Sign-up

VARIoT news about IoT security

13 Siemens Nucleus RTOS TCP/IP Stack Vulnerabilities Identified in Medical Devices - HIPAA Guidelines 101

Trust: 4.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 16, 2021, 10:07 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: nucleus rtos
vendor: siemens model: nucleus source code
vendor: siemens model: vstar
vendor: siemens model: nucleus readystart
vendor: siemens model: nucleus net
vendor: siemens model: nucleus

Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability - Cisco

Trust: 3.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 20, 2021, 3:12 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: firepower threat defense software
vendor: cisco model: firepower
vendor: cisco model: cisco firepower threat defense software
vendor: cisco model: cisco firepower management center
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower management center

Medical devices at risk from Siemens Nucleus vulnerabilities

Trust: 4.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 9, 2021, midnight
 Vulnerabilities: buffer overflow, denial of service, code execution
Affected productsExternal IDs
vendor: siemens model: nucleus

NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment - The Record by Recorded Future

Trust: 3.0

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 9, 2021, 4:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: nucleus

Critical remote code execution vulnerability in Linux Kernel TIPC module affects millions of devices. Patch immediately

Trust: 3.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 5:06 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

What’s the Most Vulnerable Device in Your Home? It’s Not What You Think

Trust: 3.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

CVE-2021-36260: Remotely hacking and spying on Hikvision CCTV systems with this zero-click vulnerability

Trust: 4.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 21, 2021, 10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2021-36260

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices

Related entries in the VARIoT vulnerabilities database: VAR-202109-0778, VAR-202109-0783, VAR-202109-0779, VAR-202109-0777, VAR-202109-1883, VAR-202109-0535, VAR-202109-0782, VAR-202109-0532, VAR-202109-0534, VAR-202109-0780, VAR-202109-0781, VAR-202109-0776, VAR-202109-0533

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 26, 2021, 11:51 a.m.
 Vulnerabilities: command execution, request forgery, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2021-23029, CVE-2021-23034, CVE-2021-23030, CVE-2021-23028, CVE-2021-23025, CVE-2021-23037, CVE-2021-23033, CVE-2021-23026, CVE-2021-23036, CVE-2021-23031, CVE-2021-23032, CVE-2021-23027, CVE-2021-23035

Google Android August 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices - REAL security

Related entries in the VARIoT vulnerabilities database: VAR-202109-0210, VAR-202109-0211, VAR-202109-0212, VAR-202109-0377, VAR-202109-0374

Trust: 5.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 17, 2021, 6:05 a.m.
 Vulnerabilities: buffer overflow, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: huawei model: huawei
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
db: NVD ids: CVE-2021-1916, CVE-2021-1920, CVE-2021-1919, CVE-2021-0519, CVE-2021-1972, CVE-2021-1976

What’s the Most Vulnerable Device in Your Home? It’s Not What You Think

Trust: 3.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

Zambia : Cyber Security decoded: understanding threats, vulnerabilities, and information security risks

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 9, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: essential model: phone

CRITICAL VULNERABILITY AFFECTING MILLIONS OF IOT DEVICES USING THROUGHTEK’S KALAY NETWORK " Cyber Security

Trust: 3.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 20, 2021, 10:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-2837

Vulnerability Summary for the Week of October 18, 2021 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202110-0434, VAR-202110-1038, VAR-202110-0438, VAR-202110-1124, VAR-202110-1207, VAR-202110-1131, VAR-202110-0414, VAR-202110-1129, VAR-202110-0386, VAR-202110-1139, VAR-202110-1032, VAR-202110-1296, VAR-202110-0392, VAR-202110-1551, VAR-202110-0379, VAR-202110-0608, VAR-202110-0396, VAR-202110-0413, VAR-202110-0393, VAR-202110-1013, VAR-202110-0397, VAR-202110-1116, VAR-202110-1117, VAR-202110-0579, VAR-202110-0582, VAR-202110-0615, VAR-202110-0613, VAR-202110-0398, VAR-202110-1127, VAR-202110-1133, VAR-202110-1130, VAR-202110-1132, VAR-202110-0622, VAR-202110-0631, VAR-202110-1620, VAR-202110-1119, VAR-202110-1134, VAR-202110-0378, VAR-202110-1684, VAR-202110-1550, VAR-202110-0439, VAR-202110-0616, VAR-202110-0387, VAR-202110-0412, VAR-202110-0617, VAR-202110-1511, VAR-202110-0583, VAR-202110-0443, VAR-202110-1512, VAR-202110-0609, VAR-202110-0399, VAR-202110-1226, VAR-202110-0623, VAR-202110-1118, VAR-202110-1321, VAR-202110-1621, VAR-202110-0618, VAR-202110-1685, VAR-202110-1128, VAR-202110-1034, VAR-202110-1513, VAR-202110-1208, VAR-202110-1123, VAR-202110-0436, VAR-202110-1514, VAR-202110-0619, VAR-202110-1126, VAR-202110-0409, VAR-202110-0401, VAR-202110-0395, VAR-202110-1125, VAR-202110-1263, VAR-202110-0410, VAR-202110-0614

Trust: 6.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 18, 2021, midnight
 Vulnerabilities: authentication bypass, request forgery, code execution...
Affected productsExternal IDs
vendor: trend_micro model: security
vendor: trend_micro model: worry-free business security
vendor: trend_micro model: worry-free business security services
vendor: cisco model: download manager
vendor: cisco model: cisco identity services engine
vendor: cisco model: telepresence management suite
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco meeting server
vendor: cisco model: router
vendor: cisco model: series
vendor: cisco model: session border controller
vendor: cisco model: cisco telepresence
vendor: cisco model: identity services engine
vendor: cisco model: catalyst
vendor: cisco model: telepresence
vendor: cisco model: cisco telepresence management suite
vendor: cisco model: sd-wan
vendor: cisco model: ios xe sd-wan software
vendor: cisco model: integrated_management_controller
vendor: cisco model: cisco meeting
vendor: cisco model: cisco integrated management controller
vendor: cisco model: integrated management controller
vendor: cisco model: identity_services_engine
vendor: cisco model: meeting_server
vendor: cisco model: telepresence_management_suite
vendor: cisco model: cisco ios
vendor: cisco model: webex
vendor: cisco model: meeting server
vendor: cisco model: cisco webex
vendor: cisco model: meeting
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: itunes
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: watchos
vendor: civetweb model: civetweb
vendor: node.js model: node.js
vendor: draytek model: vigorap 1000c
vendor: draytek model: vigorap
vendor: zoho model: manageengine applications manager
vendor: google model: wifi
vendor: google model: android
vendor: trend model: security
vendor: trend model: worry-free business security
vendor: trend model: worry-free business security services
vendor: trend micro model: security
vendor: trend micro model: worry-free business security
vendor: trend micro model: worry-free business security services
db: NVD ids: CVE-2021-31377, CVE-2021-31381, CVE-2021-35594, CVE-2021-31363, CVE-2021-42102, CVE-2021-42012, CVE-2021-35655, CVE-2021-1967, CVE-2021-35577, CVE-2021-35591, CVE-2021-30292, CVE-2021-41159, CVE-2021-1917, CVE-2021-41791, CVE-2021-41127, CVE-2021-0706, CVE-2021-35543, CVE-2021-35617, CVE-2021-42536, CVE-2021-38477, CVE-2021-1984, CVE-2020-23038, CVE-2021-35636, CVE-2021-42538, CVE-2021-42539, CVE-2021-38479, CVE-2021-35635, CVE-2021-31378, CVE-2021-35562, CVE-2021-39127, CVE-2021-30256, CVE-2021-35567, CVE-2021-38461, CVE-2021-35647, CVE-2021-35622, CVE-2021-35661, CVE-2021-35556, CVE-2021-35554, CVE-2021-35536, CVE-2020-36499, CVE-2021-2137, CVE-2021-35616, CVE-2021-31350, CVE-2021-1959, CVE-2021-35627, CVE-2021-31349, CVE-2021-35542, CVE-2021-1949, CVE-2021-39356, CVE-2021-35624, CVE-2021-39354, CVE-2020-23041, CVE-2020-27304, CVE-2021-35638, CVE-2021-35662, CVE-2021-31374, CVE-2020-23052, CVE-2020-28960, CVE-2021-31359, CVE-2021-21746, CVE-2020-36497, CVE-2021-42765, CVE-2021-0703, CVE-2021-38467, CVE-2020-36489, CVE-2021-35574, CVE-2021-34362, CVE-2021-1969, CVE-2020-28967, CVE-2021-42715, CVE-2021-25972, CVE-2021-35572, CVE-2021-2416, CVE-2021-35539, CVE-2020-23045, CVE-2021-31355, CVE-2020-23042, CVE-2021-27746, CVE-2021-21748, CVE-2021-35634, CVE-2021-35568, CVE-2020-23060, CVE-2021-42169, CVE-2020-36485, CVE-2021-42542, CVE-2021-31369, CVE-2021-35626, CVE-2021-31380, CVE-2021-42771, CVE-2021-35545, CVE-2021-41167, CVE-2021-25969, CVE-2021-31371, CVE-2020-23036, CVE-2021-35650, CVE-2021-2477, CVE-2021-42556, CVE-2021-41160, CVE-2021-2332, CVE-2021-42011, CVE-2021-1932, CVE-2021-35589, CVE-2021-35631, CVE-2021-36357, CVE-2021-35630, CVE-2021-31372, CVE-2021-0299, CVE-2021-42766, CVE-2021-42258, CVE-2021-31373, CVE-2021-38475, CVE-2021-35632, CVE-2021-41747, CVE-2021-35598, CVE-2021-35608, CVE-2021-42103, CVE-2020-23044, CVE-2021-21745, CVE-2020-36490, CVE-2021-30315, CVE-2021-1968, CVE-2021-35593, CVE-2021-30312, CVE-2021-38473, CVE-2021-2482, CVE-2021-2483, CVE-2020-36495, CVE-2021-38451, CVE-2020-23050, CVE-2021-35546, CVE-2020-36488, CVE-2021-39348, CVE-2021-35610, CVE-2020-28957, CVE-2021-29873, CVE-2021-2461, CVE-2021-34743, CVE-2021-2479, CVE-2021-2471, CVE-2021-35537