VARIoT latest news about IoT security

Siemens PROFINET Devices (Update D) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202107-1608 Trust: 3.75 Fetched: Dec. 12, 2023, 9:08 a.m., Published: April 14, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	scalance x204-2ld ts
vendor:	siemens	model:	profinet io
vendor:	siemens	model:	scalance xr324-12m ts
vendor:	siemens	model:	scalance x310
vendor:	siemens	model:	scalance xm400
vendor:	siemens	model:	ek-ertec
vendor:	siemens	model:	cp1616
vendor:	siemens	model:	scalance x320-1fe
vendor:	siemens	model:	scalance xf204-2ba irt
vendor:	siemens	model:	scalance xf204 irt
vendor:	siemens	model:	scalance x308-2m
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	ek-ertec 200
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	scalance x202-2p irt
vendor:	siemens	model:	scalance xr500
vendor:	siemens	model:	scalance x212-2
vendor:	siemens	model:	scalance w700 ieee 802.11n
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	simocode
vendor:	siemens	model:	scalance x204-2
vendor:	siemens	model:	ruggedcom
vendor:	siemens	model:	scalance x307-3
vendor:	siemens	model:	scalance x204-2fm
vendor:	siemens	model:	scalance x224
vendor:	siemens	model:	ruggedcom rm1224
vendor:	siemens	model:	scalance xf208
vendor:	siemens	model:	scalance xc-200
vendor:	siemens	model:	ek-ertec 200p
vendor:	siemens	model:	scalance xb-200
vendor:	siemens	model:	simatic mv500
vendor:	siemens	model:	scalance x308-2lh
vendor:	siemens	model:	simatic
vendor:	siemens	model:	scalance x307-3ld
vendor:	siemens	model:	scalance xr324-4m poe
vendor:	siemens	model:	scalance x216
vendor:	siemens	model:	scalance x204 irt
vendor:	siemens	model:	scalance x206-1
vendor:	siemens	model:	scalance xr-300wg
vendor:	siemens	model:	scalance x206-1ld
vendor:	siemens	model:	ie/pb-link
vendor:	siemens	model:	scalance x212-2ld
vendor:	siemens	model:	scalance xf201-3p irt
vendor:	siemens	model:	scalance x204-2ld
vendor:	siemens	model:	scalance xf206-1
vendor:	siemens	model:	dk standard ethernet controller
vendor:	siemens	model:	scalance x204 irt pro
vendor:	siemens	model:	scalance x308-2
vendor:	siemens	model:	scalance xp-200
vendor:	siemens	model:	scalance x208pro
vendor:	siemens	model:	scalance x201-3p irt
vendor:	siemens	model:	scalance xf202-2p irt
vendor:	siemens	model:	simatic net
vendor:	siemens	model:	scalance xr324-12m
vendor:	siemens	model:	scalance x408
vendor:	siemens	model:	scalance x408-2
vendor:	siemens	model:	simatic cfu pa
vendor:	siemens	model:	scalance w700
vendor:	siemens	model:	scalance xr324-4m poe ts
vendor:	siemens	model:	scalance xf204
vendor:	siemens	model:	profinet driver
vendor:	siemens	model:	scalance x208
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	scalance x201-3p irt pro
vendor:	siemens	model:	scalance xr324-4m eec
vendor:	siemens	model:	scalance x202-2 irt
vendor:	siemens	model:	scalance
vendor:	siemens	model:	scalance x310fe
vendor:	siemens	model:	scalance x308-2ld
vendor:	siemens	model:	scalance m-800
vendor:	siemens	model:	scalance xf204-2
vendor:	siemens	model:	cp1604
vendor:	siemens	model:	scalance x200
vendor:	siemens	model:	scalance x308-2m ts
vendor:	siemens	model:	scalance s615
vendor:	siemens	model:	simatic profinet driver
vendor:	siemens	model:	scalance xf-200ba
vendor:	siemens	model:	scalance x320-3ldfe
vendor:	siemens	model:	scalance x202-2p irt pro

db:

NVD

ids:

