagah - Automated mobile device vulnerability assessment, pen testing &…

Trust: 3.0

Fetched: Nov. 23, 2022, 9:47 a.m., Published: Nov. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Carrier LenelS2 HID Mercury access panels buffer overflow vulnerability - cnvd database | Vulners

Trust: 3.0

Fetched: Nov. 23, 2022, 9:47 a.m., Published: June 5, 2022, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

Out-of-bounds read vulnerability in multiple Huawei products (CNVD-2021-93832) - cnvd database | Vulners

Trust: 4.25

Fetched: Nov. 23, 2022, 9:46 a.m., Published: Nov. 29, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT | Free Full-Text | Living in the Dark: MQTT-Based Exploitation of IoT Security Vulnerabilities in ZigBee Networks for Smart Lighting Control

Trust: 4.25

Fetched: Nov. 23, 2022, 9:41 a.m., Published: Nov. 23, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: raspberry pi model: raspberry pi 3
vendor: broadcom model: linux

How to Protect Company Information? Here's the Right Way! ~ PT. Network Data Sistem

Trust: 3.0

Fetched: Nov. 23, 2022, 9:41 a.m., Published: Oct. 21, 2022, 1:30 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

OpenSSL Vulnerability and the Case for Virtual Patching - Cyolo

Trust: 3.0

Fetched: Nov. 23, 2022, 9:39 a.m., Published: Nov. 18, 2022, 5:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Cybersecurity researcher discovers a way to bypass lockscreen on Pixel devices

Trust: 3.5

Fetched: Nov. 23, 2022, 9:38 a.m., Published: Nov. 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: google model: pixel
db: NVD ids: CVE-2022-20465

OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT - Forescout

Trust: 4.25

Fetched: Nov. 23, 2022, 9:34 a.m., Published: June 21, 2022, 3 a.m.
 Vulnerabilities: denial of service, authentication bypass, code execution
Affected productsExternal IDs
vendor: siemens model: wincc oa
vendor: siemens model: wincc
vendor: emerson model: deltav
vendor: emerson model: ovation
vendor: emerson model: deltav distributed control system
vendor: trend model: security
vendor: phoenix model: contact proconos
vendor: honeywell model: experion
vendor: yokogawa model: stardom
vendor: phoenix contact model: proconos
vendor: motorola model: motorola

Exploit Code Released for Critical Cisco Vulnerability: CVE-2022-20699

Related entries in the VARIoT vulnerabilities database: VAR-202202-1278

Trust: 4.25

Fetched: Nov. 23, 2022, 9:31 a.m., Published: Aug. 2, 2022, 1:28 p.m.
 Vulnerabilities: configuration vulnerability, buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: rv345
vendor: cisco model: series
vendor: cisco model: rv340
vendor: cisco model: series routers
db: NVD ids: CVE-2022-20699

IoT Devices Vulnerability Assessment - Azpa Technologies

Trust: 3.75

Fetched: Nov. 23, 2022, 9:29 a.m., Published: Aug. 28, 2022, 2:37 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: forescout model: counteract

How To Prevent Your Apple Device From DoorLock Vulnerability? - The Sec Master

Trust: 3.5

Fetched: Nov. 23, 2022, 9:28 a.m., Published: Jan. 7, 2022, 11:32 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: icloud
vendor: google model: home

Mobile Device Vulnerabilities - JEFF HOWELL

Trust: 4.25

Fetched: Nov. 23, 2022, 9:25 a.m., Published: -
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
vendor: jquery model: jquery
vendor: blackberry model: blackberry
vendor: blackberry model: smartphone
vendor: google model: android
vendor: google model: pixel
vendor: apple model: iphone