VARIoT latest news about IoT security

D-Link DAP-1650 EOL Device Multiple Command Injection Vulner... - vulnerability database \| Vulners.com Trust: 5.75 Fetched: July 27, 2024, 7:11 p.m., Published: July 19, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	dlink	model:	dap-1650_firmware
vendor:	dlink	model:	dap-1650
vendor:	d-link	model:	dap-1650_firmware
vendor:	d-link	model:	dap-1650

db:

NVD

ids:

CVE-2024-23625, CVE-2024-23624

RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024 Trust: 3.0 Fetched: July 27, 2024, 7:11 p.m., Published: July 24, 2024, 7:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	aironet 3800 series
vendor:	cisco	model:	aironet 1560
vendor:	cisco	model:	nexus
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	aironet 1810w series access points
vendor:	cisco	model:	catalyst iw6300
vendor:	cisco	model:	firepower
vendor:	cisco	model:	catalyst 9100
vendor:	cisco	model:	wireless lan controllers
vendor:	cisco	model:	series
vendor:	cisco	model:	aironet 1850
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	fxos
vendor:	cisco	model:	aironet 1540
vendor:	cisco	model:	catalyst 9100 series
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	aironet 1810
vendor:	cisco	model:	aironet 1830 series
vendor:	cisco	model:	aironet
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	aironet 1540 series
vendor:	cisco	model:	aireos
vendor:	cisco	model:	aironet 2800 series
vendor:	cisco	model:	aironet 3800
vendor:	cisco	model:	aironet 1560 series
vendor:	cisco	model:	aironet 2800
vendor:	cisco	model:	ucs b-series blade servers
vendor:	cisco	model:	access points
vendor:	cisco	model:	aironet 1810 series
vendor:	cisco	model:	aironet 1830
vendor:	cisco	model:	aironet 4800
vendor:	cisco	model:	aironet 1850 series
vendor:	cisco	model:	cisco evolved programmable network manager

Siemens vulnerability (CVE-2024-35292) - Find affected devices Related entries in the VARIoT vulnerabilities database: VAR-202406-0059 Trust: 4.5 Fetched: July 27, 2024, 7:09 p.m., Published: July 16, 2024, 9 p.m.	Vulnerabilities: code execution, denial of service, privilege escalation...

Affected products

External IDs

vendor:	siemens	model:	s7-200 smart
vendor:	siemens	model:	scalance
vendor:	siemens	model:	simatic s7-200
vendor:	siemens	model:	simatic s7-200 smart
vendor:	siemens	model:	simatic
vendor:	siemens	model:	ruggedcom

db:

NVD

ids:

CVE-2024-35292

CVE-2024-6422 - TelnetD Remote Unauthenticated Command Execution Vulnerability in Cisco Device Trust: 5.0 Fetched: July 27, 2024, 7:08 p.m., Published: July 10, 2024, 8:15 a.m.	Vulnerabilities: command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6422

Product Security \| Baxter Trust: 4.5 Fetched: July 27, 2024, 7:02 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	baxter	model:	sigma spectrum infusion system
vendor:	baxter	model:	spectrum infusion system
vendor:	baxter	model:	prismaflex
vendor:	baxter	model:	prismax
vendor:	treck	model:	tcp/ip stack

db:

NVD

ids:

CVE-2019-0708

CVE-2023-41921 - Apache Device Firmware Remote Code Execution Vulnerability Trust: 5.25 Fetched: July 27, 2024, 7:02 p.m., Published: July 2, 2024, 8:15 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-41921

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware Related entries in the VARIoT vulnerabilities database: VAR-202401-0919 Trust: 5.5 Fetched: July 27, 2024, 7:02 p.m., Published: July 2, 2024, 4:48 a.m.	Vulnerabilities: path traversal, code execution, command injection...

