VARIoT latest news about IoT security

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202212-1314, VAR-202212-1312, VAR-202212-1311, VAR-202212-1313 Trust: 4.75 Fetched: March 7, 2023, 9:10 a.m., Published: Jan. 13, 2023, midnight	Vulnerabilities: denial of service, improper validation

Affected products

External IDs

vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-plcsim advanced
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	tim 1531 irc
vendor:	siemens	model:	simatic s7-plcsim
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	simatic s7-1500 software controller
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	simatic et
vendor:	siemens	model:	simatic drive controller family

db:

NVD

ids:

CVE-2021-44695, CVE-2021-44694, CVE-2021-44693, CVE-2021-40365

OESIS Framework February 09, 2023 Release - OPSWAT Trust: 4.0 Fetched: March 5, 2023, 9:25 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

ringcentral

model:

ringcentral

db:

NVD

ids:

CVE-2022-42330, CVE-2023-22241, CVE-2023-0474, CVE-2023-22240, CVE-2023-22242, CVE-2023-0472, CVE-2023-0471, CVE-2022-42919, CVE-2023-0473

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks Trust: 4.75 Fetched: March 5, 2023, 9:23 a.m., Published: Feb. 27, 2023, 10:04 a.m.	Vulnerabilities: file execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks
vendor:	trend micro	model:	security
vendor:	palo	model:	networks

Privacy expert urges iPhone users to update devices after Apple bug discovered that can access photos - Irish Mirror Online Related entries in the VARIoT vulnerabilities database: VAR-202302-2044, VAR-202302-2240 Trust: 4.0 Fetched: March 5, 2023, 9:22 a.m., Published: March 1, 2023, 10:18 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

db:

NVD

ids:

CVE-2023-23520, CVE-2023-23531

Serious Security Flaw in Cisco ClamAV Discovered \| LanSource, Inc. Trust: 3.75 Fetched: March 5, 2023, 9:21 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	clamav	model:	clamav
vendor:	cisco	model:	clamav

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine Trust: 3.0 Fetched: March 5, 2023, 9:20 a.m., Published: March 3, 2023, 4:30 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1018

Medtronic Micro Clinician and InterStim Apps \| CISA Trust: 4.75 Fetched: March 5, 2023, 9:20 a.m., Published: March 6, 2023, midnight	Vulnerabilities: default password

Affected products

External IDs

db:

NVD

ids:

CVE-2023-25931

A Comprehensive Guide to IoT Security Testing - Java Code Geeks - 2023 Trust: 4.25 Fetched: March 5, 2023, 9:19 a.m., Published: March 3, 2023, 1:32 p.m.	Vulnerabilities: sql injection, cross-site scripting, default credentials

Affected products	External IDs

Security Defects in TPM 2.0 Reference Library Expose Devices to Code Execution Attacks - Vulnera Trust: 3.75 Fetched: March 5, 2023, 9:19 a.m., Published: Feb. 28, 2023, 9:50 p.m.	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1018, CVE-2023-1017

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices Trust: 3.0 Fetched: March 5, 2023, 9:19 a.m., Published: March 3, 2023, 10:18 a.m.	Vulnerabilities: information disclosure, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1018, CVE-2023-1017

