VARIoT latest news about IoT security

Vulnerabilities in PanelView Plus devices could lead to remote code execution Related entries in the VARIoT vulnerabilities database: VAR-202309-2171 Trust: 5.5 Fetched: July 27, 2024, 7:41 p.m., Published: July 3, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	rockwell	model:	automation panelview plus
vendor:	rockwell	model:	factorytalk view
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation panelview
vendor:	rockwell	model:	rslogix
vendor:	rockwell automation	model:	automation panelview plus
vendor:	rockwell automation	model:	factorytalk view
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation panelview
vendor:	rockwell automation	model:	rslogix

db:

NVD

ids:

CVE-2023-2071

CVE - CVE-2023-36670 Trust: 4.0 Fetched: July 27, 2024, 7:41 p.m., Published: Aug. 24, 2030, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36670

CVE - CVE-2021-23841 Related entries in the VARIoT vulnerabilities database: VAR-202102-1488 Trust: 3.25 Fetched: July 27, 2024, 7:41 p.m., Published: Aug. 24, 2030, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-23841

Are Your Bluetooth Connections Putting Your Business at Risk? - Krishna Gupta Trust: 3.5 Fetched: July 27, 2024, 7:39 p.m., Published: July 5, 2024, 12:57 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	wireshark	model:	wireshark

Critical OpenSSH Flaw Enables Full System Compromise - Infosecurity Magazine Trust: 3.75 Fetched: July 27, 2024, 7:39 p.m., Published: July 1, 2024, 2 p.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6387, CVE-2008-4109, CVE-2006-5051

Reference guide for security alerts - Microsoft Defender for Cloud \| Microsoft Learn Trust: 3.0 Fetched: July 27, 2024, 7:39 p.m., Published: June 3, 2024, midnight	Vulnerabilities: privilege escalation

Affected products	External IDs

A Vulnerability in Cisco Secure Email Gateway Could Allow for Remote Code Execution Trust: 4.25 Fetched: July 27, 2024, 7:33 p.m., Published: July 22, 2024, midnight	Vulnerabilities: code execution

Affected products	External IDs

Cisco VPN Client Software Download (Windows 32bit - 64bit, Linux 32bit - 64bit, MacOS) Trust: 3.0 Fetched: July 27, 2024, 7:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	vpn client
vendor:	cisco	model:	cisco vpn client

Cisco Secure Web Appliance Privilege Escalation Vulnerability - Cisco Trust: 3.0 Fetched: July 27, 2024, 7:26 p.m., Published: July 17, 2024, 11:40 a.m.	Vulnerabilities: privilege escalation

Affected products	External IDs

Smart Home Device Security Trust: 4.5 Fetched: July 27, 2024, 7:24 p.m., Published: July 18, 2024, 4:37 p.m.	Vulnerabilities: weak password

Affected products

External IDs

vendor:

essential

model:

phone

Does CVE-2022-38023 have any impact to ONTAP 9? - NetApp Knowledge Base Trust: 3.0 Fetched: July 27, 2024, 7:24 p.m., Published: Jan. 2, 2023, 12:17 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-38023

RegreSSHion Attack: Protecting Against Unpatched OpenSSH CVE Trust: 5.0 Fetched: July 27, 2024, 7:24 p.m., Published: July 16, 2024, 7 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6387, CVE-2008-4109, CVE-2006-5051

CVE-2024-39149 - Post-auth blind OS command injection vulnerability in NETGEAR's X6 R8000 devices Trust: 5.5 Fetched: July 27, 2024, 7:21 p.m., Published: March 11, 2024, midnight	Vulnerabilities: command execution, arbitrary command execution, command injection...

Affected products

External IDs

vendor:

netgear

model:

r8000

db:

NVD

ids:

CVE-2024-39149

OpenSSH Vulnerability: CVE-2024-6387 Explained Trust: 3.0 Fetched: July 27, 2024, 7:19 p.m., Published: July 2, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6387

Legacy Vulnerabilities in IoT: Why Updating Your Devices is Critical - Responsible Cyber Trust: 3.75 Fetched: July 27, 2024, 7:18 p.m., Published: July 29, 2024, midnight	Vulnerabilities: default credentials

Affected products	External IDs

CocoaPods Vulnerabilities Expose Apple Devices to Supply Chain Attacks - The Review Hive Trust: 4.75 Fetched: July 27, 2024, 7:17 p.m., Published: July 8, 2024, 8:09 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2024-38366, CVE-2024-38367, CVE-2024-38368

Vulnerability in Cisco Smart Software Manager lets attackers change any user password \| Ars Technica Trust: 4.0 Fetched: July 27, 2024, 7:16 p.m., Published: July 17, 2024, 7:47 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20419

Vulnerabilities in PanelView Plus devices could lead to remote code execution - TQT Group Related entries in the VARIoT vulnerabilities database: VAR-202309-2171 Trust: 5.25 Fetched: July 27, 2024, 7:15 p.m., Published: July 9, 2024, 9:54 a.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

vendor:	rockwellautomation	model:	automation panelview plus
vendor:	rockwellautomation	model:	factorytalk view
vendor:	rockwellautomation	model:	factorytalk
vendor:	rockwellautomation	model:	automation panelview
vendor:	rockwellautomation	model:	rslogix
vendor:	rockwell	model:	automation panelview plus
vendor:	rockwell	model:	factorytalk view
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation panelview
vendor:	rockwell	model:	rslogix
vendor:	rockwell automation	model:	automation panelview plus
vendor:	rockwell automation	model:	factorytalk view
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation panelview
vendor:	rockwell automation	model:	rslogix

db:

NVD

ids:

CVE-2023-20719, CVE-2023-2071, CVE-2023-294648

CVE - CVE-2018-0002 Related entries in the VARIoT vulnerabilities database: VAR-201801-1070 Trust: 5.0 Fetched: July 27, 2024, 7:14 p.m., Published: Aug. 24, 2030, midnight	Vulnerabilities: memory corruption, denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2018-0002

Samsung Galaxy Critical Update Expected In August For… Trust: 3.75 Fetched: July 27, 2024, 7:13 p.m., Published: Aug. 27, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy

db:

NVD

ids:

CVE-2024-29745, CVE-2024-32896

VARIoT news about IoT security