Affected products

External IDs

vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nexus
vendor:	cisco	model:	series switches
vendor:	cisco	model:	mds 9000 series
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	nexus devices
vendor:	cisco	model:	series
vendor:	cisco	model:	mds 9000
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	routers
vendor:	cisco	model:	nexus 7000
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	cisco nx-os
vendor:	d-link	model:	dir-859

db:

NVD

ids:

CVE-2024-20399, CVE-2024-0769

Vulnerabilities in PanelView Plus devices could lead to remote code execution - RedPacket Security Related entries in the VARIoT vulnerabilities database: VAR-202309-2171 Trust: 5.5 Fetched: July 27, 2024, 7:01 p.m., Published: July 3, 2024, 10:01 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	rockwell	model:	automation panelview plus
vendor:	rockwell	model:	factorytalk view
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation panelview
vendor:	rockwell	model:	rslogix
vendor:	rockwell automation	model:	automation panelview plus
vendor:	rockwell automation	model:	factorytalk view
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation panelview
vendor:	rockwell automation	model:	rslogix

db:

NVD

ids:

CVE-2023-2071

Samsung says a critical security patch is making its way to Galaxy devices soon Trust: 3.5 Fetched: July 27, 2024, 7:01 p.m., Published: July 19, 2024, 2:54 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy

db:

NVD

ids:

CVE-2024-29745, CVE-2024-32896

CVE-2024-4786 - Lenovo Tab K10 Denial of Sleep (DoS) Vulnerability Trust: 5.25 Fetched: July 27, 2024, 6:58 p.m., Published: July 26, 2024, 8:15 p.m.	Vulnerabilities: improper validation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-4786

Cisco Identity Services Engine Arbitrary File Upload Vulnerability Trust: 3.75 Fetched: July 27, 2024, 6:50 p.m., Published: July 17, 2024, 4 p.m.	Vulnerabilities: file upload vulnerability

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

IoT device security: The role of penetration testing \| Synopsys Blog Trust: 3.0 Fetched: July 27, 2024, 6:44 p.m., Published: July 16, 2024, midnight	Vulnerabilities: -

Affected products	External IDs

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue Related entries in the VARIoT vulnerabilities database: VAR-201609-0149 Trust: 3.5 Fetched: July 27, 2024, 6:38 p.m., Published: July 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	asus	model:	asus
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2016-5247

RADIUS Protocol Vulnerability Exposes Network Device Authentication - InfoQ Trust: 3.0 Fetched: July 27, 2024, 6:38 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-3596

OWASP Mobile Top 10 2024 update: Essential changes for security experts Trust: 3.5 Fetched: July 27, 2024, 6:31 p.m., Published: Oct. 27, 2024, midnight	Vulnerabilities: cross-site scripting, sql injection, command injection...

Affected products	External IDs

Microsoft Security Advisory CVE-2024-30046 \| .NET Denial of Service Vulnerability · Issue #308 · dotnet/announcements · GitHub Trust: 3.5 Fetched: July 27, 2024, 6:30 p.m., Published: July 27, 2044, midnight	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2024-30046

Samsung Galaxy Users Can Expect a Critical Update in August \| Black Hat News Trust: 3.75 Fetched: July 27, 2024, 6:27 p.m., Published: July 21, 2024, 12:21 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy

db:

NVD

ids:

CVE-2024-29745, CVE-2024-32896

Samsung is rushing a critical patch to all Galaxy devices amid active exploitation \| TechSpot Trust: 3.75 Fetched: July 27, 2024, 6:25 p.m., Published: July 6, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2024-29745, CVE-2024-32896

CVE - Search Results Related entries in the VARIoT vulnerabilities database: VAR-202004-1861, VAR-202111-1609, VAR-201802-1268, VAR-201606-0245, VAR-202111-1616, VAR-202104-1839, VAR-202111-1610, VAR-202104-1824, VAR-202111-1607, VAR-202208-2220, VAR-202004-1862, VAR-202104-1827, VAR-202205-0542, VAR-201802-1267, VAR-202111-1614, VAR-202111-1613, VAR-202104-1825, VAR-202212-1327, VAR-202111-1612, VAR-202104-1826, VAR-202111-1605, VAR-202102-1448, VAR-201802-1266, VAR-201710-1427, VAR-202111-1606, VAR-202109-0404, VAR-201710-1428, VAR-202210-0537, VAR-202111-1608, VAR-201506-0242, VAR-202111-1611, VAR-201102-0181, VAR-201804-1289, VAR-202111-1615, VAR-201906-0899, VAR-201606-0244, VAR-202104-1829, VAR-202111-1604 Trust: 5.25 Fetched: July 27, 2024, 6:23 p.m., Published: Aug. 24, 2030, midnight	Vulnerabilities: cross-site request forgery, information leak, denial of service...

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	scada	model:	bacnet opc client
vendor:	scada	model:	engine bacnet opc client
vendor:	kmc controls	model:	bac-5051e
vendor:	scada engine	model:	bacnet opc client
vendor:	scada engine	model:	engine bacnet opc client
vendor:	carel	model:	pcoweb
vendor:	lutron	model:	quantum bacnet integration
vendor:	siemens	model:	pxc00-e.d
vendor:	siemens	model:	climatix bacnet/ip
vendor:	siemens	model:	simotics connect 400
vendor:	siemens	model:	pxc200-e.d
vendor:	siemens	model:	apogee pxc
vendor:	siemens	model:	pxc128-u
vendor:	siemens	model:	nucleus readystart
vendor:	siemens	model:	vstar
vendor:	siemens	model:	apogee pxc compact
vendor:	siemens	model:	apogee mbc
vendor:	siemens	model:	pxm20-e
vendor:	siemens	model:	pxc001-e.d
vendor:	siemens	model:	pxc00-u
vendor:	siemens	model:	pxc100-e.d
vendor:	siemens	model:	pxc22.1-e.d
vendor:	siemens	model:	pxc64-u
vendor:	siemens	model:	apogee mec
vendor:	siemens	model:	talon tc modular
vendor:	siemens	model:	pxc50-e.d
vendor:	siemens	model:	nucleus source code
vendor:	siemens	model:	talon tc bacnet automation controllers
vendor:	siemens	model:	simotics connect
vendor:	siemens	model:	talon tc
vendor:	siemens	model:	nucleus
vendor:	siemens	model:	pxc36.1-e.d
vendor:	siemens	model:	desigo pxm20
vendor:	siemens	model:	talon tc compact
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	apogee pxc modular

db:

NVD

ids:

CVE-2020-7574, CVE-2021-31882, CVE-2018-7278, CVE-2016-4495, CVE-2021-31888, CVE-2020-15795, CVE-2015-0980, CVE-2024-4511, CVE-2021-31881, CVE-2020-27738, CVE-2021-31884, CVE-2022-37122, CVE-2020-7575, CVE-2020-27009, CVE-2021-41545, CVE-2018-7277, CVE-2021-31890, CVE-2021-31344, CVE-2020-27737, CVE-2022-45937, CVE-2021-31345, CVE-2020-27736, CVE-2015-0981, CVE-2018-10238, CVE-2021-31886, CVE-2020-28388, CVE-2018-7276, CVE-2015-0979, CVE-2017-9946, CVE-2023-51773, CVE-2021-31885, CVE-2019-12480, CVE-2023-38405, CVE-2021-27391, CVE-2020-7233, CVE-2017-9947, CVE-2022-38371, CVE-2021-31883, CVE-2015-4174, CVE-2024-4292, CVE-2021-31346, CVE-2010-4740, CVE-2018-8880, CVE-2021-31889, CVE-2018-18878, CVE-2024-4791, CVE-2016-4494, CVE-2021-25677, CVE-2021-31887

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities \| CISA Trust: 3.75 Fetched: July 27, 2024, 6:22 p.m., Published: July 27, 2023, midnight	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2024-3400, CVE-2024-20399

VARIoT news about IoT security