Sign-up

VARIoT news about IoT security

Critical Vulnerability in Nice eMerge E3 Security Devices: What You Need to Know | Windows Forum

Trust: 3.5

Fetched: April 29, 2025, 9:46 a.m., Published: May 29, 2025, midnight
 Vulnerabilities: default credentials, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-9441

CISA flags critical ICS vulnerabilities in Siemens, Schneider Electric, ABB equipment affecting critical sectors - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202504-1085, VAR-202504-1138, VAR-202504-1139, VAR-202504-1081, VAR-202504-1128, VAR-202504-1127, VAR-202504-1087, VAR-202504-1093, VAR-202504-1086, VAR-202504-1113, VAR-202504-1083, VAR-202504-1134, VAR-202504-1195, VAR-202504-1106, VAR-202504-1100, VAR-202504-1110, VAR-202504-1090

Trust: 4.5

Fetched: April 29, 2025, 9:45 a.m., Published: April 23, 2025, 10:51 a.m.
 Vulnerabilities: information exposure, sql injection
Affected productsExternal IDs
vendor: trend model: security
vendor: schneider model: m580
vendor: schneider model: modicon m580
vendor: codesys model: control
vendor: codesys model: runtime
vendor: codesys model: codesys
vendor: codesys model: web server
vendor: trend micro model: security
vendor: schneider electric model: m580
vendor: schneider electric model: modicon m580
vendor: siemens model: telecontrol server basic
db: NVD ids: CVE-2025-31351, CVE-2025-30003, CVE-2024-6407, CVE-2025-31352, CVE-2025-30030, CVE-2025-31349, CVE-2025-31343, CVE-2025-27539, CVE-2025-30031, CVE-2025-30002, CVE-2025-31353, CVE-2025-32475, CVE-2025-30032, CVE-2025-29931, CVE-2025-29905, CVE-2025-31350, CVE-2025-27540, CVE-2025-27495

FastCGI Library Vulnerability Exposes Embedded Devices to Code Execution Attacks

Trust: 5.0

Fetched: April 29, 2025, 9:44 a.m., Published: April 28, 2025, 10:19 a.m.
 Vulnerabilities: code execution, buffer overflow, integer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2025-23016

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop

Trust: 3.0

Fetched: April 29, 2025, 9:41 a.m., Published: April 24, 2025, 10:57 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Critical FastCGI Vulnerability (CVE-2025-23016) Exposes Embedded Devices to Remote Code Execution - UNDERCODE NEWS

Trust: 4.5

Fetched: April 29, 2025, 9:41 a.m., Published: April 28, 2025, 12:55 p.m.
 Vulnerabilities: code execution, integer overflow, command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-23016

Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends - Blog | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416, VAR-202401-2573, VAR-202401-1629

Trust: 4.25

Fetched: April 29, 2025, 9:28 a.m., Published: April 23, 2025, 4:05 a.m.
 Vulnerabilities: access control vulnerability, sql injection, authentication vulnerability...
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks
vendor: cisco model: netscaler gateway
vendor: trend model: security
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: netscaler
vendor: citrix model: application delivery controller
vendor: sonicwall model: sonicos
vendor: palo model: pan-os
vendor: palo model: networks globalprotect
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks
db: NVD ids: CVE-2024-3400, CVE-2023-36846, CVE-2023-36851, CVE-2023-36845, CVE-2023-36847, CVE-2023-46805, CVE-2023-36844, CVE-2023-48788, CVE-2023-4966, CVE-2024-21893, CVE-2023-6548, CVE-2024-20359, CVE-2024-21887, CVE-2024-40766, CVE-2023-6549, CVE-2024-47575, CVE-2024-21762, CVE-2024-23113