CVE-2020-28400

The 2022-2023 IoT Botnet Report - Vulnerabilities Targeted - CUJO AI Related entries in the VARIoT vulnerabilities database: VAR-202203-0700, VAR-201612-0015, VAR-202110-1691, VAR-201810-0936, VAR-201905-0651, VAR-202205-0957, VAR-201805-0262, VAR-201505-0274, VAR-202003-1707, VAR-202003-0363, VAR-202210-1176, VAR-202002-1447, VAR-202104-0768, VAR-202001-0633, VAR-202007-0064, VAR-201803-1048, VAR-201710-0139, VAR-202102-0290, VAR-201805-0263, VAR-202112-0566, VAR-201906-0716, VAR-202208-1439, VAR-202203-0233, VAR-201403-0306, VAR-202203-1506, VAR-201812-1038, VAR-201906-0703, VAR-201502-0201, VAR-201802-0135, VAR-201705-1398, VAR-202110-1690, VAR-202202-0832, VAR-201712-0829, VAR-201703-0755, VAR-202203-0505, VAR-202205-0394 Trust: 5.0 Fetched: Dec. 12, 2023, 9:05 a.m., Published: April 27, 2023, 12:34 p.m.	Vulnerabilities: memory corruption, privilege escalation, command injection...

Affected products

External IDs

vendor:	dasan	model:	znid gpon 2426a
vendor:	dasan	model:	gpon routers
vendor:	comtrend	model:	vr-3033
vendor:	hikvision	model:	ip cameras
vendor:	orange	model:	web server
vendor:	telesquare	model:	sdt-cw3b1
vendor:	goahead	model:	webserver
vendor:	huawei	model:	hg532
vendor:	huawei	model:	huawei
vendor:	vacron	model:	vacron nvr
vendor:	zhone	model:	znid gpon 2426a
vendor:	zhone	model:	znid gpon
vendor:	netgear	model:	dgn2000
vendor:	netgear	model:	dgn1000
vendor:	netgear	model:	router
vendor:	draytek	model:	routers
vendor:	draytek	model:	vigor
vendor:	draytek	model:	vigor2960
vendor:	tenda	model:	ac15
vendor:	tenda	model:	router
vendor:	avtech	model:	ip camera
vendor:	realtek	model:	realtek sdk
vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	dir-845
vendor:	d-link	model:	dsl-2750b
vendor:	d-link	model:	dir-300
vendor:	d-link	model:	dir-619l
vendor:	d-link	model:	dir-645
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-600
vendor:	d-link	model:	dir-605l
vendor:	d-link	model:	dir-865

db:

NVD

ids:

CVE-2022-26210, CVE-2016-6277, CVE-2021-4039, CVE-2021-41773, CVE-2018-10823, CVE-2020-17456, CVE-2017-18368, CVE-2016-20016, CVE-2022-30525, CVE-2018-10561, CVE-2014-8361, CVE-2020-9054, CVE-2020-10173, CVE-2016-20017, CVE-2020-8515, CVE-2021-20090, CVE-2019-19824, CVE-2020-10987, CVE-2017-17215, CVE-2021-4034, CVE-2014-9118, CVE-2020-8958, CVE-2020-25506, CVE-2018-10562, CVE-2021-44228, CVE-2017-17125, CVE-2020-7209, CVE-2018-12613, CVE-2021-36260, CVE-2022-34538, CVE-2017-18377, CVE-2022-37061, CVE-2022-22947, CVE-2014-2321, CVE-2021-35395, CVE-2021-46422, CVE-2018-20062, CVE-2022-22965, CVE-2018-20057, CVE-2013-7471, CVE-2022-29013, CVE-2018-17173, CVE-2015-2051, CVE-2014-3206, CVE-2016-10372, CVE-2021-35394, CVE-2021-42013, CVE-2022-25075, CVE-2017-17106, CVE-2017-5638, CVE-2022-26186, CVE-2007-3010, CVE-2022-1388

Google Chrome 119 Vulnerability Audit - Lansweeper Trust: 5.5 Fetched: Dec. 10, 2023, 9:41 a.m., Published: -	Vulnerabilities: integer overflow

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2023-6345

CompTIA Security+ SY0-601 Exam Questions and Answers - Page 1 - Page 3 of 10 - PUPUWEB Trust: 4.25 Fetched: Dec. 10, 2023, 9:37 a.m., Published: Nov. 17, 2023, 3:51 a.m.	Vulnerabilities: buffer overflow, injection attack, resource exhaustion...

