Sign-up

VARIoT news about IoT security

2023-04 Security Bulletin: Junos OS: The kernel will crash when certain USB devices are inserted (CVE-2023-28975)

Trust: 3.25

Fetched: May 14, 2023, 9:14 a.m., Published: -
 Vulnerabilities: kernel crash
Affected productsExternal IDs
db: NVD ids: CVE-2023-28975

AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability - SecurityWeek

Trust: 3.0

Fetched: May 14, 2023, 9:14 a.m., Published: May 9, 2023, 8:56 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-25717

7 Steps to Improve IoT Security - BreachLock

Trust: 3.75

Fetched: May 12, 2023, 9:18 a.m., Published: May 4, 2023, 7:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Siemens SIMATIC Industrial Products | CISA

Trust: 3.75

Fetched: May 12, 2023, 9:16 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic ipc647e
vendor: siemens model: simatic ipc847e
vendor: siemens model: simatic ipc627e
vendor: siemens model: simatic ipc427e
vendor: siemens model: simatic ipc477e pro
vendor: siemens model: simatic field pg m5
vendor: siemens model: simatic ipc477e
vendor: siemens model: simatic itp1000
vendor: siemens model: simatic
vendor: siemens model: simatic ipc677e
db: NVD ids: CVE-2022-21198

Teltonika Remote Management System and RUT Model Routers | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202305-2099, VAR-202305-2096

Trust: 4.5

Fetched: May 12, 2023, 9:15 a.m., Published: March 10, 2023, midnight
 Vulnerabilities: command execution, code execution, os command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2023-2587, CVE-2023-32350, CVE-2023-2588, CVE-2023-32348, CVE-2023-2586, CVE-2023-32349, CVE-2023-32347, CVE-2023-32346

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Trust: 3.75

Fetched: May 12, 2023, 9:14 a.m., Published: May 9, 2023, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-24932

Microsoft Patch Tuesday, May 2023 Security Update Review - Qualys ThreatPROTECT

Trust: 4.75

Fetched: May 12, 2023, 9:13 a.m., Published: -
 Vulnerabilities: code execution, security feature bypass, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2023-24954, CVE-2023-24932, CVE-2023-29325, CVE-2023-24941, CVE-2023-29324, CVE-2013-3900, CVE-2023-28283, CVE-2023-24903, CVE-2023-24949, CVE-2023-24950, CVE-2023-29336, CVE-2023-24902, CVE-2023-24955, CVE-2023-24943

Update now! May 2023 Patch Tuesday tackles 3 zero-day vulnerabilities

Trust: 4.5

Fetched: May 12, 2023, 9:13 a.m., Published: May 12, 2023, midnight
 Vulnerabilities: security feature bypass, code execution, feature bypass
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-24941, CVE-2023-24932, CVE-2023-29325, CVE-2023-29336

Amazon Fire Stick users issued urgent warning over security vulnerabilities - Chronicle Live

Trust: 4.25

Fetched: May 10, 2023, 9:17 a.m., Published: May 3, 2023, 9:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: amazon model: fire tv
db: NVD ids: CVE-2023-1384, CVE-2023-1383, CVE-2023-1385

Critical Vulnerabilities In Illumina Universal Copy Service Devices

Trust: 3.75

Fetched: May 10, 2023, 9:16 a.m., Published: May 1, 2023, 7:21 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-1968, CVE-2023-1966

Google issues ‘severe’ warning for all Android owners - act fast to avoid ‘dozens’ of dangerous attacks | The Sun

Trust: 4.75

Fetched: May 10, 2023, 9:15 a.m., Published: May 5, 2023, 7:30 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2023-0266

3/2023 B. Braun Medical Inc. Statement regarding cybersecurity vulnerability with Space Battery Pack SP with Wi-Fi

Trust: 3.5

Fetched: May 10, 2023, 9:15 a.m., Published: March 10, 2023, midnight
 Vulnerabilities: default password, code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-0888

Zyxel security advisory for multiple vulnerabilities of firewalls and APs | Zyxel Networks

Related entries in the VARIoT vulnerabilities database: VAR-202304-1936, VAR-202304-1913, VAR-202304-1973

Trust: 5.5

Fetched: May 10, 2023, 9:14 a.m., Published: May 1, 2023, midnight
 Vulnerabilities: buffer overflow, path traversal, information exposure...
Affected productsExternal IDs
vendor: zyxel model: nwa1123-ac
db: NVD ids: CVE-2023-22917, CVE-2023-22914, CVE-2023-22916, CVE-2023-22918, CVE-2023-22913, CVE-2023-22915

How to Manage Activation Lock: A Guide for Apple Admins

Trust: 3.5

Fetched: May 9, 2023, 9:17 a.m., Published: April 13, 2023, midnight
 Vulnerabilities: lock bypass
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: icloud

Amazon Fire Stick users issued urgent warning over security vulnerabilities

Trust: 4.25

Fetched: May 9, 2023, 9:16 a.m., Published: May 9, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: amazon model: fire tv
db: NVD ids: CVE-2023-1385, CVE-2023-1384, CVE-2023-1383

AndoryuBot - New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability (CVE-2023-25717)b| FortiGuard Labs

Trust: 5.0

Fetched: May 9, 2023, 9:16 a.m., Published: May 8, 2023, 5:17 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-25717

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252) - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202204-1376

Trust: 3.75

Fetched: May 9, 2023, 9:15 a.m., Published: April 11, 2023, 6:22 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-28302, CVE-2023-21769, CVE-2023-28231, CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, CVE-2023-28250, CVE-2023-21554, CVE-2023-28252

Vulnerability methods and properties | Microsoft Learn

Trust: 3.0

Fetched: May 9, 2023, 9:14 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs

Dataprobe iBoot-PDU (Update A) | CISA

Trust: 4.5

Fetched: May 9, 2023, 9:13 a.m., Published: May 4, 2023, midnight
 Vulnerabilities: directory traversal, path traversal, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-3183, CVE-2022-3184, CVE-2022-3189, CVE-2022-3187, CVE-2022-3186, CVE-2022-46738, CVE-2022-47311, CVE-2022-4945, CVE-2022-46658, CVE-2022-3185, CVE-2022-47320, CVE-2022-3188

Security Center

Trust: 4.0

Fetched: May 9, 2023, 9:13 a.m., Published: Feb. 7, 2023, 8:15 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs