VARIoT latest news about IoT security

MIRAT’s Vulnerability Scanners Make Sure Their Customer’s Businesses are Frisk-Free - iCrowdNewswire Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 16, 2021, 11:19 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

eavesdropping vulnerabilities Archives • Penetration Testing Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-0662, CVE-2021-0661, CVE-2021-0663

Smart Home Devices. More Security Vulnerabilities. Daniel Wroclawski, Consumer Reports. - Cybercrime Magazine Podcast - Podcast en iVoox Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 10, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping \| TechRadar Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping \| TechRadar Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

MediaTek chip vulnerabilities expose millions of Android devices to eavesdropping - TechRadar - OLTNEWS Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, 2:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Mozilla disables ‘low usage’ encryption feature to resolve Thunderbird HTTP/2 vulnerability \| The Daily Swig Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 8, 2021, 4:13 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38503, CVE-2021-38507, CVE-2021-38506

This chip flaw could have let malicious apps eavesdrop on Android phone users \| ZDNet Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	vivo	model:	vivo

db:

NVD

ids:

CVE-2021-0673, CVE-2021-0662, CVE-2021-0663, CVE-2021-0661

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping \| TechRadar Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

NVD - CVE-2021-21744 Related entries in the VARIoT vulnerabilities database: VAR-202110-0398 Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-21744

BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities \| CISA Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Aug. 16, 2021, midnight	Vulnerabilities: code execution

Affected products	External IDs

A List of Vulnerabilities Abused by Ransomware Groups Released by Researchers Related entries in the VARIoT vulnerabilities database: VAR-202107-1010, VAR-202108-1914, VAR-202109-1909, VAR-201912-0828, VAR-201906-0815, VAR-202102-0898 Trust: 3.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Sept. 20, 2021, 12:58 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks

db:

NVD

ids:

CVE-2021-28799, CVE-2021-26857, CVE-2021-30119, CVE-2021-34527, CVE-2021-30120, CVE-2021-36942, CVE-2021-30116, CVE-2021-40444, CVE-2021-34523, CVE-2021-27065, CVE-2021-31207, CVE-2021-26858, CVE-2019-7481, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, CVE-2018-13379, CVE-2021-26855, CVE-2021-20016, CVE-2021-34473

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability - Cisco Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Sept. 28, 2021, 2:52 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	cisco ios xe

A Vulnerability in Apple iOS and iPadOS Could Allow for Arbitrary Code Execution. Related entries in the VARIoT vulnerabilities database: VAR-202108-2057 Trust: 5.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: integer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	ipod touch
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2021-30883

Lights, Cameras…Vulnerabilities? Rise of Non-Business IoT Devices Putting North American Corporate Networks At Risk Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	paloaltonetworks	model:	palo alto networks
vendor:	paloaltonetworks	model:	firewall
vendor:	paloaltonetworks	model:	networks

Lights, Cameras…Vulnerabilities? Rise of Non-Business IoT Devices Putting North American Corporate Networks At Risk Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	paloaltonetworks	model:	palo alto networks
vendor:	paloaltonetworks	model:	firewall
vendor:	paloaltonetworks	model:	networks

Siemens PROFINET Devices (Update K) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201910-1595 Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	sinamics g150
vendor:	siemens	model:	sinamics gm150
vendor:	siemens	model:	simatic hmi
vendor:	siemens	model:	ek-ertec 200
vendor:	siemens	model:	simatic et 200ecopn
vendor:	siemens	model:	simatic et 200pro
vendor:	siemens	model:	ek-ertec
vendor:	siemens	model:	simatic s7-400 h v6
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	sinamics s120
vendor:	siemens	model:	sinumerik 840d
vendor:	siemens	model:	s7-410
vendor:	siemens	model:	s7-300
vendor:	siemens	model:	profinet driver
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	840d
vendor:	siemens	model:	sinamics dcp
vendor:	siemens	model:	simatic hmi comfort outdoor panels
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	ek-ertec 200p
vendor:	siemens	model:	sinumerik 840d sl
vendor:	siemens	model:	simatic s7-300 cpu
vendor:	siemens	model:	pn/pn coupler
vendor:	siemens	model:	simatic s7-410 v8
vendor:	siemens	model:	simatic cfu pa
vendor:	siemens	model:	sinamics g110m
vendor:	siemens	model:	simatic et 200al
vendor:	siemens	model:	simatic hmi ktp mobile panels
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ba
vendor:	siemens	model:	simatic et 200m
vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	simatic pn/pn coupler
vendor:	siemens	model:	simatic s7-400 pn/dp
vendor:	siemens	model:	sinamics dcm
vendor:	siemens	model:	s7-400 pn/dp
vendor:	siemens	model:	sinamics gl150
vendor:	siemens	model:	sinamics gh150
vendor:	siemens	model:	simatic s7-400
vendor:	siemens	model:	simatic hmi comfort panels
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hs
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-410
vendor:	siemens	model:	sinamics sm120
vendor:	siemens	model:	simatic s7-400 pn
vendor:	siemens	model:	simatic et 200mp im 155-5 pn ba
vendor:	siemens	model:	simatic profinet driver
vendor:	siemens	model:	simatic s7-400 pn/dp v7
vendor:	siemens	model:	sinamics s110
vendor:	siemens	model:	simatic et 200s
vendor:	siemens	model:	sinamics
vendor:	siemens	model:	simatic winac rtx
vendor:	siemens	model:	profinet io
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	simatic et 200mp im 155-5 pn hf
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hf
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	sinumerik 828d
vendor:	siemens	model:	simatic s7-300
vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	simatic et 200sp im 155-6 pn st
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-400 pn/dp v6
vendor:	siemens	model:	simatic s7-300 cpu family
vendor:	siemens	model:	s7-400
vendor:	siemens	model:	simatic et
vendor:	siemens	model:	dk standard ethernet controller
vendor:	siemens	model:	sinamics sl150
vendor:	siemens	model:	sinamics s150
vendor:	siemens	model:	simatic et 200mp
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ha
vendor:	siemens	model:	simatic tdc cp51m1
vendor:	siemens	model:	simatic s7-400 h
vendor:	siemens	model:	sinamics g130
vendor:	siemens	model:	simatic et 200mp im 155-5 pn st
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	simatic tdc cpu555
vendor:	siemens	model:	sinamics g120

