Sign-up

VARIoT news about IoT security

Widespread file exposure possible with Western Digital, Synology NAS flaws | SC Media

Trust: 4.0

Fetched: Aug. 15, 2023, 9:19 a.m., Published: Aug. 10, 2023, 4:26 p.m.
 Vulnerabilities: device impersonation, code execution
Affected productsExternal IDs

Microsoft reveals severe vulnerabilities in CODESYS industrial software

Trust: 4.5

Fetched: Aug. 15, 2023, 9:18 a.m., Published: Aug. 14, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: codesys model: codesys
vendor: codesys model: development system

Nest Security Bulletin-June 2023 - Product Documentation Help

Trust: 3.0

Fetched: Aug. 15, 2023, 9:18 a.m., Published: June 15, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: wifi

Multiple Vulnerabilities in Hitachi Device Manager: Software Vulnerability Information: Software: Hitachi

Trust: 3.0

Fetched: Aug. 15, 2023, 9:17 a.m., Published: Aug. 9, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: hitachi device manager

Microsoft finds vulnerabilities it says could be used to shut down power plants | Ars Technica

Trust: 5.5

Fetched: Aug. 15, 2023, 9:17 a.m., Published: Aug. 11, 2023, 8:42 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: codesys model: codesys
vendor: codesys model: control
vendor: wago model: pfc200
vendor: wago model: wago pfc200
db: NVD ids: CVE-2019-9013

Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact

Trust: 4.5

Fetched: Aug. 13, 2023, 9:27 a.m., Published: Aug. 11, 2023, 4:58 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-40982

Zyxel’s guidance for the recent attacks on the ZyWALL devices | Zyxel Networks

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2121, VAR-202305-2285

Trust: 5.5

Fetched: Aug. 13, 2023, 9:26 a.m., Published: Aug. 4, 2023, midnight
 Vulnerabilities: code execution, buffer overflow, denial of service
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771, CVE-2023-33009, CVE-2023-33010

Vulnerability Spotlight - Cisco Talos Blog

Trust: 3.25

Fetched: Aug. 13, 2023, 9:25 a.m., Published: Aug. 2, 2023, 8:08 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1424

Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability

Trust: 4.75

Fetched: Aug. 13, 2023, 9:25 a.m., Published: May 17, 2023, 3:53 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: cisco model: access points

Barracuda Urges Swift Replacement of Vulnerable ESG Appliances - Infosecurity Magazine

Trust: 4.0

Fetched: Aug. 13, 2023, 9:25 a.m., Published: June 9, 2023, 12:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-2868

Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 5.0

Fetched: Aug. 13, 2023, 9:23 a.m., Published: July 20, 2023, 1:24 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771

Barracuda tells customers to replace vulnerable email security appliances after hacker exploit - SiliconANGLE

Trust: 4.25

Fetched: Aug. 13, 2023, 9:23 a.m., Published: June 9, 2023, 4:20 p.m.
 Vulnerabilities: command injection, remote command injection
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: barracuda networks model: barracuda
db: NVD ids: CVE-2023-2868

Critical Vulnerability Patched in Zyxel NAS Devices - SecureTeam

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 5.0

Fetched: Aug. 13, 2023, 9:22 a.m., Published: June 20, 2023, 2:59 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas540
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2023-27992, CVE-2023-28771

Apple pushes emergency patch to fix exploited zero-day in iOS and macOS | SC Media

Trust: 4.75

Fetched: Aug. 13, 2023, 9:14 a.m., Published: June 14, 2023, 6 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
db: NVD ids: CVE-2023-37450

KYOCERA Command Center RX (CCRX) Security Vulnerability | KYOCERA Document Solutions

Trust: 4.75

Fetched: Aug. 13, 2023, 9:14 a.m., Published: July 14, 2023, midnight
 Vulnerabilities: path traversal, traversal attack, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261

The Bug Report - July 2023 Edition

Trust: 5.25

Fetched: Aug. 11, 2023, 9:59 a.m., Published: Aug. 2, 2023, 1 p.m.
 Vulnerabilities: authorization issue, code execution
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2023-36884, CVE-2023-29298, CVE-2023-38203, CVE-2023-29300, CVE-2023-3519

Critical Vulnerability Discovered in Patched Zyxel Storage Devices - Security Boulevard

Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202305-2121

Trust: 5.75

Fetched: Aug. 11, 2023, 9:57 a.m., Published: June 21, 2023, 5:53 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas326
vendor: zyxel model: nas540
vendor: zyxel model: nas542
db: NVD ids: CVE-2023-27992, CVE-2023-33010, CVE-2023-33009

Crit.IX: Vulnerability Disclosure from Honeywell and Armis | Armis

Trust: 4.5

Fetched: Aug. 11, 2023, 9:57 a.m., Published: Aug. 9, 2023, 3:58 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: honeywell model: experion
vendor: honeywell model: experion process knowledge system

KB4073119: Windows client guidance for IT Pros to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities - Microsoft Support

Related entries in the VARIoT vulnerabilities database: VAR-201801-0826, VAR-201808-0958, VAR-201801-1711, VAR-201808-0959, VAR-201805-0963, VAR-201905-1248, VAR-201905-0711, VAR-201905-0709, VAR-201808-0957, VAR-201801-1712, VAR-201905-0710

Trust: 3.0

Fetched: Aug. 11, 2023, 9:56 a.m., Published: Nov. 12, 2019, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2017-5715, CVE-2018-3620, CVE-2017-5754, CVE-2018-3615, CVE-2018-3639, CVE-2019-11091, CVE-2018-12130, CVE-2018-12126, CVE-2018-3646, CVE-2017-5753, CVE-2018-12127, CVE-2019-11135

What Is Vulnerability Scanning? Types, Tools and Best Practices | Splunk

Trust: 4.0

Fetched: Aug. 11, 2023, 9:54 a.m., Published: Aug. 1, 2023, 5:33 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs