Sign-up

VARIoT news about IoT security

Honeywell Experion PKS Vulnerabilities Found by Claroty

Trust: 4.25

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 5, 2021, 4:26 p.m.
 Vulnerabilities: directory traversal, code execution, path traversal...
Affected productsExternal IDs
vendor: siemens model: simatic
vendor: honeywell model: experion process knowledge system
vendor: honeywell model: experion
vendor: honeywell model: honeywell experion process knowledge system
db: NVD ids: CVE-2021-38397, CVE-2021-38395, CVE-2021-38399

Cisco patches multiple critical IOS XE vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202109-0245

Trust: 5.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 28, 2021, 3:30 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: catalyst
vendor: cisco model: access points
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: sd-wan
vendor: cisco model: catos
db: NVD ids: CVE-2021-1619, CVE-2021-34727, CVE-2021-34770

New WinRAR Trialware Vulnerability Allows MiTM Attacks - TechNadu

Trust: 5.0

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 22, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: rarlab model: winrar
db: NVD ids: CVE-2021-35052

AMD's Radeon vulnerability haul shows why you should always update your GPU drivers | PC Gamer

Trust: 4.0

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 12, 2021, 11:58 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: serve model: serve

Top IoT security issues and challenges (2021) - Thales

Trust: 3.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 17, 2021, midnight
 Vulnerabilities: weak password, default credentials
Affected productsExternal IDs

Vulnerability mapping with Kali linux - Infosec Resources

Trust: 4.25

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 3, 2021, 10:57 p.m.
 Vulnerabilities: default password, default credentials, sql injection
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: router
db: NVD ids: CVE-2013-0232

ManageEngine Endpoint Security Suite: Patch management, device control, and vulnerability scanning | 4sysops

Trust: 3.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: privilege elevation
Affected productsExternal IDs
vendor: zoho corporation model: manageengine patch manager plus
vendor: zoho model: manageengine patch manager plus

Critical Vulnerability Affects Millions of IoT Devices | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Trust: 4.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Aug. 18, 2021, 4:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-28372

CISA issues advisory about Siemens software vulnerabilities | Healthcare IT News

Trust: 4.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 11, 2021, 8:13 p.m.
 Vulnerabilities: denial of service, information leak, code execution
Affected productsExternal IDs
vendor: siemens model: nucleus
vendor: trend model: security

Siemens software vulnerabilities potentially put millions of medical devices at risk | Healthcare Dive

Trust: 3.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 11, 2021, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: siemens model: nucleus

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

Related entries in the VARIoT vulnerabilities database: VAR-202109-0245

Trust: 4.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 24, 2021, 7:26 a.m.
 Vulnerabilities: buffer overflow, code execution, authentication bypass
Affected productsExternal IDs
vendor: cisco systems model: ios xe
vendor: cisco systems model: cisco sd-wan
vendor: cisco systems model: catalyst
vendor: cisco systems model: access points
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: asr 1000
vendor: cisco systems model: asr 1000 series
vendor: cisco systems model: sd-wan vmanage software
vendor: cisco systems model: cisco ios
vendor: cisco systems model: routers
vendor: cisco systems model: series integrated services routers
vendor: cisco systems model: cisco systems
vendor: cisco systems model: wireless controller
vendor: cisco systems model: sd-wan
vendor: cisco systems model: cloud services router 1000v
vendor: cisco systems model: cloud services router
vendor: cisco systems model: router
vendor: cisco systems model: ios xe software
vendor: cisco systems model: sd-wan vmanage
vendor: cisco systems model: series
vendor: cisco systems model: integrated services routers
vendor: cisco systems model: 1000v
vendor: cisco systems model: ios xe sd-wan software
vendor: cisco model: ios xe
vendor: cisco model: cisco sd-wan
vendor: cisco model: catalyst
vendor: cisco model: access points
vendor: cisco model: cisco ios xe
vendor: cisco model: asr 1000
vendor: cisco model: asr 1000 series
vendor: cisco model: sd-wan vmanage software
vendor: cisco model: cisco ios
vendor: cisco model: routers
vendor: cisco model: series integrated services routers
vendor: cisco model: cisco systems
vendor: cisco model: wireless controller
vendor: cisco model: sd-wan
vendor: cisco model: cloud services router 1000v
vendor: cisco model: cloud services router
vendor: cisco model: router
vendor: cisco model: ios xe software
vendor: cisco model: sd-wan vmanage
vendor: cisco model: series
vendor: cisco model: integrated services routers
vendor: cisco model: 1000v
vendor: cisco model: ios xe sd-wan software
db: NVD ids: CVE-2021-1619, CVE-2021-34727, CVE-2021-34770

CVE - CVE-2021-1450

Trust: 5.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: anyconnect secure mobility client
vendor: cisco systems model: cisco systems
vendor: cisco systems model: cisco anyconnect secure mobility client
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: cisco systems
vendor: cisco model: cisco anyconnect secure mobility client
db: NVD ids: CVE-2021-1450

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions - Microsoft Security Response Center

Trust: 4.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 5, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-38645, CVE-2021-38648, CVE-2021-38647, CVE-2021-38649

25+ Cyber Security Vulnerability Statistics and Facts of 2022

Trust: 4.25

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 15, 2021, 1:46 p.m.
 Vulnerabilities: improper access control, cross-site scripting, information leakage...
Affected productsExternal IDs
vendor: check point model: check point
vendor: palo model: networks
vendor: palo model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
db: NVD ids: CVE-1999-0517, CVE-2017-0144

Apple Issues Urgent Software Update To Patch Spyware Vulnerability | ZeroHedge

Trust: 3.0

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 14, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-30858

What’s the Most Vulnerable Device in Your Home? It’s Not What You Think

Trust: 3.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 13, 2021, 8:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Windows RDP Client Porting Critical Vulnerabilities to Hyper-V Manager | McAfee Blogs

Trust: 4.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 9, 2021, 6:02 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2020-1374, CVE-2021-38666, CVE-2021-34535, CVE-2019-0708

Apple Data Breaches: Full Timeline Through 2021

Trust: 3.5

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 15, 2021, 5 a.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: ipad

Demon's Cries vulnerability (some NETGEAR smart switches) - gynvael.coldwind//vx.log

Related entries in the VARIoT vulnerabilities database: VAR-202109-1066

Trust: 5.25

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 17, 2021, midnight
 Vulnerabilities: buffer overflow, authentication bypass
Affected productsExternal IDs
vendor: canary model: canary
vendor: netgear model: gs750e
vendor: netgear model: gs752tpv2
vendor: netgear model: gs108e
vendor: netgear model: gs724tpv2
vendor: netgear model: gs728tppv2
vendor: netgear model: gs105e
vendor: netgear model: gs752tpp
vendor: netgear model: gs728tpv2
db: NVD ids: CVE-2021-40866

iPhone Security Vulnerability Can Expose Users to Hackers: How to Fix Major Issue | iTech Post

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 4.75

Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 12, 2021, 2:13 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: ipad
db: NVD ids: CVE-2021-30883