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	technical support

Is macOS as secure as its users think? \| Kaspersky official blog Trust: 3.5 Fetched: Dec. 10, 2023, 9:34 a.m., Published: Jan. 10, 2050, midnight	Vulnerabilities: traffic interception

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	chrome

Bluetooth Vulnerability Raises Concerns for Android, iOS, Linux, and macOS Devices Trust: 5.75 Fetched: Dec. 10, 2023, 9:34 a.m., Published: Dec. 8, 2023, 10:22 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-45866

Marc Newlin's Keyboard Spoofing Attack Sends Arbitrary Commands to Android, iOS, macOS, and Linux - Hackster.io Trust: 3.75 Fetched: Dec. 10, 2023, 9:31 a.m., Published: Dec. 10, 2016, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-45866

Apple, Linux Devices Found Vulnerable to Bluetooth Hack • iPhone in Canada Blog Trust: 4.75 Fetched: Dec. 10, 2023, 9:31 a.m., Published: Dec. 8, 2023, 6:50 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2023-45866

Bluetooth Flaw Exposes Apple and Linux Devices - Spiceworks Trust: 5.5 Fetched: Dec. 10, 2023, 9:30 a.m., Published: -	Vulnerabilities: authentication bypass, privilege escalation

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-45866

Aviva cyberattack warning, anti-aircraft data theft, car fleets vuln Related entries in the VARIoT vulnerabilities database: VAR-202312-0888 Trust: 4.75 Fetched: Dec. 10, 2023, 9:30 a.m., Published: Dec. 7, 2023, 8:46 p.m.	Vulnerabilities: code execution, authentication bypass, integer overflow

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-22071, CVE-2023-45866, CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, CVE-2023-6248

Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE Trust: 5.5 Fetched: Dec. 10, 2023, 9:29 a.m., Published: Dec. 8, 2023, 12:10 a.m.	Vulnerabilities: code execution, authentication bypass

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2023-45866

12 Best IP Scanner Tools for Network Management Trust: 3.75 Fetched: Dec. 10, 2023, 9:29 a.m., Published: March 1, 2018, 11:23 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

delegate

model:

delegate

Critical Bluetooth flaw could take over Android, Apple, Linux devices \| SC Media Trust: 5.0 Fetched: Dec. 10, 2023, 9:26 a.m., Published: Dec. 7, 2023, 7:57 p.m.	Vulnerabilities: code execution, authentication bypass

