Sign-up

VARIoT news about IoT security

IoT Cyber Security: Trends, Challenges and Solutions

Trust: 4.25

Fetched: July 7, 2023, 9:17 a.m., Published: July 22, 2023, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: google model: wi-fi router
vendor: google model: home
vendor: tesla model: model
vendor: node.js model: node.js

Urgent Android warning to fix ‘critical’ Google danger that lets hacker enter your phone ‘even if you don’t do anything’ | The Sun

Trust: 5.0

Fetched: July 7, 2023, 9:17 a.m., Published: July 6, 2023, 3:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-21250

Firmware vulnerabilities you don’t want in your product

Trust: 3.5

Fetched: July 7, 2023, 9:16 a.m., Published: May 29, 2023, noon
 Vulnerabilities: authentication bypass, code execution, command injection...
Affected productsExternal IDs

CISA warns of Medtronic cardiac device security vulnerability | Healthcare IT News

Trust: 5.0

Fetched: July 7, 2023, 9:15 a.m., Published: July 5, 2023, 1:23 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security

CISA issues warning for cardiac device system vulnerability

Trust: 5.0

Fetched: July 7, 2023, 9:14 a.m., Published: July 4, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-31222

23-029 (July 5, 2023) - Threat Encyclopedia

Trust: 3.25

Fetched: July 7, 2023, 9:14 a.m., Published: July 5, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-36934

Medtronic identifies cybersecurity vulnerability in cardiac data system | MedTech Dive

Trust: 4.25

Fetched: July 7, 2023, 9:14 a.m., Published: July 5, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

PiiGAB M-Bus | CISA

Trust: 4.5

Fetched: July 7, 2023, 9:14 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: cross-site scripting, brute force attack, weak password...
Affected productsExternal IDs
db: NVD ids: CVE-2023-36859, CVE-2023-35120, CVE-2023-35765, CVE-2023-32652, CVE-2023-34433, CVE-2023-35987, CVE-2023-33868, CVE-2023-31277, CVE-2023-34995

TALOS-2023-1704 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Trust: 3.5

Fetched: July 7, 2023, 9:12 a.m., Published: July 6, 2023, midnight
 Vulnerabilities: cross-site scripting, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-24496, CVE-2023-24497

Cisco BroadWorks Privilege Escalation Vulnerability

Trust: 4.25

Fetched: July 7, 2023, 9:12 a.m., Published: July 5, 2023, 3:51 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

340,000+ Fortinet firewalls wide open to flaw - report • The Register

Trust: 4.75

Fetched: July 5, 2023, 9:13 a.m., Published: -
 Vulnerabilities: code execution, authentication vulnerability, buffer overflow
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997

Security Advisory for the FL MGUARD family of devices | Bosch PSIRT

Related entries in the VARIoT vulnerabilities database: VAR-202302-0482

Trust: 4.75

Fetched: July 5, 2023, 9:13 a.m., Published: July 3, 2023, midnight
 Vulnerabilities: input validation vulnerability
Affected productsExternal IDs
vendor: phoenix contact model: mguard smart2 vpn
vendor: phoenix contact model: mguard smart2
vendor: phoenix contact model: mguard
db: NVD ids: CVE-2023-2673, CVE-2022-4304

Samsung smartphones flaws included in the CISA vulnerability catalog

Related entries in the VARIoT vulnerabilities database: VAR-202110-0167, VAR-202103-1332, VAR-202110-0169

Trust: 4.5

Fetched: July 5, 2023, 9:07 a.m., Published: July 5, 2023, 6:29 a.m.
 Vulnerabilities: bounds access vulnerability, format string bug
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2021-25487, CVE-2021-25394, CVE-2021-25372, CVE-2021-25395, CVE-2021-25489, CVE-2023-21492, CVE-2021-25371

"Samsung and D-Link Under Cyber Threat: Eight New Vulnerabilities Detected by CISA" - NextdoorSec

Related entries in the VARIoT vulnerabilities database: VAR-202110-0167, VAR-201912-1012, VAR-202103-1332, VAR-202110-0169, VAR-202003-0963

Trust: 4.5

Fetched: July 5, 2023, 9:06 a.m., Published: July 4, 2023, 6:08 p.m.
 Vulnerabilities: command injection, command execution, input validation vulnerability
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dwl-2600ap
vendor: d-link model: dir-859
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2021-25487, CVE-2021-25394, CVE-2019-17621, CVE-2021-25372, CVE-2021-25489, CVE-2021-25395, CVE-2019-20500, CVE-2021-25371

Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability

Trust: 4.0

Fetched: July 4, 2023, 9:24 a.m., Published: June 22, 2023, 5:26 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco anyconnect secure mobility client
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: anyconnect secure mobility client software

CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices

Related entries in the VARIoT vulnerabilities database: VAR-202103-1332, VAR-202003-0963, VAR-202110-0167, VAR-202110-0169, VAR-201912-1012

Trust: 4.5

Fetched: July 4, 2023, 9:22 a.m., Published: July 3, 2023, 10:48 a.m.
 Vulnerabilities: input validation vulnerability, kernel panic, os command injection...
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: d-link model: dir-859
vendor: d-link model: router
vendor: d-link model: dwl-2600ap
db: NVD ids: CVE-2021-25371, CVE-2021-25372, CVE-2019-20500, CVE-2021-25395, CVE-2021-25487, CVE-2021-25489, CVE-2019-17621, CVE-2021-25394

336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202302-1271

Trust: 6.0

Fetched: July 4, 2023, 9:22 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-39952, CVE-2023-27997, CVE-2023-40684

​Mitsubishi Electric MELSEC-F Series | CISA

Trust: 5.75

Fetched: July 4, 2023, 9:21 a.m., Published: March 7, 2023, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: mitsubishi model: fx3g
vendor: mitsubishi model: fx3u
vendor: mitsubishi model: fx3s
vendor: mitsubishi model: fx3u-enet
vendor: mitsubishi model: fx3gc
vendor: mitsubishi model: fx3uc
vendor: mitsubishi model: fx3u-enet-adp
vendor: mitsubishi electric model: fx3g
vendor: mitsubishi electric model: fx3u
vendor: mitsubishi electric model: fx3s
vendor: mitsubishi electric model: fx3u-enet
vendor: mitsubishi electric model: fx3gc
vendor: mitsubishi electric model: fx3uc
vendor: mitsubishi electric model: fx3u-enet-adp
db: NVD ids: CVE-2023-2846

CVE-2023-27997 Vulnerability Scanner for FortiGate… | Bishop Fox

Trust: 4.5

Fetched: July 4, 2023, 9:20 a.m., Published: July 4, 2023, midnight
 Vulnerabilities: buffer overflow, memory corruption, code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997

Schneider Electric EcoStruxure Operator Terminal Expert | CISA

Trust: 5.25

Fetched: July 4, 2023, 9:20 a.m., Published: March 7, 2023, midnight
 Vulnerabilities: code injection, injection attack
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-1049