VARIoT latest news about IoT security

Multiple Vulnerabilities in Qualcomm and Lenovo ARM-based Devices Related entries in the VARIoT vulnerabilities database: VAR-202301-0521 Trust: 4.25 Fetched: Jan. 15, 2023, 9:16 a.m., Published: Jan. 15, 2023, midnight	Vulnerabilities: code execution, information disclosure, buffer overflow

Affected products

External IDs

vendor:	lenovo	model:	system
vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2022-4432, CVE-2022-40518, CVE-2022-4434, CVE-2022-40519, CVE-2022-40520, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517, CVE-2022-3431, CVE-2022-3430

What are Zero-day Exploits and Vulnerabilities? Trust: 3.25 Fetched: Jan. 15, 2023, 9:15 a.m., Published: Feb. 3, 2022, noon	Vulnerabilities: denial of service, privilege escalation

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

ETIC Telecom Remote Access Server (RAS) \| CISA Trust: 4.75 Fetched: Jan. 15, 2023, 9:12 a.m., Published: Jan. 1, 2023, midnight	Vulnerabilities: path traversal, privilege escalation, directory traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40981, CVE-2022-41607, CVE-2022-3703

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities Trust: 3.0 Fetched: Jan. 15, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	service management
vendor:	cisco	model:	rv016
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	rv082
vendor:	cisco	model:	small business
vendor:	cisco	model:	rv042g
vendor:	cisco	model:	rv042
vendor:	cisco	model:	routers

InHand Networks InRouter \| CISA Trust: 4.5 Fetched: Jan. 15, 2023, 9:11 a.m., Published: -	Vulnerabilities: improper access control, command injection, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2023-22601, CVE-2023-22598, CVE-2023-22597, CVE-2023-22599, CVE-2023-22600

11 BEST Web Vulnerability Scanner (Website Scanning Tools) Trust: 4.25 Fetched: Jan. 13, 2023, 9:27 a.m., Published: Dec. 23, 2022, 5:58 a.m.	Vulnerabilities: injection attack, cross-site scripting, sql injection

Affected products

External IDs

vendor:	zoho	model:	manageengine vulnerability manager plus
vendor:	tripwire	model:	ip360
vendor:	google	model:	android

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Phila Communications Blog \| Philadelphia, PA \| Phila Communications Trust: 3.0 Fetched: Jan. 13, 2023, 9:27 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

China cyberwar: Beijing’s dominance in IoT & smart technology & vulnerabilities for India Trust: 3.75 Fetched: Jan. 13, 2023, 9:26 a.m., Published: Jan. 13, 2042, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

huawei

model:

huawei

CVE-2022-43389: OS Command Injection Vulnerability in Zyxel CPE devices - Haxf4rall Trust: 5.0 Fetched: Jan. 13, 2023, 9:26 a.m., Published: Jan. 12, 2023, 1:23 a.m.	Vulnerabilities: os command injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-43389

6 Search Engines Hackers Often Use to Find Vulnerabilities - AnonyViet - English Version Trust: 3.75 Fetched: Jan. 13, 2023, 9:25 a.m., Published: Jan. 10, 2023, 8:29 a.m.	Vulnerabilities: directory traversal, request forgery, sql injection

Affected products

External IDs

vendor:

google

model:

