VARIoT latest news about IoT security

New Vulnerability in Fortinet FortiOS Exposes Devices to Remote Code Execution Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 5.0 Fetched: Feb. 23, 2024, 10:02 a.m., Published: Feb. 19, 2024, 6:28 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

ansible

model:

ansible

db:

NVD

ids:

CVE-2023-34992, CVE-2022-42475, CVE-2024-21762, CVE-2024-23108, CVE-2023-27997, CVE-2024-23109

Security Advisory for Post-Authentication Command Injection on the R7000, PSV-2023-0154 - NETGEAR Support Trust: 4.0 Fetched: Feb. 23, 2024, 10:02 a.m., Published: -	Vulnerabilities: command injection

Affected products

External IDs

vendor:	netgear	model:	orbi
vendor:	netgear	model:	r7000

Go Vulnerability Database - Go Packages Trust: 4.0 Fetched: Feb. 23, 2024, 10:01 a.m., Published: Feb. 20, 2024, midnight	Vulnerabilities: cross-site scripting

Affected products	External IDs

What Are the Advantages and Disadvantages of Smart Home? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 9:59 a.m., Published: Jan. 31, 2024, 7:25 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

What's the Difference Between Kasa and Tapo? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 9:58 a.m., Published: Jan. 26, 2024, 2:49 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

How Do I Integrate Nest Thermostat With Home Assistant? - ByRetreat Trust: 4.5 Fetched: Feb. 23, 2024, 9:56 a.m., Published: Jan. 31, 2024, 5:31 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

home assistant

model:

home assistant

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers - Patabook Technology Trust: 4.25 Fetched: Feb. 23, 2024, 9:55 a.m., Published: Feb. 21, 2024, 10:41 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-52160, CVE-2023-52161

Bluetooth Flaw: Multi-OS Takeover Risk! 🚨📱 - Impulsec Trust: 4.5 Fetched: Feb. 23, 2024, 9:54 a.m., Published: Jan. 17, 2024, 10:54 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	apple	model:	macbook pro
vendor:	apple	model:	macbook
vendor:	apple	model:	iphone
vendor:	apple	model:	macbook air
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2024-21306, CVE-2023-45866

Does Bell Smart Home Work Without Internet? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 9:48 a.m., Published: Jan. 29, 2024, 3:53 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

What Thermostats Are Compatible With Savant? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 9:46 a.m., Published: Jan. 29, 2024, 6:11 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

DNSSEC vulnerability puts big chunk of the internet at risk • The Register Trust: 3.75 Fetched: Feb. 23, 2024, 9:45 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-5679, CVE-2023-5517, CVE-2023-4408, CVE-2023-6516, CVE-2023-50387, CVE-2023-50868

Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series \| CISA Trust: 3.0 Fetched: Feb. 23, 2024, 9:44 a.m., Published: Feb. 23, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	expressway
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	expressway series

Cisco Unified Intelligence Center Insufficient Access Contro... - vulnerability database \| Vulners.com Trust: 3.0 Fetched: Feb. 23, 2024, 9:42 a.m., Published: Feb. 21, 2024, 4 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	unified intelligence center
vendor:	cisco	model:	cisco unified intelligence center

Cisco Unified Intelligence Center Insufficient Access Control Vulnerability Trust: 5.0 Fetched: Feb. 23, 2024, 9:41 a.m., Published: Feb. 21, 2024, 3:57 p.m.	Vulnerabilities: access control vulnerability

Affected products

External IDs

vendor:	cisco	model:	cisco unified intelligence center
vendor:	cisco	model:	unified intelligence center

The Rise of Connected Medical Devices: New Security Risks and How to Mitigate Them Trust: 3.0 Fetched: Feb. 23, 2024, 9:40 a.m., Published: Feb. 3, 2024, midnight	Vulnerabilities: -

Affected products	External IDs

Apple Shortcuts Zero-Click Vulnerability Enables Covert Data Theft - VULNERA Trust: 3.75 Fetched: Feb. 23, 2024, 9:34 a.m., Published: Feb. 22, 2024, 8:39 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	apple	model:	webkit
vendor:	apple	model:	watchos
vendor:	apple	model:	icloud
vendor:	apple	model:	safari
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2024-23204, CVE-2024-23222

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers - BU-CERT Trust: 4.25 Fetched: Feb. 23, 2024, 9:32 a.m., Published: Feb. 19, 2024, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-52160, CVE-2023-52161

Apple's reply on device vulnerability not totally clear: MoS IT on iPhone alert to MPs Trust: 3.25 Fetched: Feb. 23, 2024, 9:31 a.m., Published: Feb. 19, 2024, 10:48 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Study highlights security vulnerabilities in the smart home - CNET Trust: 3.25 Fetched: Feb. 23, 2024, 9:22 a.m., Published: Feb. 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	nest	model:	learning thermostat
vendor:	chamberlain	model:	myq garage
vendor:	chamberlain	model:	myq gateway

Siemens SIMATIC HMI Devices Vulnerabilities (Update E) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201504-0235, VAR-201504-0031, VAR-201504-0234 Trust: 4.75 Fetched: Feb. 23, 2024, 9:22 a.m., Published: Feb. 23, 2023, midnight	Vulnerabilities: resource exhaustion

Affected products

External IDs

vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic hmi multi panels
vendor:	siemens	model:	simatic wincc
vendor:	siemens	model:	simatic hmi
vendor:	siemens	model:	wincc
vendor:	siemens	model:	simatic pcs 7
vendor:	siemens	model:	wincc tia portal
vendor:	siemens	model:	simatic net
vendor:	siemens	model:	simatic wincc runtime
vendor:	siemens	model:	simatic wincc comfort
vendor:	siemens	model:	simatic wincc runtime professional
vendor:	siemens	model:	pcs 7
vendor:	siemens	model:	simatic hmi basic panels 2nd generation
vendor:	siemens	model:	wincc runtime advanced
vendor:	siemens	model:	simatic hmi comfort panels
vendor:	siemens	model:	simatic net pc-software
vendor:	siemens	model:	simatic hmi mobile panel 277
vendor:	siemens	model:	simatic hmi mobile panel
vendor:	siemens	model:	simatic net pc
vendor:	siemens	model:	simatic hmi panels
vendor:	siemens	model:	tia portal
vendor:	siemens	model:	simatic wincc runtime advanced
vendor:	siemens	model:	simatic automation tool
vendor:	siemens	model:	siemens simatic hmi
vendor:	siemens	model:	simatic pcs
vendor:	siemens	model:	simatic hmi basic panels 1st generation

db:

NVD

ids:

CVE-2015-2823, CVE-2015-1601, CVE-2015-2822

VARIoT news about IoT security