VARIoT latest news about IoT security

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities \| Trend Micro (IN) Trust: 4.25 Fetched: Sept. 18, 2024, 9:22 a.m., Published: Sept. 12, 2024, midnight	Vulnerabilities: weak password, code execution

Affected products

External IDs

vendor:	ipswitch	model:	whatsup gold
vendor:	ipswitch	model:	whatsup
vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-4885, CVE-2024-6670

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 18, 2024, 9:20 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 18, 2024, 9:19 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

Apple Fixes 33 IPhone Vulnerabilities In IOS18 Update Trust: 4.5 Fetched: Sept. 18, 2024, 9:18 a.m., Published: Sept. 17, 2024, 1:27 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	apple	model:	software update
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2024-44187, CVE-2024-44170, CVE-2024-40856, CVE-2024-40840, CVE-2024-44180, CVE-2024-44139, CVE-2024-44124, CVE-2024-44171, CVE-2024-40791, CVE-2024-44165

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) - Help Net Security Trust: 3.75 Fetched: Sept. 18, 2024, 9:17 a.m., Published: Sept. 17, 2024, 9:55 a.m.	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8190

Hacking a $100K Gas Chromatograph without Owning One \| Claroty Trust: 4.5 Fetched: Sept. 18, 2024, 9:16 a.m., Published: June 26, 2024, midnight	Vulnerabilities: command injection, code execution, authentication bypass...

Affected products

External IDs

vendor:

wireshark

model:

wireshark

db:

NVD

ids:

CVE-2023-46687, CVE-2023-51761

Siemens SIMATIC S7-200 SMART Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202409-0292 Trust: 4.75 Fetched: Sept. 18, 2024, 9:15 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-200 smart cpu cr60
vendor:	siemens	model:	simatic s7-200 smart
vendor:	siemens	model:	simatic s7-200 smart cpu sr60
vendor:	siemens	model:	simatic s7-200 smart cpu st20
vendor:	siemens	model:	simatic s7-200 smart cpu sr20
vendor:	siemens	model:	simatic s7-200 smart cpu st40
vendor:	siemens	model:	simatic s7-200 smart cpu cr40
vendor:	siemens	model:	simatic s7-200 smart cpu st60
vendor:	siemens	model:	simatic s7-200
vendor:	siemens	model:	simatic s7-200 smart cpu
vendor:	siemens	model:	simatic s7-200 smart cpu sr30
vendor:	siemens	model:	simatic s7-200 smart cpu sr40
vendor:	siemens	model:	simatic s7-200 smart cpu st30
vendor:	siemens	model:	s7-200 smart

db:

NVD

ids:

CVE-2024-43647

Regulatory Reflections: The PATCH Act \| Trusted Computing Group Trust: 3.75 Fetched: Sept. 18, 2024, 9:14 a.m., Published: June 26, 2024, 8:32 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-31222

Restrict devices features using policy in Microsoft Intune \| Microsoft Learn Trust: 3.0 Fetched: Sept. 17, 2024, 10:11 a.m., Published: Aug. 19, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Asus - Device activation Vulnerability Maturity Index CVE Trust: 3.25 Fetched: Sept. 17, 2024, 10:09 a.m., Published: Sept. 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

asus

model:

asus

CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are v... - vulnerability database \| Vulners.com Trust: 3.75 Fetched: Sept. 17, 2024, 10:09 a.m., Published: Sept. 10, 2024, 8:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	phoenix contact	model:	mguard
vendor:	phoenixcontact	model:	mguard

db:

NVD

ids:

CVE-2024-7734

Number of connected IoT devices growing 13% to 18.8 billion Trust: 3.25 Fetched: Sept. 17, 2024, 10:07 a.m., Published: Sept. 3, 2024, 1:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung
vendor:	samsung	model:	note
vendor:	google	model:	home
vendor:	mesh	model:	mesh

CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are v... - vulnerability database \| Vulners.com Trust: 3.5 Fetched: Sept. 17, 2024, 10:07 a.m., Published: Sept. 10, 2024, 8:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	phoenix contact	model:	mguard pci4000 vpn
vendor:	phoenix contact	model:	mguard rs2005 tx vpn
vendor:	phoenix contact	model:	mguard smart2
vendor:	phoenix contact	model:	mguard smart2 vpn
vendor:	phoenix contact	model:	mguard rs4000 4g vpn
vendor:	phoenix contact	model:	mguard rs4000 3g vpn
vendor:	phoenix contact	model:	mguard core tx vpn
vendor:	phoenix contact	model:	mguard rs2000 tx/tx vpn
vendor:	phoenix contact	model:	mguard centerport
vendor:	phoenix contact	model:	mguard rs2000 3g vpn
vendor:	phoenix contact	model:	mguard delta tx/tx
vendor:	phoenix contact	model:	mguard pcie4000 vpn
vendor:	phoenix contact	model:	mguard rs2000 4g vpn
vendor:	phoenix contact	model:	mguard gt/gt
vendor:	phoenix contact	model:	mguard

db:

NVD

ids:

CVE-2024-7734

Windows 11 has a Critical Vulnerability Revealed, which Microsoft Officially Advises \| iDevice.ro Trust: 4.0 Fetched: Sept. 17, 2024, 10:06 a.m., Published: Aug. 29, 2024, 9:18 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38063

GitHub Patches Multiple Security Vulnerabilities (CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711) - Qualys ThreatPROTECT Trust: 3.0 Fetched: Sept. 17, 2024, 10:05 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6800, CVE-2024-6337, CVE-2024-7711

Versa Security Bulletin: Update on CVE-2024-39717 - Versa Director Dangerous File Type Upload Vulnerability - The Versa Networks Blog Trust: 3.0 Fetched: Sept. 17, 2024, 10:04 a.m., Published: Aug. 26, 2024, 12:58 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-39717

Configuration and vulnerability analysis in AWS Systems Manager - AWS Systems Manager Trust: 3.25 Fetched: Sept. 17, 2024, 10:03 a.m., Published: -	Vulnerabilities: configuration vulnerability

Affected products	External IDs

Ivanti Reports Exploitation Of Cloud Gateway Vulnerability Trust: 6.0 Fetched: Sept. 17, 2024, 10:02 a.m., Published: Sept. 13, 2024, 3:36 p.m.	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8190

CVE-2024-28077 - "GL-iNet Devices Denial-of-Service and Information Disclosure Vulnerability" Trust: 4.25 Fetched: Sept. 17, 2024, 10:02 a.m., Published: Aug. 26, 2024, 8:15 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2024-28077

Buffer Overflow Vulnerability Discovered in Crucial MX500 SSD Firmware Related entries in the VARIoT vulnerabilities database: VAR-202409-0304 Trust: 5.25 Fetched: Sept. 17, 2024, 10:01 a.m., Published: Sept. 13, 2024, 4:31 p.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-42642

VARIoT news about IoT security