VARIoT latest news about IoT security

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Sept. 18, 2024, 9:27 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

Intellexa faces new sanctions, London hospitals impact Trust: 3.75 Fetched: Sept. 18, 2024, 9:26 a.m., Published: Sept. 16, 2024, 9:47 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38112, CVE-2024-43461

[no-title] Trust: 4.75 Fetched: Sept. 18, 2024, 9:25 a.m., Published: Sept. 10, 2024, midnight	Vulnerabilities: access control vulnerability

Affected products

External IDs

vendor:

sonicwall

model:

sonicos

db:

NVD

ids:

CVE-2024-40766

Cisco IOS XR Software UDP Packet Memory Exhaustion (cisco-sa-p... \| Tenable® Trust: 3.0 Fetched: Sept. 18, 2024, 9:24 a.m., Published: Sept. 2, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xr software

About the security content of iOS 18 and iPadOS 18 - Apple Support Trust: 4.25 Fetched: Sept. 18, 2024, 9:23 a.m., Published: Sept. 18, 2024, midnight	Vulnerabilities: bounds access issue, process crash, integer overflow...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2024-40857, CVE-2024-40830, CVE-2024-44127, CVE-2024-27876, CVE-2024-44139, CVE-2024-44124, CVE-2024-27869, CVE-2024-44147, CVE-2024-40840, CVE-2024-44176, CVE-2024-27879, CVE-2024-44169, CVE-2024-44180, CVE-2024-44191, CVE-2024-44198, CVE-2024-44170, CVE-2024-44167, CVE-2024-40850, CVE-2024-27874, CVE-2023-5841, CVE-2024-40791, CVE-2024-44165, CVE-2024-44187, CVE-2024-40856, CVE-2024-27880, CVE-2024-44183, CVE-2024-44202, CVE-2024-44184, CVE-2024-40826, CVE-2024-44131, CVE-2024-40863, CVE-2024-44171, CVE-2024-40852

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities \| Trend Micro (IN) Trust: 4.25 Fetched: Sept. 18, 2024, 9:22 a.m., Published: Sept. 12, 2024, midnight	Vulnerabilities: weak password, code execution

Affected products

External IDs

vendor:	ipswitch	model:	whatsup gold
vendor:	ipswitch	model:	whatsup
vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-4885, CVE-2024-6670

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 18, 2024, 9:20 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 18, 2024, 9:19 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

Apple Fixes 33 IPhone Vulnerabilities In IOS18 Update Trust: 4.5 Fetched: Sept. 18, 2024, 9:18 a.m., Published: Sept. 17, 2024, 1:27 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	apple	model:	software update
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2024-44187, CVE-2024-44170, CVE-2024-40856, CVE-2024-40840, CVE-2024-44180, CVE-2024-44139, CVE-2024-44124, CVE-2024-44171, CVE-2024-40791, CVE-2024-44165

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) - Help Net Security Trust: 3.75 Fetched: Sept. 18, 2024, 9:17 a.m., Published: Sept. 17, 2024, 9:55 a.m.	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8190

Hacking a $100K Gas Chromatograph without Owning One \| Claroty Trust: 4.5 Fetched: Sept. 18, 2024, 9:16 a.m., Published: June 26, 2024, midnight	Vulnerabilities: command injection, code execution, authentication bypass...

Affected products

External IDs

vendor:

wireshark

model:

wireshark

db:

NVD

ids:

CVE-2023-46687, CVE-2023-51761

Siemens SIMATIC S7-200 SMART Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202409-0292 Trust: 4.75 Fetched: Sept. 18, 2024, 9:15 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-200 smart cpu cr60
vendor:	siemens	model:	simatic s7-200 smart
vendor:	siemens	model:	simatic s7-200 smart cpu sr60
vendor:	siemens	model:	simatic s7-200 smart cpu st20
vendor:	siemens	model:	simatic s7-200 smart cpu sr20
vendor:	siemens	model:	simatic s7-200 smart cpu st40
vendor:	siemens	model:	simatic s7-200 smart cpu cr40
vendor:	siemens	model:	simatic s7-200 smart cpu st60
vendor:	siemens	model:	simatic s7-200
vendor:	siemens	model:	simatic s7-200 smart cpu
vendor:	siemens	model:	simatic s7-200 smart cpu sr30
vendor:	siemens	model:	simatic s7-200 smart cpu sr40
vendor:	siemens	model:	simatic s7-200 smart cpu st30
vendor:	siemens	model:	s7-200 smart

db:

NVD

ids:

CVE-2024-43647

Regulatory Reflections: The PATCH Act \| Trusted Computing Group Trust: 3.75 Fetched: Sept. 18, 2024, 9:14 a.m., Published: June 26, 2024, 8:32 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-31222

Restrict devices features using policy in Microsoft Intune \| Microsoft Learn Trust: 3.0 Fetched: Sept. 17, 2024, 10:11 a.m., Published: Aug. 19, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Asus - Device activation Vulnerability Maturity Index CVE Trust: 3.25 Fetched: Sept. 17, 2024, 10:09 a.m., Published: Sept. 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

asus

model:

asus

CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are v... - vulnerability database \| Vulners.com Trust: 3.75 Fetched: Sept. 17, 2024, 10:09 a.m., Published: Sept. 10, 2024, 8:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	phoenix contact	model:	mguard
vendor:	phoenixcontact	model:	mguard

db:

NVD

ids:

CVE-2024-7734

Number of connected IoT devices growing 13% to 18.8 billion Trust: 3.25 Fetched: Sept. 17, 2024, 10:07 a.m., Published: Sept. 3, 2024, 1:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung
vendor:	samsung	model:	note
vendor:	google	model:	home
vendor:	mesh	model:	mesh

CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are v... - vulnerability database \| Vulners.com Trust: 3.5 Fetched: Sept. 17, 2024, 10:07 a.m., Published: Sept. 10, 2024, 8:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	phoenix contact	model:	mguard pci4000 vpn
vendor:	phoenix contact	model:	mguard rs2005 tx vpn
vendor:	phoenix contact	model:	mguard smart2
vendor:	phoenix contact	model:	mguard smart2 vpn
vendor:	phoenix contact	model:	mguard rs4000 4g vpn
vendor:	phoenix contact	model:	mguard rs4000 3g vpn
vendor:	phoenix contact	model:	mguard core tx vpn
vendor:	phoenix contact	model:	mguard rs2000 tx/tx vpn
vendor:	phoenix contact	model:	mguard centerport
vendor:	phoenix contact	model:	mguard rs2000 3g vpn
vendor:	phoenix contact	model:	mguard delta tx/tx
vendor:	phoenix contact	model:	mguard pcie4000 vpn
vendor:	phoenix contact	model:	mguard rs2000 4g vpn
vendor:	phoenix contact	model:	mguard gt/gt
vendor:	phoenix contact	model:	mguard

db:

NVD

ids:

CVE-2024-7734

Windows 11 has a Critical Vulnerability Revealed, which Microsoft Officially Advises \| iDevice.ro Trust: 4.0 Fetched: Sept. 17, 2024, 10:06 a.m., Published: Aug. 29, 2024, 9:18 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38063

GitHub Patches Multiple Security Vulnerabilities (CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711) - Qualys ThreatPROTECT Trust: 3.0 Fetched: Sept. 17, 2024, 10:05 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6800, CVE-2024-6337, CVE-2024-7711

VARIoT news about IoT security