, CVE-2020-23039, CVE-2021-31356, CVE-2020-36496, CVE-2021-42762, CVE-2021-35582, CVE-2021-31358, CVE-2021-21744, CVE-2020-28955, CVE-2021-38449, CVE-2021-30258, CVE-2021-25970, CVE-2021-35637, CVE-2021-42327, CVE-2021-42104, CVE-2021-38463, CVE-2021-35639, CVE-2021-41745, CVE-2021-1980, CVE-2021-1985, CVE-2021-34736, CVE-2021-35660, CVE-2020-23049, CVE-2021-35641, CVE-2021-35566, CVE-2021-2485, CVE-2021-2478, CVE-2021-42836, CVE-2021-29883, CVE-2021-1983, CVE-2021-35561, CVE-2021-35559, CVE-2021-34789, CVE-2021-30302, CVE-2021-35560, CVE-2021-41135, CVE-2021-0651, CVE-2021-41133, CVE-2020-36501, CVE-2021-31834, CVE-2021-38453, CVE-2021-35612, CVE-2021-35657, CVE-2021-31353, CVE-2021-35576, CVE-2021-35633, CVE-2021-42261, CVE-2021-20120, CVE-2021-38485, CVE-2021-35570, CVE-2021-35654, CVE-2020-36493, CVE-2021-30849, CVE-2021-35227, CVE-2021-35596, CVE-2021-30306, CVE-2021-39126, CVE-2021-1977, CVE-2021-21747, CVE-2021-41168, CVE-2021-42716, CVE-2021-0483, CVE-2021-2484, CVE-2021-35643, CVE-2021-0870, CVE-2021-30847, CVE-2021-42764, CVE-2021-31360, CVE-2021-35225, CVE-2021-31362, CVE-2021-31382, CVE-2021-42105, CVE-2021-31352, CVE-2020-28961, CVE-2021-35606, CVE-2021-38459, CVE-2021-35656, CVE-2021-41171, CVE-2021-35588, CVE-2020-23058, CVE-2020-14263, CVE-2021-35228, CVE-2020-23046, CVE-2021-35601, CVE-2021-0296, CVE-2021-35597, CVE-2021-35550, CVE-2021-25971, CVE-2021-30316, CVE-2021-35583, CVE-2021-31383, CVE-2021-35602, CVE-2021-35553, CVE-2021-28496, CVE-2020-23061, CVE-2021-38457, CVE-2021-35658, CVE-2021-40123, CVE-2021-35573, CVE-2021-30850, CVE-2021-29835, CVE-2021-41163, CVE-2021-0298, CVE-2020-23051, CVE-2020-28328, CVE-2021-41790, CVE-2020-28969, CVE-2021-34738, CVE-2021-0643, CVE-2021-42534, CVE-2021-35565, CVE-2021-41169, CVE-2021-42107, CVE-2021-35665, CVE-2021-38478, CVE-2020-36494, CVE-2021-30843, CVE-2021-31366, CVE-2021-41149, CVE-2021-3889, CVE-2020-28964, CVE-2021-31354, CVE-2021-0705, CVE-2021-35613, CVE-2021-21743, CVE-2021-35619, CVE-2021-35604, CVE-2020-28956, CVE-2021-35645, CVE-2021-30305, CVE-2021-0708, CVE-2021-0652, CVE-2020-23037, CVE-2021-24702, CVE-2021-35595, CVE-2020-23054, CVE-2021-35541, CVE-2021-35666, CVE-2020-23055, CVE-2021-35659, CVE-2021-41150, CVE-2020-36498, CVE-2021-35644, CVE-2020-23048, CVE-2021-35642, CVE-2021-31351, CVE-2021-41146, CVE-2021-2414, CVE-2021-35603, CVE-2021-36512, CVE-2021-39352, CVE-2021-34760, CVE-2021-30310, CVE-2021-35563, CVE-2021-2476, CVE-2021-30304, CVE-2021-35590, CVE-2021-35540, CVE-2021-35640, CVE-2021-35575, CVE-2021-35646, CVE-2021-38469, CVE-2021-42299, CVE-2021-35549, CVE-2021-30848, CVE-2021-42108, CVE-2011-1075, CVE-2021-35580, CVE-2021-35653, CVE-2021-35230, CVE-2021-2481, CVE-2021-35618, CVE-2021-31682, CVE-2021-35649, CVE-2021-40122, CVE-2021-35592, CVE-2021-35578, CVE-2021-1529, CVE-2021-38471, CVE-2021-30835, CVE-2021-42540, CVE-2021-30257, CVE-2021-23452, CVE-2021-41792, CVE-2020-11303, CVE-2021-42740, CVE-2021-36869, CVE-2021-30842, CVE-2021-35625, CVE-2021-35652, CVE-2021-3455, CVE-2021-35629, CVE-2021-35569, CVE-2021-35586, CVE-2021-35512, CVE-2021-31384, CVE-2021-42096, CVE-2021-31376, CVE-2021-1936, CVE-2021-41744, CVE-2021-30297, CVE-2021-31375, CVE-2021-35551, CVE-2021-31367, CVE-2021-3454, CVE-2021-39321, CVE-2021-1966, CVE-2021-31365, CVE-2021-35623, CVE-2021-2474, CVE-2020-28963, CVE-2021-42101, CVE-2020-36502, CVE-2021-31361, CVE-2020-23040, CVE-2021-30841, CVE-2021-35538, CVE-2021-35564, CVE-2021-23139, CVE-2021-39328, CVE-2021-35611, CVE-2021-40121, CVE-2020-23047, CVE-2021-30288, CVE-2021-31386, CVE-2021-2480, CVE-2021-35557, CVE-2021-35581, CVE-2021-0297, CVE-2021-35621, CVE-2021-21749, CVE-2021-42106, CVE-2021-38465, CVE-2021-35648, CVE-2020-36486, CVE-2021-30291, CVE-2021-35585, CVE-2021-31370, CVE-2021-38481, CVE-2021-35609, CVE-2021-35651, CVE-2020-28968, CVE-2021-28975, CVE-2021-40719, CVE-2021-2475, CVE-2021-0702, CVE-2021-1913, CVE-2020-36492, CVE-2021-35552, CVE-2021-31385, CVE-2021-3888, CVE-2021-31364, CVE-2021-38896, CVE-2021-31357, CVE-2020-23043, CVE-2020-36491, CVE-2021-35584, CVE-2021-42097, CVE-2021-22034, CVE-2021-35620, CVE-2021-38455, CVE-2021-35558, CVE-2021-30359, CVE-2021-35571, CVE-2021-31379, CVE-2021-31368, CVE-2021-39357, CVE-2021-31835, CVE-2021-35628, CVE-2021-35599, CVE-2021-42739, CVE-2021-42840, CVE-2021-35607

