VARIoT latest news about IoT security

Vulnerabilities in Beckhoff TwinCAT/BSD Could Allow PLC Logic Tampering, DoS Trust: 4.25 Fetched: Sept. 17, 2024, 9:30 a.m., Published: Sept. 15, 2024, midnight	Vulnerabilities: cross-site scripting, authentication bypass, buffer overflow

Affected products

External IDs

vendor:	beckhoff	model:	beckhoff twincat
vendor:	beckhoff	model:	twincat
vendor:	beckhoff automation	model:	beckhoff twincat
vendor:	beckhoff automation	model:	twincat

db:

NVD

ids:

CVE-2024-41176, CVE-2024-41174, CVE-2024-41173, CVE-2024-41175

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 17, 2024, 9:30 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

New critical SS vulnerability release - CVE-2024-6387 Trust: 4.25 Fetched: Sept. 17, 2024, 9:30 a.m., Published: July 3, 2024, 1:02 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6387

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 17, 2024, 9:29 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

Why My Log Cabin Home Rejects Smart Tech: Lessons from Sonos Vulnerabilities and the Need for SBOMs in AV - rAVe [PUBS] Trust: 4.75 Fetched: Sept. 17, 2024, 9:28 a.m., Published: Sept. 16, 2024, 3:50 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

sonos

model:

sonos

db:

NVD

ids:

CVE-2023-50809

Ivanti Vulnerability Again Forces Emergency Patches Trust: 4.0 Fetched: Sept. 17, 2024, 9:28 a.m., Published: Sept. 19, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8190

That’s A Nice IoT Device You’ve Got There ... It'd Be A Shame If Mirai Used It For Its Botnet Trust: 3.0 Fetched: Sept. 17, 2024, 9:28 a.m., Published: Sept. 16, 2024, 7:05 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Ivanti Vulnerability Again Forces Emergency Patches Trust: 4.0 Fetched: Sept. 17, 2024, 9:27 a.m., Published: Sept. 19, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8190

[AL-118] Multiple Vulnerabilities in D-Link Wireless Routers Related entries in the VARIoT vulnerabilities database: VAR-202409-1099, VAR-202409-1026, VAR-202409-0703 Trust: 5.0 Fetched: Sept. 17, 2024, 9:26 a.m., Published: Sept. 17, 2024, midnight	Vulnerabilities: code execution, input validation vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2024-45697, CVE-2024-45698, CVE-2024-45694, CVE-2024-45696, CVE-2024-45695

CVE-2024-6387 (RegreSSHion) SSH Vu… \| Apple Developer Forums Trust: 4.0 Fetched: Sept. 17, 2024, 9:25 a.m., Published: Sept. 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2024-6387

Top IoT Security Challenges and Best Practices \| Balbix Trust: 3.25 Fetched: Sept. 17, 2024, 9:25 a.m., Published: Sept. 10, 2024, 4:15 p.m.	Vulnerabilities: sql injection, default credentials, denial of service

Affected products	External IDs

Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review \| Qualys Security Blog Trust: 4.5 Fetched: Sept. 17, 2024, 9:23 a.m., Published: Aug. 13, 2024, 8:31 p.m.	Vulnerabilities: request forgery, denial of service, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38140, CVE-2024-38147, CVE-2024-38202, CVE-2024-38199, CVE-2024-38178, CVE-2024-21302, CVE-2024-38160, CVE-2024-38133, CVE-2024-38159, CVE-2024-38141, CVE-2024-38163, CVE-2024-38193, CVE-2024-38144, CVE-2024-38125, CVE-2024-38148, CVE-2024-38107, CVE-2024-38150, CVE-2024-38198, CVE-2024-38200, CVE-2024-38106, CVE-2024-38063, CVE-2024-38213, CVE-2024-38189, CVE-2024-38196

Vulnerabilities in PanelView Plus devices could lead to remote code execution - ThreatsHub Cybersecurity News Related entries in the VARIoT vulnerabilities database: VAR-202309-2171 Trust: 5.5 Fetched: Sept. 17, 2024, 9:22 a.m., Published: July 2, 2024, 4 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	rockwell automation	model:	factorytalk view
vendor:	rockwell automation	model:	automation panelview plus
vendor:	rockwell automation	model:	automation panelview
vendor:	rockwell automation	model:	rslogix
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell	model:	factorytalk view
vendor:	rockwell	model:	automation panelview plus
vendor:	rockwell	model:	automation panelview
vendor:	rockwell	model:	rslogix
vendor:	rockwell	model:	factorytalk

db:

NVD

ids:

CVE-2023-2071

Showcase.apk Vulnerability on Pixel Devices: Security Risk Trust: 4.5 Fetched: Sept. 17, 2024, 9:21 a.m., Published: Aug. 16, 2024, 12:53 p.m.	Vulnerabilities: code execution, code injection

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	essential	model:	phone

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption \| Microsoft Security Blog Trust: 3.0 Fetched: Sept. 17, 2024, 9:18 a.m., Published: July 29, 2024, 4 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-28252, CVE-2024-37085

Samsung says August 2024 security patch is critical for its devices - SamMobile Trust: 3.75 Fetched: Sept. 17, 2024, 9:17 a.m., Published: July 19, 2024, 5:21 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	samsung
vendor:	samsung	model:	galaxy
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2024-29745, CVE-2024-32896

WARNING: MULTIPLE CRITICAL, HIGH AND MEDIUM VULNERABILITIES IN ZYXEL NAS DEVICES CAN BE EXPLOITED TO EXECUTE CODE AND STEAL INFORMATION. DECOMMISION OR PATCH IMMEDIATELY! \| Cert Trust: 5.5 Fetched: Sept. 17, 2024, 9:16 a.m., Published: June 24, 2024, 2:33 p.m.	Vulnerabilities: code execution, privilege management vulnerability, command injection

Affected products

External IDs

vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326

db:

NVD

ids:

CVE-2024-29973, CVE-2024-27793, CVE-2024-29972, CVE-2024-27794, CVE-2024-29974, CVE-2024-19976, CVE-2024-29975, CVE-2024-29976

Secure Boot-neutering PKfail debacle is more prevalent than anyone knew \| Ars Technica Trust: 3.75 Fetched: Sept. 17, 2024, 9:15 a.m., Published: Sept. 16, 2024, 10:13 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

lenovo

model:

system

db:

NVD

ids:

CVE-2024-8105

CVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq s... - vulnerability database \| Vulners.com Trust: 3.25 Fetched: Sept. 16, 2024, 8:53 p.m., Published: Sept. 11, 2024, 3:14 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-45029

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide Trust: 3.0 Fetched: Sept. 16, 2024, 8:51 p.m., Published: Sept. 12, 2024, 1:46 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

VARIoT news about IoT security