Siemens Industrial Edge Devices - Cyber & Coffee

Trust: 3.5

Fetched: April 29, 2025, 9:28 a.m., Published: April 10, 2025, 4:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: scalance
vendor: siemens model: simatic
vendor: siemens model: simatic ipc127e
vendor: siemens model: simatic ipc427e
vendor: siemens model: simatic ipc847e
vendor: siemens model: siemens simatic ipc227e
vendor: siemens model: simatic ipc227e
vendor: siemens model: siemens simatic ipc847e
vendor: siemens model: siemens simatic ipc127e
vendor: siemens model: siemens simatic ipc427e
db: NVD ids: CVE-2024-54092

Netizen: April 2025 Vulnerability Review | Netizen Blog and News

Trust: 5.25

Fetched: April 29, 2025, 9:27 a.m., Published: April 25, 2025, 8:57 p.m.
 Vulnerabilities: code execution, buffer overflow, privilege escalation...
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: tvos
vendor: apple model: macos
vendor: alsa model: alsa
db: NVD ids: CVE-2025-31200, CVE-2024-53197, CVE-2024-53150, CVE-2025-29824, CVE-2025-22457

IT Vulnerability Report: VMware, Microsoft Urged To Fix

Trust: 4.5

Fetched: April 29, 2025, 9:23 a.m., Published: April 7, 2025, 5:06 p.m.
 Vulnerabilities: authentication bypass, improper access control
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2025-24201, CVE-2025-23120, CVE-2025-2783, CVE-2025-26633, CVE-2025-2825, CVE-2024-20440, CVE-2025-29927, CVE-2024-20439, CVE-2025-22230

CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability - Blog | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202504-1178

Trust: 5.0

Fetched: April 29, 2025, 9:23 a.m., Published: April 18, 2025, 3:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-32433

Privilege Escalation Vulnerability in Chromium on Android - CVE-2025-3067

Trust: 5.75

Fetched: April 29, 2025, 9:22 a.m., Published: April 11, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2025-3067

Update Canonical Ubuntu Server: USN-7411-1: OpenVPN vulnerability

Trust: 4.25

Fetched: April 29, 2025, 9:21 a.m., Published: Jan. 29, 7411, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Vulnerability and Patch Management Standard | Enterprise Technology & Services

Trust: 3.5

Fetched: April 29, 2025, 9:20 a.m., Published: Feb. 12, 2024, 4:38 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: delegate model: delegate

CVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices, PoC Releases

Trust: 4.0

Fetched: April 29, 2025, 9:19 a.m., Published: April 28, 2025, 12:26 a.m.
 Vulnerabilities: code execution, memory overwrite, integer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-23016

What is Endpoint Vulnerability Management?

Trust: 3.75

Fetched: April 29, 2025, 9:16 a.m., Published: April 7, 2025, 6:32 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Zero-Day Attack Vectors: A Complete Guide | SentinelOne

Trust: 3.25

Fetched: April 29, 2025, 9:15 a.m., Published: April 22, 2025, 10:59 a.m.
 Vulnerabilities: sql injection, privilege escalation, code injection...
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: access points
vendor: cisco model: ios xe software
vendor: cisco model: series

iOS Vulnerability Lets Apps Disable Devices - CyberMaterial

Trust: 3.0

Fetched: April 29, 2025, 9:15 a.m., Published: April 28, 2025, 1:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-24091

OuttaTune: Bypassing Conditional Access in Microsoft Intune | CirriusTech | Serious About Tech

Trust: 3.5

Fetched: April 29, 2025, 9:14 a.m., Published: April 28, 2025, 8 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs

Critical ASUS Router Vulnerability Let Attackers Malicious Code Remotely

Related entries in the VARIoT vulnerabilities database: VAR-202504-1580

Trust: 6.0

Fetched: April 29, 2025, 9:13 a.m., Published: April 21, 2025, 8:52 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: routers
vendor: asus model: router
db: NVD ids: CVE-2025-2492

Apple Backports Fixes for Three Zero-day Vulnerabilities (CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085) - Qualys ThreatPROTECT

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.75

Fetched: April 29, 2025, 9:13 a.m., Published: -
 Vulnerabilities: authorization flaw, use after free
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: macos
db: NVD ids: CVE-2025-24200, CVE-2025-24201, CVE-2025-24085