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2023-45866

Android Security Bulletin-December 2023 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202312-2276, VAR-202312-0897, VAR-202312-1066, VAR-202312-1228, VAR-202312-1728, VAR-202312-1919, VAR-202312-0888 Trust: 4.25 Fetched: Dec. 10, 2023, 9:25 a.m., Published: Dec. 10, 2023, midnight	Vulnerabilities: denial of service, information disclosure, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	samsung	model:	note
vendor:	samsung	model:	notes
vendor:	samsung	model:	mobile
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-4272, CVE-2023-33089, CVE-2023-45777, CVE-2023-40083, CVE-2023-28546, CVE-2023-3889, CVE-2023-21215, CVE-2023-40080, CVE-2023-21227, CVE-2023-28551, CVE-2023-40079, CVE-2023-40076, CVE-2023-21163, CVE-2023-45781, CVE-2023-33106, CVE-2023-40089, CVE-2023-32847, CVE-2023-21403, CVE-2023-40098, CVE-2023-21652, CVE-2022-48454, CVE-2023-21164, CVE-2023-45775, CVE-2023-45776, CVE-2023-21162, CVE-2023-21217, CVE-2023-32851, CVE-2023-21263, CVE-2023-35690, CVE-2023-33080, CVE-2023-40088, CVE-2023-40073, CVE-2022-48456, CVE-2023-21394, CVE-2023-40090, CVE-2023-40087, CVE-2023-28550, CVE-2023-33063, CVE-2023-35668, CVE-2023-28586, CVE-2023-33088, CVE-2022-22076, CVE-2023-33022, CVE-2022-48459, CVE-2023-33097, CVE-2023-40096, CVE-2023-45773, CVE-2023-40097, CVE-2023-21401, CVE-2023-40075, CVE-2023-40094, CVE-2022-40507, CVE-2023-33017, CVE-2023-40074, CVE-2023-28587, CVE-2022-48461, CVE-2023-32818, CVE-2023-21662, CVE-2023-21218, CVE-2023-21267, CVE-2023-45866, CVE-2023-40091, CVE-2023-40092, CVE-2023-33098, CVE-2023-21664, CVE-2023-40081, CVE-2023-40078, CVE-2023-40082, CVE-2022-48457, CVE-2023-45774, CVE-2023-40103, CVE-2023-40084, CVE-2023-28585, CVE-2022-48455, CVE-2023-40095, CVE-2022-48458, CVE-2023-32804, CVE-2023-33018, CVE-2023-33054, CVE-2023-33081, CVE-2023-40077, CVE-2023-21216, CVE-2023-21402, CVE-2023-21166, CVE-2023-33107, CVE-2023-32850, CVE-2023-21228, CVE-2023-32848, CVE-2023-45779

Multiple Vulnerabilities in Sierra AirLink Cellular Routers - NHS Digital Trust: 5.5 Fetched: Dec. 10, 2023, 9:25 a.m., Published: Dec. 10, 2023, midnight	Vulnerabilities: denial of service, code execution, cross-site scripting...

Affected products

External IDs

vendor:

sierra

model:

aleos

db:

NVD

ids:

CVE-2023-40464, CVE-2023-40461, CVE-2023-41101, CVE-2023-38316, CVE-2023-40463, CVE-2023-40458, CVE-2023-40459, CVE-2023-40460, CVE-2023-40462

Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0327 - NETGEAR Support Related entries in the VARIoT vulnerabilities database: VAR-202203-1668, VAR-202203-1671 Trust: 3.75 Fetched: Dec. 10, 2023, 9:23 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	netgear	model:	r7100lg
vendor:	netgear	model:	router
vendor:	netgear	model:	r8000p
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	rax15
vendor:	netgear	model:	r6400
vendor:	netgear	model:	rax20
vendor:	netgear	model:	orbi
vendor:	netgear	model:	r8000
vendor:	netgear	model:	r7000
vendor:	netgear	model:	rax50
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	rs400
vendor:	netgear	model:	lax20
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	mr60
vendor:	netgear	model:	r8500
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	rax48
vendor:	netgear	model:	r7900p
vendor:	netgear	model:	r7850
vendor:	netgear	model:	rax45
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2022-27642, CVE-2022-27647

Moxa NPort Device Vulnerabilities (Update A) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201702-0596, VAR-201702-0594, VAR-201702-0593, VAR-201702-0860, VAR-201702-0597, VAR-201702-0862, VAR-201702-0595, VAR-201702-0851 Trust: 5.25 Fetched: Dec. 10, 2023, 9:22 a.m., Published: March 21, 2017, midnight	Vulnerabilities: buffer overflow, code execution, cross-site request forgery...

Affected products

External IDs

vendor:	moxa	model:	nport 5100a series
vendor:	moxa	model:	nport
vendor:	moxa	model:	nport p5150a
vendor:	moxa	model:	nport 5200a series
vendor:	moxa	model:	nport 5150ai-m12
vendor:	moxa	model:	nport 5600 series
vendor:	moxa	model:	nport 5250ai-m12
vendor:	moxa	model:	nport 5600-8-dt
vendor:	moxa	model:	nport 5200a
vendor:	moxa	model:	nport 5400 series
vendor:	moxa	model:	nport 5100a
vendor:	moxa	model:	nport 5200 series
vendor:	moxa	model:	nport 5110
vendor:	moxa	model:	nport 5600-8-dtl
vendor:	moxa	model:	nport 5600-8-dtl series
vendor:	moxa	model:	nport 5450ai-m12
vendor:	moxa	model:	nport ia5450a
vendor:	moxa	model:	nport 5130

db:

