Sign-up

VARIoT news about IoT security

ALAS-2024-2709

Trust: 3.75

Fetched: Dec. 20, 2024, 9:32 a.m., Published: Dec. 20, 2024, 1 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: opensc model: opensc
db: NVD ids: CVE-2024-45616, CVE-2024-45620, CVE-2024-45618, CVE-2024-45615, CVE-2024-45619, CVE-2024-45617

Breached but not broken.

Trust: 3.75

Fetched: Dec. 20, 2024, 9:32 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome

US eyes ban on TP-Link routers amid cybersecurity concerns | CSO Online

Trust: 3.0

Fetched: Dec. 20, 2024, 9:32 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers

Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source Software phpLDAPadmin

Trust: 4.75

Fetched: Dec. 20, 2024, 9:30 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: code injection, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-9101

Tibbo AggreGate Network Manager | CISA

Trust: 4.5

Fetched: Dec. 20, 2024, 9:27 a.m., Published: Dec. 20, 2024, midnight
 Vulnerabilities: file upload vulnerability, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: tibbo model: aggregate
vendor: trend micro model: security
db: NVD ids: CVE-2024-12700

The Kia Vulnerability: A Wake-Up Call for IoT Security

Trust: 3.0

Fetched: Dec. 20, 2024, 9:26 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Devices Running Microsoft Teams Allow for Buffer Overflow Vulnerability - Neat Support

Trust: 3.25

Fetched: Dec. 20, 2024, 9:25 a.m., Published: Dec. 19, 2024, 10:25 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

CVE-2023-3595, CVE-2023-3596: Rockwell Automation ControlLogix Vulnerabilities Disclosed - Blog | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202307-1042, VAR-202307-1163

Trust: 5.25

Fetched: Dec. 20, 2024, 9:24 a.m., Published: July 12, 2023, 12:13 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: automation allen-bradley controllogix
vendor: rockwell automation model: automation controllogix
vendor: rockwell model: controllogix
vendor: rockwell model: automation allen-bradley controllogix
vendor: rockwell model: automation controllogix
db: NVD ids: CVE-2023-3596, CVE-2023-3595

Mirion Technologies Telemetry Enabled Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201709-1107, VAR-201709-1106

Trust: 5.75

Fetched: Dec. 20, 2024, 9:23 a.m., Published: Dec. 20, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: mirion technologies model: ipam transmitter f/dmc
vendor: mirion technologies model: external transmitters
vendor: mirion technologies model: rds-31 itx
vendor: mirion technologies model: drm-1/2
vendor: mirion technologies model: rsd31-am
vendor: mirion technologies model: dmc 3000
vendor: mirion technologies model: dmc 3000 transmitter module
vendor: mirion technologies model: ipam transmitter f/dmc 2000
vendor: mirion technologies model: telepole ii
vendor: mirion technologies model: dmc 3000 transmitter
vendor: mirion technologies model: mesh repeater
vendor: mirion technologies model: rds-31
vendor: mirion model: ipam transmitter f/dmc
vendor: mirion model: external transmitters
vendor: mirion model: rds-31 itx
vendor: mirion model: drm-1/2
vendor: mirion model: rsd31-am
vendor: mirion model: dmc 3000
vendor: mirion model: dmc 3000 transmitter module
vendor: mirion model: ipam transmitter f/dmc 2000
vendor: mirion model: telepole ii
vendor: mirion model: dmc 3000 transmitter
vendor: mirion model: mesh repeater
vendor: mirion model: rds-31
db: NVD ids: CVE-2017-9649, CVE-2017-9645

Yealink Device Management Command Injection Vulnerability

Trust: 4.0

Fetched: Dec. 20, 2024, 9:19 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs

Secure Endpoint Data Sheet - Cisco

Trust: 3.25

Fetched: Dec. 18, 2024, 9:56 a.m., Published: Dec. 11, 2024, 8:52 a.m.
 Vulnerabilities: privilege escalation, access violation
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: android
vendor: cisco model: service portal

Update Canonical Ubuntu Desktop: USN-7155-1: Linux kernel (NVIDIA) vulnerabilities

Trust: 3.25

Fetched: Dec. 18, 2024, 9:54 a.m., Published: Jan. 18, 7155, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

FBI Sounds Alarm: Secure Your Web Cameras and DVRs Against HiatusRAT - CloudSEK News

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782, VAR-201705-3762, VAR-201804-1666, VAR-202109-1875

Trust: 3.75

Fetched: Dec. 18, 2024, 9:53 a.m., Published: Dec. 17, 2024, 11:14 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2020-25078, CVE-2017-7921, CVE-2021-36260, CVE-2018-9995, CVE-2021-33044

Cyber Daily 11/25: Google Pixel & Apple Users Urged to Update Devices, Critical 7-Zip & QNAP Vulnerabilities, DoJ Seizes PopeyeTools, Deepfake Fraud Exposed

Trust: 4.5

Fetched: Dec. 18, 2024, 9:52 a.m., Published: Nov. 25, 2024, 7:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: essential model: phone
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-48860, CVE-2024-43047, CVE-2024-48861

CISA Releases 7 ICS Security Advisories For Critical Vulnerabilities

Trust: 4.5

Fetched: Dec. 18, 2024, 9:48 a.m., Published: Nov. 26, 2024, 10:56 a.m.
 Vulnerabilities: authorization issue, resource consumption issue, authentication bypass...
Affected productsExternal IDs
vendor: myscada model: mypro
vendor: schneider electric model: m340 cpus
vendor: schneider electric model: premium
vendor: schneider electric model: m340
vendor: schneider electric model: modicon m340
vendor: schneider model: m340 cpus
vendor: schneider model: premium
vendor: schneider model: m340
vendor: schneider model: modicon m340
db: NVD ids: CVE-2024-8933, CVE-2024-8525, CVE-2024-8526, CVE-2024-6876

Automation Secures IoT Devices Against Cyber Threats | We Are CORTEX

Trust: 3.75

Fetched: Dec. 18, 2024, 9:48 a.m., Published: Dec. 16, 2024, 9 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs

Rockwell Automation PowerMonitor 1000 Remote | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202412-2454

Trust: 4.25

Fetched: Dec. 18, 2024, 9:47 a.m., Published: -
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: rockwell automation model: powermonitor 1000
vendor: rockwell model: powermonitor 1000
db: NVD ids: CVE-2024-12373, CVE-2024-12372, CVE-2024-12371

Update Canonical Ubuntu Desktop: USN-7108-2: AsyncSSH vulnerabilities

Trust: 4.25

Fetched: Dec. 18, 2024, 9:47 a.m., Published: Feb. 18, 7108, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-46445, CVE-2023-46446

Hitachi Energy TropOS Devices Series 1400/2400/6400 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201401-0184

Trust: 4.75

Fetched: Dec. 18, 2024, 9:46 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2013-5211

Update Canonical Ubuntu Desktop: USN-7151-1: oFono vulnerabilities

Trust: 5.25

Fetched: Dec. 18, 2024, 9:45 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-4235, CVE-2023-4232