VARIoT latest news about IoT security

Vulnerability Summary for the Week of October 31, 2022 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202211-0019, VAR-202210-1951, VAR-202211-0263, VAR-202210-1624, VAR-202211-0033, VAR-202210-1461, VAR-202210-1625, VAR-202210-2057, VAR-202210-1484, VAR-202211-0062, VAR-202210-1885, VAR-202210-2140, VAR-202210-1928, VAR-202210-1531, VAR-202210-1623, VAR-202211-0256, VAR-202210-1496, VAR-202210-1469, VAR-202210-1886, VAR-202205-1317, VAR-202210-1532, VAR-202210-1968, VAR-202210-1524, VAR-202210-1492, VAR-202210-2137, VAR-202211-0046, VAR-202210-1999, VAR-202211-0189, VAR-202211-0169, VAR-202205-1304, VAR-202211-0164, VAR-202210-1487, VAR-202210-1464, VAR-202205-1314, VAR-202210-1908, VAR-202210-1482, VAR-202210-1632, VAR-202211-0207, VAR-202211-0072, VAR-202210-1488, VAR-202205-1319, VAR-202211-0166, VAR-202210-2081, VAR-202205-1291, VAR-202210-1477, VAR-202211-0092, VAR-202210-2055, VAR-202211-0022, VAR-202210-1465, VAR-202211-0208, VAR-202210-1479, VAR-202211-0190, VAR-202211-0107, VAR-202210-1698, VAR-202211-0083, VAR-202211-0149, VAR-202210-1889, VAR-202210-1927, VAR-202210-1884, VAR-202210-2112, VAR-202210-1470, VAR-202205-1313, VAR-202210-2059, VAR-202210-1901, VAR-202210-1489, VAR-202211-0106, VAR-202210-1912, VAR-202210-1471, VAR-202211-0230, VAR-202210-1528, VAR-202210-1525, VAR-202210-1497 Trust: 5.25 Fetched: Nov. 8, 2022, 2:05 p.m., Published: Oct. 31, 2022, midnight	Vulnerabilities: command injection, code injection, request smuggling attack...

Affected products

External IDs

vendor:	schneider-electric	model:	premium
vendor:	tenda	model:	ac23
vendor:	dlink	model:	dir-823g_firmware
vendor:	dlink	model:	dir-846
vendor:	dlink	model:	dir-823g
vendor:	dlink	model:	dir-846_firmware
vendor:	zoom	model:	client
vendor:	zoom	model:	zoom client
vendor:	hitachi	model:	vantara pentaho
vendor:	hitachi	model:	hitachi infrastructure analytics advisor
vendor:	trihedral	model:	vtscada
vendor:	google	model:	chrome os
vendor:	google	model:	chrome
vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	home
vendor:	schneider	model:	premium
vendor:	d-link	model:	dir-823g_firmware
vendor:	d-link	model:	dir-846
vendor:	d-link	model:	dir-823g
vendor:	d-link	model:	dir-846_firmware
vendor:	apple	model:	iphone_os
vendor:	apple	model:	mac_os_x
vendor:	apple	model:	itunes
vendor:	apple	model:	macos
vendor:	apple	model:	tvos
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	watch
vendor:	node.js	model:	node.js
vendor:	haxx	model:	curl
vendor:	honeywell	model:	experion
vendor:	cisco	model:	information server
vendor:	cisco	model:	meeting
vendor:	hitachi vantara	model:	pentaho business analytics
vendor:	hitachi vantara	model:	pentaho

db:

NVD

ids:

CVE-2022-22425, CVE-2022-3780, CVE-2022-3602, CVE-2022-42252, CVE-2021-40661, CVE-2022-3827, CVE-2022-3400, CVE-2022-32889, CVE-2022-37426, CVE-2022-2826, CVE-2022-43995, CVE-2022-43282, CVE-2022-43223, CVE-2022-43328, CVE-2022-27583, CVE-2022-3059, CVE-2022-27584, CVE-2022-27586, CVE-2022-3258, CVE-2022-3723, CVE-2022-32941, CVE-2022-40741, CVE-2022-31692, CVE-2022-25952, CVE-2022-3512, CVE-2022-3801, CVE-2022-43105, CVE-2022-40747, CVE-2022-40294, CVE-2022-42827, CVE-2022-25885, CVE-2022-40287, CVE-2022-3334, CVE-2022-30307, CVE-2022-27582, CVE-2022-32890, CVE-2022-41629, CVE-2022-32922, CVE-2020-22820, CVE-2022-3730, CVE-2022-32925, CVE-2022-40839, CVE-2022-32905, CVE-2021-36906, CVE-2022-43229, CVE-2022-3306, CVE-2022-26119, CVE-2022-32944, CVE-2022-43284, CVE-2022-42309, CVE-2022-41974, CVE-2022-41688, CVE-2022-3337, CVE-2022-42923, CVE-2022-43085, CVE-2022-44542, CVE-2022-44019, CVE-2022-41551, CVE-2022-43066, CVE-2022-42803, CVE-2022-3741, CVE-2022-43227, CVE-2022-37620, CVE-2022-3657, CVE-2022-42813, CVE-2022-42820, CVE-2022-43108, CVE-2022-42796, CVE-2022-3380, CVE-2022-42791, CVE-2022-42915, CVE-2022-3374, CVE-2020-22819, CVE-2022-41648, CVE-2022-26762, CVE-2022-43226, CVE-2022-30608, CVE-2022-42808, CVE-2022-3305, CVE-2022-42800, CVE-2022-32940, CVE-2022-42809, CVE-2022-39016, CVE-2022-43221, CVE-2022-43355, CVE-2022-3304, CVE-2022-3322, CVE-2022-43330, CVE-2022-40617, CVE-2020-21016, CVE-2022-32910, CVE-2022-43362, CVE-2022-43285, CVE-2022-35842, CVE-2022-41666, CVE-2022-26122, CVE-2022-26717, CVE-2022-3315, CVE-2022-39366, CVE-2022-3756, CVE-2022-43495, CVE-2022-41552, CVE-2022-31678, CVE-2022-2741, CVE-2022-43124, CVE-2022-3772, CVE-2022-43106, CVE-2022-3659, CVE-2022-43063, CVE-2022-3654, CVE-2022-32898, CVE-2022-39323, CVE-2022-41657, CVE-2022-37915, CVE-2022-32865, CVE-2022-40289, CVE-2022-26719, CVE-2022-41779, CVE-2022-40190, CVE-2022-42795, CVE-2022-39382, CVE-2022-37914, CVE-2020-22818, CVE-2022-39299, CVE-2022-42744, CVE-2022-39019, CVE-2022-3308, CVE-2022-42806, CVE-2022-41716, CVE-2022-43107, CVE-2022-39356, CVE-2021-37789, CVE-2021-45447, CVE-2022-42320, CVE-2022-3802, CVE-2022-26730, CVE-2022-3732, CVE-2022-26710, CVE-2022-3373, CVE-2022-2864, CVE-2021-38399, CVE-2022-32287, CVE-2022-43126, CVE-2022-43104, CVE-2022-37913, CVE-2022-3181, CVE-2022-3708, CVE-2022-26709, CVE-2022-3784, CVE-2022-32934, CVE-2022-25892, CVE-2022-3307, CVE-2022-43068, CVE-2022-40296, CVE-2022-3656, CVE-2022-31690, CVE-2022-43574, CVE-2022-39294, CVE-2022-37623, CVE-2022-3370, CVE-2022-3697, CVE-2022-2475, CVE-2022-3770, CVE-2022-44623, CVE-2022-43280, CVE-2022-39369, CVE-2022-33870, CVE-2021-38395, CVE-2022-3658, CVE-2022-32907, CVE-2022-3731, CVE-2021-40241, CVE-2022-41644, CVE-2022-32794, CVE-2022-43281, CVE-2022-3786, CVE-2022-42327, CVE-2022-32866, CVE-2022-3776, CVE-2022-39018, CVE-2022-44624, CVE-2022-43109, CVE-2022-32915, CVE-2022-43083, CVE-2022-32887, CVE-2022-43127, CVE-2022-3800, CVE-2022-3729, CVE-2022-3357, CVE-2022-41668, CVE-2022-42751, CVE-2022-43103, CVE-2022-40288, CVE-2022-3360, CVE-2022-32947, CVE-2022-3401, CVE-2022-42311, CVE-2022-40293, CVE-2022-33859, CVE-2021-44862, CVE-2022-39234, CVE-2022-38381, CVE-2021-45446, CVE-2022-3655, CVE-2022-43222, CVE-2022-3799, CVE-2022-42916, CVE-2022-3254, CVE-2022-41772, CVE-2022-27585, CVE-2022-37621, CVE-2021-34055, CVE-2022-3771, CVE-2022-43353, CVE-2022-3321, CVE-2022-32932, CVE-2022-40202, CVE-2022-41636, CVE-2022-3789, CVE-2022-35717, CVE-2022-32939, CVE-2022-43081, CVE-2022-3653, CVE-2021-42777, CVE-2022-43286, CVE-2022-32892, CVE-2022-43125, CVE-2022-40291, CVE-2022-43062, CVE-2022-43329, CVE-2022-3757, CVE-2022-43168, CVE-2022-3735, CVE-2022-3616, CVE-2022-42745, CVE-2022-43989, CVE-2022-3320, CVE-2022-3366, CVE-2022-43331, CVE-2022-44638, CVE-2022-41681, CVE-2022-3652, CVE-2022-26716, CVE-2022-32903, CVE-2022-38142, CVE-2022-3754, CVE-2022-28763, CVE-2022-42801, CVE-2022-43990, CVE-2022-32888, CVE-2022-42750, CVE-2022-42925, CVE-2021-38397, CVE-2021-36898, CVE-2022-37425, CVE-2022-43101, CVE-2022-3023, CVE-2022-32927, CVE-2022-2474, CVE-2022-43354, CVE-2022-3733, CVE-2022-41973, CVE-2022-24936, CVE-2022-3785, CVE-2022-32914, CVE-2022-3774, CVE-2022-2572, CVE-2022-43102, CVE-2022-40471, CVE-2022-41667, CVE-2022-3575, CVE-2022-3734, CVE-2022-41776, CVE-2022-42823, CVE-2022-32924, CVE-2022-43061, CVE-2022-39379, CVE-2022-3798, CVE-2022-32899, CVE-2020-4099, CVE-2021-27784, CVE-2022-39353