wifi

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 3.75 Fetched: Jan. 13, 2023, 9:24 a.m., Published: Jan. 12, 2023, 3:29 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	cpu 1516pro-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511-1 pn
vendor:	siemens	model:	cpu 1513r-1 pn
vendor:	siemens	model:	cpu 1516pro f-2 pn
vendor:	siemens	model:	cpu 1513f-1 pn
vendor:	siemens	model:	cpu 1515f-2
vendor:	siemens	model:	cpu 1513-1 pn
vendor:	siemens	model:	cpu 1512sp f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	simatic s7-1500 cpu 1511f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1517-3 pn
vendor:	siemens	model:	cpu 1512c-1 pn
vendor:	siemens	model:	cpu 1515-2
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	cpu 1512sp-1 pn
vendor:	siemens	model:	cpu 1511c-1 pn
vendor:	siemens	model:	cpu 1515t-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1518
vendor:	siemens	model:	simatic s7-1500 cpu 1515f-2 pn
vendor:	siemens	model:	cpu 1515r-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1513-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515-2 pn
vendor:	siemens	model:	simatic
vendor:	siemens	model:	cpu 1516-3
vendor:	siemens	model:	simatic s7-1500 cpu 1516-3 pn
vendor:	siemens	model:	cpu 1515tf-2 pn
vendor:	siemens	model:	cpu 1516f-3
vendor:	siemens	model:	simatic s7-1500 cpu 1513f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1512c
vendor:	siemens	model:	simatic s7-1500 cpu 1518-4 pn
vendor:	siemens	model:	cpu 1513pro f-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511c

db:

NVD

ids:

CVE-2022-38773

Old vulnerabilities in Cisco products actively exploited in the wildSecurity Affairs Related entries in the VARIoT vulnerabilities database: VAR-201803-1387, VAR-201803-1369, VAR-201802-0594, VAR-201709-0655 Trust: 4.75 Fetched: Jan. 13, 2023, 9:24 a.m., Published: Dec. 19, 2022, 9:07 p.m.	Vulnerabilities: buffer overflow, command injection

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	hyperflex
vendor:	cisco	model:	cisco hyperflex
vendor:	cisco	model:	ios software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	rv132w
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	rv134w
vendor:	cisco	model:	cisco ios xe

db:

NVD

ids:

CVE-2018-0171, CVE-2021-1497, CVE-2018-0147, CVE-2018-0125, CVE-2017-12240

Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability Trust: 4.25 Fetched: Jan. 13, 2023, 9:21 a.m., Published: Jan. 11, 2023, 3:47 p.m.	Vulnerabilities: cross-site scripting

Affected products	External IDs

Vulnerability Management as a Service (VMaaS): Ultimate Guide Trust: 3.5 Fetched: Jan. 13, 2023, 9:20 a.m., Published: Dec. 16, 2022, 2:15 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	antivirus
vendor:	trend	model:	security
vendor:	trend	model:	internet security

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability Trust: 5.5 Fetched: Jan. 13, 2023, 9:20 a.m., Published: Jan. 12, 2023, 1:51 p.m.	Vulnerabilities: security feature bypass, feature bypass

Affected products

External IDs

vendor:	google	model:	android
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	ip phone 7800

db:

NVD

ids:

CVE-2023-21563, CVE-2023-21743, CVE-2023-21674

New OpenSSL Vulnerabilities Are a Bigger Deal for IoT, but Our Customers Are Protected Trust: 3.75 Fetched: Jan. 13, 2023, 9:19 a.m., Published: Jan. 4, 2023, midnight	Vulnerabilities: memory corruption, denial of service, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-3786, CVE-2022-3602

Onboard to the Microsoft Defender for Endpoint service \| Microsoft Learn Trust: 3.0 Fetched: Jan. 13, 2023, 9:19 a.m., Published: Dec. 6, 2022, 12:10 a.m.	Vulnerabilities: configuration attack

Affected products	External IDs

Global Car Brands Had Multiple Hackable Vulnerabilities In Cars And Applications \| Spiceworks Trust: 4.0 Fetched: Jan. 13, 2023, 9:18 a.m., Published: Jan. 6, 2023, midnight	Vulnerabilities: code execution

Affected products	External IDs

Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 4.75 Fetched: Jan. 13, 2023, 9:18 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

siemens

model:

simatic

db:

NVD

ids:

CVE-2022-38773

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability Trust: 3.75 Fetched: Jan. 13, 2023, 9:11 a.m., Published: Aug. 17, 2022, 12:48 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	asa software
vendor:	cisco	model:	adaptive security device manager
vendor:	cisco	model:	device manager
vendor:	cisco	model:	intrusion prevention system
vendor:	cisco	model:	asdm
vendor:	cisco	model:	security device manager
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	firepower

VARIoT news about IoT security