VARIoT latest news about IoT security

Top ICS Vulnerabilities This Week: Critical Bugs In Rockwell Automation, Siemens, And Viessmann - Cyble Related entries in the VARIoT vulnerabilities database: VAR-202409-2108, VAR-202311-0439, VAR-202409-0293, VAR-202409-0257 Trust: 5.5 Fetched: Sept. 24, 2024, 10:23 a.m., Published: Sept. 18, 2024, 7:19 p.m.	Vulnerabilities: injection attack, buffer overflow, use after free...

Affected products

External IDs

vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation factorytalk
vendor:	rockwell	model:	automation factorytalk view site edition
vendor:	rockwell	model:	factorytalk view
vendor:	siemens	model:	simatic pcs 7
vendor:	siemens	model:	wincc
vendor:	siemens	model:	pcs 7
vendor:	siemens	model:	scalance
vendor:	siemens	model:	ruggedcom
vendor:	siemens	model:	simatic pcs neo
vendor:	siemens	model:	scalance m-800
vendor:	siemens	model:	pcs neo
vendor:	siemens	model:	simatic pcs
vendor:	siemens	model:	simatic batch
vendor:	siemens	model:	sinec nms
vendor:	siemens	model:	scalance m-800/s615
vendor:	siemens	model:	process historian
vendor:	siemens	model:	simatic wincc
vendor:	siemens	model:	sinema remote connect
vendor:	siemens	model:	simatic
vendor:	siemens	model:	totally integrated automation portal
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation factorytalk
vendor:	rockwell automation	model:	automation factorytalk view site edition
vendor:	rockwell automation	model:	factorytalk view

db:

NVD

ids:

CVE-2024-45824, CVE-2023-44373, CVE-2023-45852, CVE-2024-45032, CVE-2023-46850, CVE-2023-34873, CVE-2023-5222, CVE-2024-33698, CVE-2024-35783

Top 100 Vulnerabilities: Identifying and Addressing Security Risks \| by 0xvan \| Aug, 2024 \| Medium Trust: 4.5 Fetched: Sept. 24, 2024, 10:22 a.m., Published: -	Vulnerabilities: os command injection, privilege escalation, denial of service...

Affected products	External IDs

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation Trust: 6.0 Fetched: Sept. 24, 2024, 10:22 a.m., Published: Aug. 27, 2024, 4:45 a.m.	Vulnerabilities: heap corruption

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2024-7965

D-Link Technical Support Related entries in the VARIoT vulnerabilities database: VAR-202408-2695, VAR-202408-2424, VAR-202408-2666, VAR-202408-2536 Trust: 5.5 Fetched: Sept. 24, 2024, 10:21 a.m., Published: -	Vulnerabilities: os command injection, command injection, command execution

Affected products

External IDs

vendor:

d-link

model:

dir-846

db:

NVD

ids:

CVE-2024-44341, CVE-2024-44342, CVE-2024-44340, CVE-2024-41622

JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices Related entries in the VARIoT vulnerabilities database: VAR-202409-0992, VAR-202409-0991 Trust: 3.75 Fetched: Sept. 24, 2024, 10:08 a.m., Published: Sept. 24, 2024, midnight	Vulnerabilities: cross-site request forgery, request forgery, cross-site scripting

Affected products

External IDs

db:

NVD

ids:

CVE-2024-45836, CVE-2024-45372

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide Trust: 4.5 Fetched: Sept. 24, 2024, 10:07 a.m., Published: Sept. 18, 2024, 4 p.m.	Vulnerabilities: denial of service, command execution

Affected products

External IDs

vendor:	draytek	model:	routers
vendor:	hikvision	model:	hikvision
vendor:	hikvision	model:	ip cameras
vendor:	tp-link	model:	routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	soho
vendor:	asus	model:	routers
vendor:	asus	model:	asus
vendor:	mikrotik	model:	routers
vendor:	mikrotik	model:	mikrotik
vendor:	canary	model:	canary

Former Apple exec Jony Ive partners with OpenAI's Sam Altman to develop an AI-powered device - YouTube Trust: 3.0 Fetched: Sept. 24, 2024, 10:05 a.m., Published: Sept. 23, 2024, 6:45 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

watch

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Sept. 24, 2024, 10:04 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

CERT-In issues 'critical vulnerability' warning for Apple users: HERE's guide to update software to stay safe Trust: 3.75 Fetched: Sept. 24, 2024, 10:04 a.m., Published: Sept. 18, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	apple	model:	tvos
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	icloud
vendor:	apple	model:	software update
vendor:	apple	model:	itunes

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Sept. 24, 2024, 10:02 a.m., Published: Sept. 8, 2024, midnight	Vulnerabilities: configuration error

Affected products	External IDs

Vulnerability in MediaTek chips allows ‘zero-click’ remote takeover Trust: 5.0 Fetched: Sept. 24, 2024, 10:01 a.m., Published: Sept. 22, 2024, 5:43 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

sonicwall

model:

switch

db:

NVD

ids:

CVE-2024-20017

Bankroll Network DeFi hacked, $50M phisher moves crypto on CoW: Crypto-Sec - TradingView News Related entries in the VARIoT vulnerabilities database: VAR-202409-1099, VAR-202409-0703, VAR-202409-1026 Trust: 4.0 Fetched: Sept. 24, 2024, 10 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

d-link

model:

router

db:

NVD

ids:

CVE-2024-45697, CVE-2024-45695, CVE-2024-45698, CVE-2024-45694, CVE-2024-45696

Vulnerabilities in Cellular Packet Cores Part IV Authentication \| Trend Micro (CA) Trust: 3.0 Fetched: Sept. 24, 2024, 9:59 a.m., Published: Sept. 18, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20685

High-risk security flaw found in iPhones and other Apple products: Is your device safe? Trust: 3.75 Fetched: Sept. 24, 2024, 9:59 a.m., Published: Sept. 23, 2024, 5:32 a.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	safari

Necro malware infects 11M+ Android devices via Google Play apps - SiliconANGLE Trust: 3.0 Fetched: Sept. 24, 2024, 9:58 a.m., Published: Sept. 23, 2024, 10:45 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Networked “Smart” Chargers Pose a Bigger Security Risk Than Companies Realize - Safety - Automotive Fleet Trust: 3.75 Fetched: Sept. 24, 2024, 9:58 a.m., Published: Sept. 23, 2024, midnight	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

essential

model:

phone

The TechCrunch Cyber Glossary \| TechCrunch Trust: 4.5 Fetched: Sept. 24, 2024, 9:57 a.m., Published: Sept. 22, 2024, 12:30 p.m.	Vulnerabilities: code execution, denial of service

Affected products	External IDs

SQL Injection Vulnerability (CVE-2024-5586) fixed in build 8121 \| ManageEngine ADAudit Plus Trust: 5.25 Fetched: Sept. 24, 2024, 9:57 a.m., Published: Sept. 24, 8121, midnight	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-5586

Vulnerabilities in Cellular Packet Cores Part IV Authentication \| Trend Micro (US) Trust: 3.0 Fetched: Sept. 24, 2024, 9:55 a.m., Published: Sept. 18, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20685

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report Trust: 3.0 Fetched: Sept. 24, 2024, 9:54 a.m., Published: Sept. 24, 2024, midnight	Vulnerabilities: -

Affected products	External IDs

VARIoT news about IoT security