NVD - CVE-2022-37861 Trust: 5.0 Fetched: Nov. 8, 2022, 2 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-37861

Microsoft Security Bulletin MS17-012 - Critical \| Microsoft Learn Trust: 4.5 Fetched: Nov. 8, 2022, 1:58 p.m., Published: Oct. 11, 2017, midnight	Vulnerabilities: security feature bypass, code execution, integer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2017-0016, CVE-2017-0104, CVE-2017-0007, CVE-2017-0057, CVE-2017-0100, CVE-2017-0039

NVD - CVE-2022-42464 Trust: 4.0 Fetched: Nov. 8, 2022, 1:58 p.m., Published: March 1, 2002, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-42464

Cisco Email Security Appliance Denial of Service Vulnerability Trust: 5.0 Fetched: Nov. 8, 2022, 1:27 p.m., Published: Nov. 2, 2022, 3:47 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	cisco cloud email security
vendor:	cisco	model:	cloud email security
vendor:	cisco	model:	cisco email security appliance

Apple announces an ‘actively exploited’ vulnerability that allows hackers to fully control devices - Security Boulevard Related entries in the VARIoT vulnerabilities database: VAR-202208-1345, VAR-202208-1294 Trust: 4.0 Fetched: Nov. 8, 2022, 11:40 a.m., Published: Sept. 2, 2022, 2:53 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2022-32893, CVE-2022-32894

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 - Microsoft Security Blog Trust: 3.5 Fetched: Nov. 8, 2022, 11:38 a.m., Published: Oct. 1, 2022, 4:21 a.m.	Vulnerabilities: code execution, request forgery

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41082, CVE-2022-41040

Nest Security Bulletin-August 2022 - Product Documentation Help Trust: 4.75 Fetched: Nov. 8, 2022, 11:38 a.m., Published: Aug. 8, 2022, midnight	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

vendor:

google

model:

home

EZVIZ - Notice about Vulnerabilities in Some EZVIZ Products 20220914 Trust: 4.75 Fetched: Nov. 8, 2022, 11:38 a.m., Published: Sept. 14, 2022, midnight	Vulnerabilities: buffer overflow, memory initialization vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2022-2471, CVE-2022-2472

Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability - Cisco Trust: 4.0 Fetched: Nov. 8, 2022, 11:37 a.m., Published: Oct. 21, 2022, 8:41 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	series
vendor:	cisco	model:	1000v
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nexus 1000v
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	nexus 7000
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nx-os software

Cisco Patches High-Severity Vulnerabilities in Business Switches \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202208-1879 Trust: 4.75 Fetched: Nov. 8, 2022, 11:36 a.m., Published: Nov. 8, 2022, midnight	Vulnerabilities: process crash, improper validation

Affected products

External IDs

vendor:	cisco	model:	nx-os
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	series
vendor:	cisco	model:	fxos
vendor:	cisco	model:	nexus
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios xr

db:

NVD

ids:

CVE-2022-20823, CVE-2022-20824, CVE-2022-20921

FBI Issues Alert on Unpatched and Outdated Medical Devices \| Healthcare Innovation Trust: 3.0 Fetched: Nov. 8, 2022, 11:36 a.m., Published: Sept. 14, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

latest network devices Trust: 4.25 Fetched: Nov. 8, 2022, 10:14 a.m., Published: July 4, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	itunes
vendor:	cisco	model:	routers
vendor:	cisco	model:	series
vendor:	cisco	model:	router
vendor:	cisco	model:	quad
vendor:	trend	model:	security
vendor:	trend	model:	antivirus

db:

NVD

ids:

