VARIoT latest news about IoT security

FireEye, CISA Warn of Critical IoT Device Vulnerability Trust: 3.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Jan. 17, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

watch

db:

NVD

ids:

CVE-2021-28372

Israeli spy tech firm exploited vulnerability on ALL IPHONE devices to implant ‘Pegasus’ malware - report. This is classic Israeli backdoor access to computer systems that allowed 9/11 to be pulled off - see The Trigger - David Icke Trust: 3.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Sept. 11, 2021, midnight	Vulnerabilities: integer overflow

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	iphone

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Sept. 18, 2021, 10:06 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

NVD - CVE-2021-28816 Trust: 4.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2021-28816

Vulnerabilities in Device Drivers From 20 Vendors Expose PCs to Persistent Malware \| SecurityWeek.Com Trust: 3.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	lenovo	model:	system
vendor:	lenovo	model:	bios
vendor:	huawei	model:	huawei
vendor:	asus	model:	asus
vendor:	asus	model:	bmc firmware

Product Security \| Axis Communications Trust: 3.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	axis communications	model:	communications
vendor:	axis communications	model:	axis
vendor:	axis	model:	communications
vendor:	axis	model:	axis

db:

NVD

ids:

CVE-2021-31988, CVE-2021-31987, CVE-2021-31986

Zoom Patches Multiple Vulnerabilities - GovInfoSecurity Trust: 5.5 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Sept. 17, 2021, midnight	Vulnerabilities: remote command injection, command injection, code execution...

Affected products

External IDs

vendor:	zoom	model:	zoom
vendor:	zoom	model:	client
vendor:	zoom	model:	zoom client

db:

NVD

ids:

CVE-2021-34415, CVE-2021-34421, CVE-2021-34419, CVE-2021-34418, CVE-2021-34422, CVE-2021-34417, CVE-2021-34414, CVE-2021-34420

Vulnerabilities (CVE) - OpenCVE Trust: 4.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: May 4, 2021, midnight	Vulnerabilities: os command injection, use after free, denial of service...

Affected products

External IDs

vendor:	pexip	model:	infinity
vendor:	pexip	model:	pexip infinity

FireEye, CISA Warn of Critical IoT Device Vulnerability Trust: 3.75 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

watch

db:

NVD

ids:

CVE-2021-28372

These are the 20 most common phone PINs: Is your device vulnerable? Trust: 3.5 Fetched: Jan. 18, 2022, 11:55 a.m., Published: Dec. 8, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	iphone
vendor:	ring	model:	ring
vendor:	asus	model:	asus
vendor:	google	model:	home
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung

Zoom Patches Multiple Vulnerabilities - BankInfoSecurity Trust: 5.5 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Sept. 13, 2021, midnight	Vulnerabilities: remote command injection, command injection, code execution...

Affected products

External IDs

vendor:	zoom	model:	zoom
vendor:	zoom	model:	client
vendor:	zoom	model:	zoom client

db:

NVD

ids:

CVE-2021-34415, CVE-2021-34421, CVE-2021-34419, CVE-2021-34418, CVE-2021-34422, CVE-2021-34417, CVE-2021-34414, CVE-2021-34420

'BotenaGo' Malware Targets Routers, IoT Devices with Over 30 Exploits \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-201311-0288, VAR-202001-0633, VAR-202007-0064, VAR-202003-1707, VAR-201702-0952, VAR-201502-0201, VAR-201704-0303, VAR-202002-1447, VAR-202007-1256, VAR-202003-0363, VAR-201805-0262, VAR-201905-0651, VAR-201403-0306, VAR-201703-1017, VAR-201612-0015, VAR-201805-0263 Trust: 3.75 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	comtrend	model:	vr-3033
vendor:	zoom	model:	zoom
vendor:	zoom	model:	client
vendor:	draytek	model:	routers

db:

NVD

ids:

CVE-2013-5223, CVE-2019-19824, CVE-2020-10987, CVE-2020-9054, CVE-2017-6077, CVE-2015-2051, CVE-2016-1555, CVE-2020-8515, CVE-2018-10088, CVE-2020-9377, CVE-2020-10173, CVE-2018-10561, CVE-2017-18368, CVE-2014-2321, CVE-2017-6334, CVE-2016-6277, CVE-2016-11021, CVE-2020-8958, CVE-2013-3307, CVE-2018-10562

ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities \| SecurityWeek.Com Trust: 4.5 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: path traversal, denial of service, code execution...

Affected products

External IDs

vendor:	siemens	model:	siprotec
vendor:	siemens	model:	sinec nms
vendor:	siemens	model:	scalance
vendor:	siemens	model:	desigo cc
vendor:	siemens	model:	teamcenter
vendor:	siemens	model:	ruggedcom
vendor:	siemens	model:	sinema remote connect server
vendor:	siemens	model:	siprotec 5
vendor:	siemens	model:	simatic
vendor:	siemens	model:	sinema remote connect
vendor:	siemens	model:	sinema server
vendor:	siemens	model:	simatic net
vendor:	schneider	model:	scadapack
vendor:	schneider	model:	ecostruxure control expert
vendor:	schneider	model:	modicon m340 plc
vendor:	schneider	model:	m340 plc
vendor:	schneider	model:	modicon m340
vendor:	schneider	model:	m340
vendor:	schneider	model:	control expert
vendor:	schneider	model:	struxureware data center expert
vendor:	schneider	model:	struxureware data center
vendor:	schneider electric	model:	scadapack
vendor:	schneider electric	model:	ecostruxure control expert
vendor:	schneider electric	model:	modicon m340 plc
vendor:	schneider electric	model:	m340 plc
vendor:	schneider electric	model:	modicon m340
vendor:	schneider electric	model:	m340
vendor:	schneider electric	model:	control expert
vendor:	schneider electric	model:	struxureware data center expert
vendor:	schneider electric	model:	struxureware data center

NVD - CVE-2021-40825 Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-40825

Vulnerability Assessment \| Vulnerability Assessment Tool - ManageEngine Vulnerability Manager Plus Trust: 3.75 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

trend

model:

security

Message: "At Risk: Your Vulnerability Protection definitions are not up-to-date. Your Mac may be at risk." Trust: 3.25 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Researcher Releases Updated 0-Day Vulnerability for Windows Systems after Patch Tuesday Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379

Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202108-2172, VAR-202108-1057 Trust: 3.25 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 14, 2022, 8:53 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-30858, CVE-2021-30860

xorl %eax, %eax Trust: 3.5 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	trend	model:	security
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	google	model:	android
vendor:	google	model:	chrome

Device Health Checker Services - Apps on Google Play Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

oneplus

model:

oneplus

VARIoT news about IoT security