db:

NVD

ids:

CVE-2019-10936

Fortinet : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0330, VAR-202108-0675, VAR-202111-0305, VAR-202110-0131, VAR-202108-0656, VAR-202111-0317, VAR-202107-1087, VAR-202107-1086, VAR-202107-0839, VAR-202104-0997, VAR-202111-0314, VAR-202106-1430, VAR-202110-0150, VAR-202111-0307, VAR-202111-0322, VAR-202111-0986, VAR-202111-0232, VAR-202111-0343, VAR-202108-0731, VAR-202107-0629, VAR-202111-0302, VAR-202110-0149, VAR-202108-1025, VAR-202107-0631, VAR-202111-0284, VAR-202107-0838, VAR-202107-1088, VAR-202111-0241, VAR-202111-0313, VAR-202108-0674, VAR-202110-0132, VAR-202108-0676, VAR-202107-0837, VAR-202108-0658, VAR-202108-0672, VAR-202109-0399, VAR-202107-0632, VAR-202107-0836, VAR-202109-0502, VAR-202110-0151, VAR-202108-0712, VAR-202108-0673, VAR-202111-0306, VAR-202108-2100, VAR-202108-0655, VAR-202108-0657, VAR-202109-0501, VAR-202111-0231, VAR-202108-0730, VAR-202109-0400 Trust: 5.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: improper access control, file upload vulnerability, information disclosure...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2021-36176, CVE-2021-32594, CVE-2021-36187, CVE-2021-24019, CVE-2021-32598, CVE-2021-36181, CVE-2021-26100, CVE-2021-26099, CVE-2021-26095, CVE-2021-24024, CVE-2021-36174, CVE-2021-26111, CVE-2021-36175, CVE-2021-36184, CVE-2021-41019, CVE-2021-32600, CVE-2021-26107, CVE-2021-36183, CVE-2021-26097, CVE-2021-24015, CVE-2021-42754, CVE-2021-36170, CVE-2021-26098, CVE-2021-24020, CVE-2021-36192, CVE-2021-26090, CVE-2021-26106, CVE-2021-36172, CVE-2021-36185, CVE-2021-32590, CVE-2021-24021, CVE-2021-32596, CVE-2021-26089, CVE-2021-32603, CVE-2021-32587, CVE-2009-1234, CVE-2021-24016, CVE-2021-24022, CVE-2021-26088, CVE-2021-36182, CVE-2021-36178, CVE-2021-36168, CVE-2021-32588, CVE-2021-36186, CVE-2021-24018, CVE-2021-32597, CVE-2021-32602, CVE-2021-36179, CVE-2021-32595, CVE-2021-26096, CVE-2021-24017

CVE-2021-42114 : Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitiga Trust: 4.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	dram	model:	dram
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2021-42114, CVE-2009-1234

NVD - CVE-2021-40117 Related entries in the VARIoT vulnerabilities database: VAR-202110-1351 Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	asa_5580_firmware
vendor:	cisco	model:	adaptive_security_appliance
vendor:	cisco	model:	asa_5545-x_firmware
vendor:	cisco	model:	asa_5580
vendor:	cisco	model:	asa_5505_firmware
vendor:	cisco	model:	asa_5555-x_firmware
vendor:	cisco	model:	asa_5585-x
vendor:	cisco	model:	asa_5525-x_firmware
vendor:	cisco	model:	asa_5585-x_firmware
vendor:	cisco	model:	asa_5505
vendor:	cisco	model:	asa_5512-x_firmware
vendor:	cisco	model:	asa_5515-x_firmware

db:

NVD

ids:

CVE-2021-40117

VARIoT news about IoT security