CVE-2020-15078

Multiple Vulnerabilities Discovered in Juniper Junos OS Related entries in the VARIoT vulnerabilities database: VAR-202210-0815, VAR-202210-0792, VAR-202210-1013, VAR-202210-0849, VAR-202210-0898, VAR-202210-0918 Trust: 4.0 Fetched: Nov. 8, 2022, 10:13 a.m., Published: Nov. 1, 2022, 10:43 a.m.	Vulnerabilities: file inclusion, code execution, path traversal...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22243, CVE-2022-22244, CVE-2022-22241, CVE-2022-22245, CVE-2022-22246, CVE-2022-22242

More security vulnerabilities detected on Google Chrome, security patch released \| Deccan Herald Trust: 5.0 Fetched: Nov. 8, 2022, 10:12 a.m., Published: Nov. 1, 2022, 10:15 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

CVE security vulnerabilities related to CWE (Common Weakness Enumeration) 319 Related entries in the VARIoT vulnerabilities database: VAR-202206-2044, VAR-202208-0251, VAR-202202-0685, VAR-202202-1142, VAR-202111-0671, VAR-202211-0072, VAR-202210-1889, VAR-202205-0920, VAR-202203-0059, VAR-202209-0115, VAR-202202-0307, VAR-202109-1063, VAR-202202-1221, VAR-202210-1430, VAR-202208-2006, VAR-202111-0013 Trust: 4.25 Fetched: Nov. 8, 2022, 10:10 a.m., Published: -	Vulnerabilities: information disclosure, request forgery, code execution...

Affected products

External IDs

vendor:	typo3	model:	typo3
vendor:	axis	model:	m1125
vendor:	axis	model:	communications
vendor:	delta	model:	diaenergie
vendor:	hitachi vantara	model:	pentaho business analytics
vendor:	hitachi vantara	model:	pentaho
vendor:	automationdirect	model:	c-more
vendor:	fiberhome	model:	routers
vendor:	fiberhome	model:	router
vendor:	moxa	model:	mxview
vendor:	hitachi	model:	web server
vendor:	hitachi	model:	vantara pentaho
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile
vendor:	tp-link	model:	wr841n
vendor:	tp-link	model:	tl-wr841n
vendor:	tp-link	model:	routers
vendor:	tp-link	model:	tp-link tl-wr841n
vendor:	netgear	model:	r8000
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	r6900
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	rs400
vendor:	netgear	model:	r7850
vendor:	netgear	model:	r6700
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	router
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r7900
vendor:	delta electronics	model:	diaenergie
vendor:	trend	model:	security
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2022-32245, CVE-2022-31204, CVE-2022-39287, CVE-2022-31046, CVE-2022-30993, CVE-2022-27619, CVE-2022-2003, CVE-2021-45104, CVE-2022-28861, CVE-2022-1524, CVE-2022-30994, CVE-2021-45735, CVE-2022-20243, CVE-2021-40392, CVE-2021-40366, CVE-2022-23105, CVE-2021-41835, CVE-2021-39882, CVE-2021-45447, CVE-2021-42948, CVE-2022-21829, CVE-2022-42916, CVE-2022-29874, CVE-2022-0988, CVE-2022-2005, CVE-2021-41849, CVE-2022-30312, CVE-2021-39272, CVE-2022-39269, CVE-2022-41636, CVE-2021-40846, CVE-2022-34371, CVE-2022-21798, CVE-2022-29519, CVE-2021-44518, CVE-2022-29733, CVE-2022-2485, CVE-2021-40847, CVE-2022-25805, CVE-2022-2338, CVE-2022-33724, CVE-2022-0162, CVE-2021-45894, CVE-2022-41983, CVE-2021-45100, CVE-2022-30115, CVE-2022-26077, CVE-2022-38846, CVE-2022-36200, CVE-2021-42699

Microsoft Defender Vulnerability Management Detects OpenSSL Flaws Trust: 3.0 Fetched: Nov. 8, 2022, 10:09 a.m., Published: Nov. 3, 2022, 8:09 a.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2022-3786, CVE-2022-3602

NVD - CVE-2022-42731 Trust: 4.75 Fetched: Nov. 8, 2022, 10:07 a.m., Published: Feb. 5, 2001, midnight	Vulnerabilities: replay attack, authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-42731

Apple “zero-day” vulnerability: update your Apple devices immediately \| WFU IS Trust: 3.0 Fetched: Nov. 8, 2022, 10 a.m., Published: Aug. 19, 2022, 9:04 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	safari

Get all vulnerabilities \| Microsoft Learn Trust: 3.0 Fetched: Nov. 8, 2022, 9:59 a.m., Published: Oct. 19, 2022, 9:04 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2019-0608

VARIoT news about IoT security