NVD

ids:

CVE-2016-9369, CVE-2016-9366, CVE-2016-9365, CVE-2016-9361, CVE-2016-9371, CVE-2016-9363, CVE-2016-9367, CVE-2016-9348

JCP \| Free Full-Text \| Security Perception of IoT Devices in Smart Homes Trust: 3.25 Fetched: Dec. 10, 2023, 9:21 a.m., Published: Feb. 14, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	home assistant	model:	home assistant
vendor:	google	model:	google home
vendor:	google	model:	home

Top Vulnerabilities Exploited in VPNs in 2020 - SOCRadar® Cyber Intelligence Inc. Related entries in the VARIoT vulnerabilities database: VAR-201905-0764, VAR-202006-1087, VAR-201912-0830, VAR-202007-0403, VAR-202010-1187, VAR-201906-0815, VAR-201912-0828, VAR-201906-0818, VAR-201912-0829 Trust: 5.5 Fetched: Dec. 10, 2023, 9:19 a.m., Published: Dec. 13, 2020, 1:15 p.m.	Vulnerabilities: memory corruption, directory traversal, session hijacking...

Affected products

External IDs

vendor:	cisco systems	model:	series routers
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	catalyst 9800
vendor:	cisco systems	model:	sd-wan
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	router
vendor:	cisco systems	model:	vpn client
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	netscaler gateway
vendor:	cisco systems	model:	integrated services routers
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	series integrated services routers
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	cisco ios
vendor:	citrix	model:	sd-wan
vendor:	citrix	model:	secure gateway
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	hypervisor
vendor:	citrix	model:	gateway
vendor:	citrix	model:	xenserver
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	sd-wan wanop
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	netscaler
vendor:	cisco	model:	series routers
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	catalyst 9800
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	router
vendor:	cisco	model:	vpn client
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	netscaler gateway
vendor:	cisco	model:	integrated services routers
vendor:	cisco	model:	series
vendor:	cisco	model:	series integrated services routers
vendor:	cisco	model:	access points
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	ssl vpn
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os
vendor:	goahead	model:	webserver
vendor:	pulse secure	model:	pulse policy secure
vendor:	pulse secure	model:	connect secure
vendor:	pulse secure	model:	pulse connect secure
vendor:	pulse secure	model:	policy secure
vendor:	moxa	model:	edr-g903 series
vendor:	moxa	model:	edr-g903
vendor:	sonicwall	model:	sonicos
vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	sonicosv
vendor:	sonicwall	model:	sma100
vendor:	sonicwall	model:	ssl vpn
vendor:	pulse	model:	secure pulse policy secure
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	ssl vpn
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os

db:

NVD

ids:

CVE-2018-13383, CVE-2020-3220, CVE-2019-7483, CVE-2020-14511, CVE-2020-5135, CVE-2018-13379, CVE-2019-7481, CVE-2019-19781, CVE-2019-11539, CVE-2018-13382, CVE-2020-2050, CVE-2019-7482, CVE-2020-2005, CVE-2019-11510, CVE-2019-1579

The top 5 most routinely exploited vulnerabilities of 2021 Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566 Trust: 5.5 Fetched: Dec. 10, 2023, 9:19 a.m., Published: April 28, 2022, 5 p.m.	Vulnerabilities: feature bypass, authentication bypass, code execution...

Affected products

External IDs

vendor:

zoho

model:

manageengine adselfservice plus

db:

NVD

ids:

CVE-2021-26084, CVE-2021-26858, CVE-2021-45046, CVE-2021-40539, CVE-2021-34473, CVE-2021-26857, CVE-2021-27065, CVE-2021-26855, CVE-2021-31207, CVE-2021-34523, CVE-2021-44228, CVE-2021-2685

VARIoT news about IoT security