BrakTooth vulnerability impacts Bluetooth devices - SlashGear

Trust: 4.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 7, 2021, 10:53 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-28139

Dell detected device vulnerabilities: how to protect yourself

Related entries in the VARIoT vulnerabilities database: VAR-202105-0569

Trust: 3.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: May 7, 2021, 9:32 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-21551

FreakOut botnet now attacks vulnerable video DVR devices - DogecoinCryptoNews

Trust: 4.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 12, 2021, 4:31 p.m.
 Vulnerabilities: script injection, command injection
Affected productsExternal IDs
vendor: genexis model: platinum 4410
vendor: genexis model: platinum
db: NVD ids: CVE-2020-28188, CVE-2019-12725, CVE-2020-15568, CVE-2021-2900, CVE-2020-25494

QNAP NAS Multiple Vulnerabilities

Trust: 3.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 13, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-34346, CVE-2021-28813, CVE-2018-19957, CVE-2021-34344, CVE-2021-28816, CVE-2021-34345, CVE-2021-34343

FDA urges return of vulnerable, recalled Medtronic remote insulin pump controllers

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 6, 2021, 1:14 p.m.
 Vulnerabilities: replay attack
Affected productsExternal IDs
vendor: medtronic model: minimed 508
vendor: medtronic model: minimed 508 insulin pump

Understanding PrintNightmare: a Print Spooler Vulnerability

Trust: 3.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 13, 2021, 10:49 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs

Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution | The Daily Swig

Trust: 3.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 31, 2021, 11:05 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs