Sign-up

VARIoT news about IoT security

OTORIO research finds that wireless IIoT vulnerabilities provide direct linkage to physical equipment - Industrial Cyber

Trust: 3.75

Fetched: March 17, 2023, 9:11 a.m., Published: Feb. 9, 2023, 7:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: motorola model: motorola
vendor: codesys model: control
vendor: codesys model: runtime
vendor: codesys model: codesys

GE Digital Proficy Historian | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202301-1299, VAR-202301-1297, VAR-202301-1300, VAR-202301-1298, VAR-202301-1301

Trust: 4.75

Fetched: March 17, 2023, 9:10 a.m., Published: Jan. 17, 2023, midnight
 Vulnerabilities: code execution, buffer overflow, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2022-43494, CVE-2022-38469, CVE-2022-46660, CVE-2022-46732, CVE-2022-46331

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

Related entries in the VARIoT vulnerabilities database: VAR-202302-0029, VAR-202302-0213

Trust: 5.5

Fetched: March 17, 2023, 9:10 a.m., Published: Feb. 3, 2023, 7:26 a.m.
 Vulnerabilities: code execution, command injection, default credentials...
Affected productsExternal IDs
vendor: cisco model: cisco iox application
vendor: cisco model: routers
vendor: cisco model: ios xe software
vendor: cisco model: cisco iox
vendor: cisco model: catalyst
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: iox application
vendor: cisco model: cisco ios
vendor: cisco model: industrial isrs
vendor: cisco model: cgr1000
vendor: cisco model: series
vendor: cisco model: ir510 wpan
vendor: cisco model: ic3000
vendor: cisco model: access points
db: NVD ids: CVE-2023-22374, CVE-2023-20076

Project Zero: Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

Trust: 5.75

Fetched: March 17, 2023, 9:09 a.m., Published: March 16, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: vivo model: modems
vendor: samsung model: exynos
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: note
vendor: google model: pixel
db: NVD ids: CVE-2023-26072, CVE-2023-26074, CVE-2023-26075, CVE-2023-26073, CVE-2023-24033, CVE-2023-26076

Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Trust: 3.5

Fetched: March 17, 2023, 9:09 a.m., Published: Feb. 9, 2023, 1:24 p.m.
 Vulnerabilities: privilege escalation, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel

OESIS Framework March 09, 2023 Release - OPSWAT

Related entries in the VARIoT vulnerabilities database: VAR-202207-1496, VAR-202210-1929, VAR-202207-1470, VAR-202207-1459, VAR-202302-2116, VAR-202209-0771, VAR-202301-1718, VAR-202302-2044, VAR-202301-1715, VAR-202205-1285, VAR-202302-1859, VAR-202203-0144, VAR-200712-0594, VAR-202302-1097, VAR-202302-1169, VAR-202207-1488, VAR-202302-2240, VAR-202302-2045, VAR-202302-0479, VAR-202301-1703, VAR-202207-1484, VAR-202301-1713

Trust: 3.5

Fetched: March 15, 2023, 9:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple inc. model: safari
vendor: apple model: safari
db: NVD ids: CVE-2022-32830, CVE-2022-32949, CVE-2022-32784, CVE-2022-32855, CVE-2023-23524, CVE-2018-11790, CVE-2022-32891, CVE-2023-23518, CVE-2023-23520, CVE-2023-23519, CVE-2022-26760, CVE-2022-46705, CVE-2022-22668, CVE-2007-5000, CVE-2023-23529, CVE-2023-23514, CVE-2022-32824, CVE-2023-23531, CVE-2023-23530, CVE-2022-42826, CVE-2023-23517, CVE-2022-32844, CVE-2023-23505

OESIS Framework March 03, 2023 Release - OPSWAT

Related entries in the VARIoT vulnerabilities database: VAR-201907-0769, VAR-201806-1520, VAR-201806-1525, VAR-201808-0887, VAR-201806-1521

Trust: 4.0

Fetched: March 15, 2023, 9:27 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ringcentral model: ringcentral
db: NVD ids: CVE-2018-3727, CVE-2022-20803, CVE-2019-16056, CVE-2018-3729, CVE-2019-9811, CVE-2018-3717, CVE-2018-3733, CVE-2022-23540, CVE-2019-14439, CVE-2021-43529, CVE-2023-0941, CVE-2018-3711, CVE-2023-0933, CVE-2018-3766, CVE-2018-3713, CVE-2020-12397, CVE-2018-3719, CVE-2018-3718, CVE-2018-3732, CVE-2018-3770, CVE-2019-11717, CVE-2018-3787, CVE-2023-24329, CVE-2023-0932, CVE-2018-3778, CVE-2023-0928, CVE-2018-3714, CVE-2023-0931, CVE-2023-0930, CVE-2018-3755, CVE-2018-3745, CVE-2022-23541, CVE-2018-3720, CVE-2023-0929, CVE-2020-12388

Two very critical vulnerabilities patched in new Apache HTTP Server update - Cybersecurity Red Flag

Trust: 3.75

Fetched: March 15, 2023, 9:27 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: cross-site scripting, response splitting vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2023-27522, CVE-2023-25690

Apple warns of vulnerability in the operating system. Update or risk getting hacked | Entrebastidors

Trust: 3.75

Fetched: March 15, 2023, 9:26 a.m., Published: March 8, 2023, 10:32 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: ipod touch
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: webkit

Ubuntu 22.10 : Linux kernel (KVM) vulnerabilities (USN-5950-1) - scanner database | Vulners

Trust: 5.25

Fetched: March 15, 2023, 9:24 a.m., Published: March 15, 2023, midnight
 Vulnerabilities: use after free, kernel panic, denial of service...
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: canonical model: ubuntu_linux
db: NVD ids: CVE-2022-47520, CVE-2022-3169, CVE-2022-3344, CVE-2022-47519, CVE-2023-0461, CVE-2022-3435, CVE-2022-3521, CVE-2022-3545, CVE-2022-4139, CVE-2022-4379, CVE-2022-45869, CVE-2022-47518, CVE-2022-47521, CVE-2023-0179, CVE-2023-26605

FortiOS/FortiProxy Security Alert: New Vulnerability Could Expose Devices to Remote Attacks - Next-Gen Cyber Defense and Response

Trust: 3.75

Fetched: March 15, 2023, 9:24 a.m., Published: March 13, 2023, 2:26 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2023-25610

Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices -

Related entries in the VARIoT vulnerabilities database: VAR-201505-0363, VAR-202206-0004, VAR-202002-1447, VAR-202006-1056, VAR-201705-3255

Trust: 4.75

Fetched: March 15, 2023, 9:23 a.m., Published: Feb. 16, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: draytek model: vigor
db: NVD ids: CVE-2012-4869, CVE-2014-9727, CVE-2019-15107, CVE-2022-4257, CVE-2022-26134, CVE-2022-36267, CVE-2020-8515, CVE-2020-15415, CVE-2017-5173

Siemens TIA Project-Server formerly known as TIA Multiuser Server - info database | Vulners

Trust: 4.5

Fetched: March 15, 2023, 9:22 a.m., Published: Feb. 16, 2023, noon
 Vulnerabilities: untrusted search path, search path vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2022-35868

[no-title]

Trust: 5.0

Fetched: March 15, 2023, 9:22 a.m., Published: Feb. 16, 2023, 8:42 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: draytek model: vigor
db: NVD ids: CVE-2022-46169

Common Vulnerabilities and Exposures in the Digital Attack Surface

Trust: 3.75

Fetched: March 15, 2023, 9:21 a.m., Published: March 8, 2023, 5:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

CSW's Threat Intelligence - March 13, 2023 - March 17, 2023

Trust: 3.0

Fetched: March 15, 2023, 9:21 a.m., Published: March 15, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-41328, CVE-2023-27905, CVE-2020-5741, CVE-2023-27898, CVE-2022-47986, CVE-2021-39144

Update iPhone to iOS 16.3 and Mac to macOS Ventura 13.2 | Kaspersky official blog

Related entries in the VARIoT vulnerabilities database: VAR-202302-2240, VAR-202302-2045

Trust: 3.5

Fetched: March 15, 2023, 9:20 a.m., Published: March 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: ipad
db: NVD ids: CVE-2023-23531, CVE-2023-23530

Clop ransomware is victimizing GoAnywhere MFT customers

Trust: 4.75

Fetched: March 15, 2023, 9:20 a.m., Published: March 14, 2023, 3:22 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2023-0669

Update iPhone to iOS 16.3 and Mac to macOS Ventura 13.2 | Kaspersky official blog

Related entries in the VARIoT vulnerabilities database: VAR-202302-2240, VAR-202302-2045

Trust: 3.5

Fetched: March 15, 2023, 9:20 a.m., Published: March 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: ipad
db: NVD ids: CVE-2023-23531, CVE-2023-23530

Netgear RAX30 Multiple Vulnerabilities - Research Advisory | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202303-1178

Trust: 5.0

Fetched: March 15, 2023, 9:18 a.m., Published: March 14, 2023, 6:09 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: netgear model: router
db: NVD ids: CVE-2023-28337, CVE-2023-28338