VARIoT latest news about IoT security

Exploring Vulnerabilities in Network Security Trust: 3.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 29, 2021, 2:27 p.m.	Vulnerabilities: cross-site scripting, input validation vulnerability, code execution...

Affected products

External IDs

vendor:	cisco	model:	access points
vendor:	cisco	model:	routers
vendor:	cisco	model:	asa software

IoT Device Vulnerability of Baby Monitors - Advanced Cybersecurity Experts Trust: 3.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 17, 2022, midnight	Vulnerabilities: buffer overflow

Affected products	External IDs

How Internet-Connected Devices In Your Home May Be Vulnerable To Hacking \| World Economic Forum Trust: 3.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

Researchers identify vulnerabilities in connected medical devices Trust: 3.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

Hackers Could Increase Medication Doses Through Infusion Pump Flaws \| WIRED Trust: 3.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Aug. 24, 2021, 11 a.m.	Vulnerabilities: code execution

Affected products	External IDs

These cybersecurity vulnerabilities could leave millions of connected medical devices open to attack \| ZDNet Related entries in the VARIoT vulnerabilities database: VAR-202111-1616, VAR-202111-1604, VAR-202111-1605 Trust: 6.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31888, CVE-2021-31887, CVE-2021-31886

Multiple Vulnerabilities in iCloud for Windows Could Allow for Arbitrary Code Execution Related entries in the VARIoT vulnerabilities database: VAR-202110-1685, VAR-202110-1677, VAR-202110-1611, VAR-202110-1684, VAR-202110-1620, VAR-202108-2122 Trust: 5.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:

apple

model:

icloud

db:

NVD

ids:

CVE-2021-30835, CVE-2021-30823, CVE-2021-30814, CVE-2021-30847, CVE-2021-30849, CVE-2021-30852

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk \| CSO Online Related entries in the VARIoT vulnerabilities database: VAR-202111-1616, VAR-202111-1605, VAR-202111-1604 Trust: 5.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 11, 2021, 7 a.m.	Vulnerabilities: denial of service, buffer overflow, improper validation...

Affected products

External IDs

vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31888, CVE-2021-31886, CVE-2021-31887

This dangerous Intel CPU vulnerability could allow attackers to break into your laptop \| TechRadar Trust: 4.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 16, 2021, 11:12 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-0146

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-1393, VAR-202110-1352, VAR-202110-0623, VAR-202110-0209, VAR-202111-0417, VAR-202110-1305, VAR-202108-0824, VAR-202110-1377, VAR-202111-0393, VAR-202111-0401, VAR-202110-1065, VAR-202109-0618, VAR-202111-0418, VAR-202110-0211, VAR-202110-1375, VAR-202110-1395, VAR-202110-0582, VAR-202110-0619, VAR-202110-1353, VAR-202110-0583, VAR-202111-0412, VAR-202110-0212, VAR-202110-1297, VAR-202110-1286, VAR-202110-0618, VAR-202111-0419, VAR-202110-1402, VAR-202110-0622, VAR-202110-1394, VAR-202110-1366, VAR-202110-0207, VAR-202110-1298, VAR-202110-1354, VAR-202109-0622, VAR-202108-0823, VAR-202109-0623, VAR-202109-0617, VAR-202110-1392, VAR-202110-0203, VAR-202110-0617, VAR-202111-0413, VAR-202111-0400, VAR-202110-1350, VAR-202110-1351, VAR-202109-0631, VAR-202110-1376, VAR-202111-0664, VAR-202110-1367, VAR-202109-0624, VAR-202110-0213 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: cross-site scripting, resource exhaustion, command injection...

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	snort	model:	snort
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	dna center
vendor:	cisco	model:	nexus
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	small business
vendor:	cisco	model:	series
vendor:	cisco	model:	webex
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	roomos
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	routers
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco unified communications manager

db:

NVD

ids:

CVE-2021-34790, CVE-2021-40116, CVE-2021-34760, CVE-2021-34748, CVE-2021-34784, CVE-2021-34761, CVE-2021-34749, CVE-2021-34792, CVE-2021-40126, CVE-2021-40115, CVE-2021-34762, CVE-2021-34786, CVE-2021-34774, CVE-2021-34758, CVE-2021-34794, CVE-2021-34781, CVE-2021-34743, CVE-2021-40121, CVE-2021-40114, CVE-2021-34738, CVE-2021-40124, CVE-2021-34766, CVE-2021-34756, CVE-2021-34754, CVE-2021-40122, CVE-2021-34773, CVE-2021-40125, CVE-2021-34789, CVE-2021-34783, CVE-2021-34764, CVE-2021-34742, CVE-2021-34755, CVE-2021-34787, CVE-2021-34746, CVE-2021-34745, CVE-2021-34759, CVE-2021-34785, CVE-2021-34791, CVE-2009-1234, CVE-2021-34782, CVE-2021-40123, CVE-2021-40120, CVE-2021-40128, CVE-2021-40118, CVE-2021-40117, CVE-2021-34771, CVE-2021-34793, CVE-2021-40119, CVE-2021-34763, CVE-2021-34765, CVE-2021-34772

Technical Advisory - Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284) - NCC Group Research Related entries in the VARIoT vulnerabilities database: VAR-202111-1568, VAR-202111-1567, VAR-202111-1566 Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 12, 2021, 3 p.m.	Vulnerabilities: command injection, default password, os command injection...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43282, CVE-2021-43283, CVE-2021-43284

NUCLEUS:13 TCP security bugs impact critical healthcare devices Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202111-1604, VAR-202111-1616 Trust: 5.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: improper validation, code execution

Affected products

External IDs

vendor:	treck	model:	tcp/ip stack
vendor:	siemens	model:	nucleus
vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus readystart

db:

NVD

ids:

CVE-2021-31886, CVE-2021-31887, CVE-2021-31888

Positive Technologies Discovers Vulnerability in Intel Processors Used in Laptops, Cars and Other Devices Trust: 4.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	tesla	model:	model 3
vendor:	tesla	model:	model

db:

NVD

ids:

CVE-2021-0146

Ubuntu : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-201803-0134, VAR-200504-0293, VAR-200704-0229, VAR-200704-0737 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: application crash, symlink attack, timing attack...

Affected products

External IDs

vendor:	freetype	model:	freetype
vendor:	dovecot	model:	dovecot
vendor:	clamav	model:	clamav
vendor:	canonical	model:	ubuntu linux
vendor:	canonical	model:	ubuntu
vendor:	perl	model:	perl
vendor:	cups	model:	cups
vendor:	x.org	model:	x.org
vendor:	x.org	model:	libxfont

db:

NVD

ids:

CVE-2005-3626, CVE-2011-4613, CVE-2006-3378, CVE-2005-0077, CVE-2011-1842, CVE-2006-3597, CVE-2009-3232, CVE-2004-0888, CVE-2013-1069, CVE-2005-4158, CVE-2015-1322, CVE-2017-14461, CVE-2005-0988, CVE-2006-5466, CVE-2005-0754, CVE-2004-1337, CVE-2008-6792, CVE-2005-0750, CVE-2009-0578, CVE-2008-2285, CVE-2009-1601, CVE-2014-1424, CVE-2015-5479, CVE-2005-0156, CVE-2015-2150, CVE-2009-1295, CVE-2009-1296, CVE-2006-5649, CVE-2005-3625, CVE-2005-0384, CVE-2007-5365, CVE-2013-2186, CVE-2005-1527, CVE-2008-4306, CVE-2005-0106, CVE-2007-4601, CVE-2006-6235, CVE-2005-0109, CVE-2007-1352, CVE-2005-0080, CVE-2006-0151, CVE-2008-0166, CVE-2009-1234, CVE-2006-1183, CVE-2006-7229, CVE-2006-5648, CVE-2011-0729, CVE-2008-4395, CVE-2005-0206, CVE-2005-3624, CVE-2013-1070, CVE-2007-1351, CVE-2009-0365, CVE-2006-3747

How to Scan for Vulnerabilities on Any Website Using Nikto " Null Byte :: WonderHowTo Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: sql injection, information disclosure, authentication bypass...

Affected products

External IDs

db:	NVD	ids:	CVE-2018-10933
db:	MICROSOFT	ids:	MS10-070

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-201705-3762, VAR-201705-3742 Trust: 4.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

hikvision

model:

hikvision

db:	ICS CERT	ids:	ICSA-17-124-01
db:	US CERT	ids:	ICSA-17-124-01

Device Vulnerability Management Market Size, Share, Industry Forecast 2028 Trust: 3.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	hewlett-packard company	model:	hewlett-packard company
vendor:	hewlett-packard	model:	hewlett-packard company
vendor:	google	model:	android

db:

NVD

ids:

CVE-2020-0601

NVD - CVE-2021-1586 Trust: 5.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	nexus_92160yc-x
vendor:	cisco	model:	nexus_92304qc
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	cisco nexus 9000 series
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nexus_9000v
vendor:	cisco	model:	nexus_92300yc
vendor:	cisco	model:	nexus
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	nexus 9000
vendor:	cisco systems	model:	nexus_92160yc-x
vendor:	cisco systems	model:	nexus_92304qc
vendor:	cisco systems	model:	nexus 9000 series
vendor:	cisco systems	model:	cisco nexus 9000 series
vendor:	cisco systems	model:	nx-os
vendor:	cisco systems	model:	nexus_9000v
vendor:	cisco systems	model:	nexus_92300yc
vendor:	cisco systems	model:	nexus
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	nexus 9000

db:

NVD

ids:

CVE-2021-1586

Researchers find 13 medical device vulnerabilities potentially capable of taking hospitals offline Trust: 3.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Vulnerability Analysis of Network Scanning on SCADA Systems Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	codesys	model:	linux
vendor:	codesys	model:	gateway
vendor:	codesys	model:	codesys
vendor:	codesys	model:	control
vendor:	codesys	model:	web server
vendor:	modbus	model:	slave
vendor:	siemens	model:	s7-1200 plc
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	dnp3
vendor:	siemens	model:	simatic s7-1200 plc
vendor:	cisco	model:	series
vendor:	cisco	model:	routers
vendor:	wireshark	model:	wireshark

VARIoT news about IoT security