Siemens PROFINET Devices (Update L) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201910-1595 Trust: 4.0 Fetched: March 5, 2023, 9:17 a.m., Published: Jan. 13, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	simatic pn/pn coupler
vendor:	siemens	model:	simatic tdc cp51m1
vendor:	siemens	model:	sinamics s110
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	simatic hmi comfort panels
vendor:	siemens	model:	simatic et 200al
vendor:	siemens	model:	simatic et 200mp
vendor:	siemens	model:	s7-300
vendor:	siemens	model:	simatic et 200s
vendor:	siemens	model:	sinumerik 840d sl
vendor:	siemens	model:	sinamics g120
vendor:	siemens	model:	840d
vendor:	siemens	model:	sinamics s120
vendor:	siemens	model:	simatic hmi comfort outdoor panels
vendor:	siemens	model:	simatic s7-300 cpu family
vendor:	siemens	model:	simatic s7-400
vendor:	siemens	model:	dk standard ethernet controller
vendor:	siemens	model:	simatic s7-410 v8
vendor:	siemens	model:	simatic s7-400 pn/dp v6
vendor:	siemens	model:	sinumerik 840d
vendor:	siemens	model:	simatic et
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	simatic winac rtx
vendor:	siemens	model:	s7-410
vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	simatic tdc cpu555
vendor:	siemens	model:	simatic s7-300
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	sinamics dcm
vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	simatic cfu pa
vendor:	siemens	model:	simatic s7-410
vendor:	siemens	model:	sinamics gm150
vendor:	siemens	model:	s7-400 pn/dp
vendor:	siemens	model:	sinamics dcp
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ba
vendor:	siemens	model:	simatic et 200ecopn
vendor:	siemens	model:	profinet driver
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	sinamics g110m
vendor:	siemens	model:	s7-400
vendor:	siemens	model:	simatic s7-400 pn
vendor:	siemens	model:	simatic s7-400 h v6
vendor:	siemens	model:	simatic s7-400 pn/dp
vendor:	siemens	model:	sinamics sm120
vendor:	siemens	model:	simatic hmi
vendor:	siemens	model:	sinamics g130
vendor:	siemens	model:	sinamics
vendor:	siemens	model:	simatic et 200mp im 155-5 pn hf
vendor:	siemens	model:	simatic et 200mp im 155-5 pn st
vendor:	siemens	model:	sinamics gh150
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	ek-ertec 200p
vendor:	siemens	model:	pn/pn coupler
vendor:	siemens	model:	profinet io
vendor:	siemens	model:	ek-ertec
vendor:	siemens	model:	sinamics sl150
vendor:	siemens	model:	ek-ertec 200
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hs
vendor:	siemens	model:	simatic s7-300 cpu
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	sinamics g150
vendor:	siemens	model:	sinamics gl150
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ha
vendor:	siemens	model:	simatic et 200mp im 155-5 pn ba
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	sinumerik 828d
vendor:	siemens	model:	simatic et 200sp im 155-6 pn st
vendor:	siemens	model:	sinamics s150
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic hmi ktp mobile panels
vendor:	siemens	model:	simatic profinet driver
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic et 200m
vendor:	siemens	model:	simatic s7-400 pn/dp v7
vendor:	siemens	model:	simatic s7-400 h
vendor:	siemens	model:	simatic et 200pro
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hf

db:

NVD

ids:

CVE-2019-10936

Cisco Patches Critical Vulnerability in IP Phones - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202303-0357, VAR-202303-0475 Trust: 3.75 Fetched: March 5, 2023, 9:17 a.m., Published: March 2, 2023, 12:09 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	8831
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	unified ip phone
vendor:	cisco	model:	ip conference phone
vendor:	cisco	model:	webex
vendor:	cisco	model:	finesse
vendor:	cisco	model:	unified intelligence center
vendor:	cisco	model:	ip phones
vendor:	cisco	model:	unified ip conference phone 8831
vendor:	cisco	model:	unified ip conference phone
vendor:	cisco	model:	series
vendor:	cisco	model:	unified ip phone 7900 series
vendor:	cisco	model:	ip phone 7900 series
vendor:	cisco	model:	series ip phones

db:

NVD

ids:

CVE-2023-20079, CVE-2023-20078

Detecting Vulnerability on IoT Device Firmware: A Survey Trust: 4.25 Fetched: March 5, 2023, 9:14 a.m., Published: March 10, 2023, midnight	Vulnerabilities: information disclosure, authentication bypass, denial of service...

Affected products

External IDs

vendor:	samsung smartthings	model:	printer
vendor:	samsung smartthings	model:	printers
vendor:	samsung	model:	printer
vendor:	samsung	model:	printers

CVE-2023-0127 (dwl-2600ap_firmware) \| GoVanguard Threat Center Related entries in the VARIoT vulnerabilities database: VAR-202302-0845 Trust: 3.0 Fetched: March 3, 2023, 9:39 a.m., Published: Feb. 11, 2023, 1:15 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-0127

Fixing Your Apple Devices At Authorised Service Providers Is Now Pricier - TechTRP Trust: 3.0 Fetched: March 3, 2023, 9:39 a.m., Published: March 2, 2023, 7:53 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Methods to Protect Your Devices and Accounts Coming from Hackers - Trust: 3.0 Fetched: March 3, 2023, 9:34 a.m., Published: Feb. 19, 2023, midnight	Vulnerabilities: -

Affected products	External IDs

MyloBot malware targets Windows systems worldwide - SISA Weekly Threat Watch Related entries in the VARIoT vulnerabilities database: VAR-202302-1097 Trust: 3.75 Fetched: March 3, 2023, 9:32 a.m., Published: Feb. 27, 2023, 4:34 p.m.	Vulnerabilities: code execution, denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-23376, CVE-2023-21715, CVE-2023-21823, CVE-2023-23529

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices - Interware Trust: 5.75 Fetched: March 3, 2023, 9:32 a.m., Published: Feb. 17, 2023, 2:28 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	draytek	model:	vigor
vendor:	draytek	model:	routers
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2012-4869

Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability Trust: 5.0 Fetched: March 3, 2023, 9:31 a.m., Published: March 2, 2023, 8:35 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	finesse
vendor:	cisco	model:	cisco finesse

Miral malware targets Linux servers and IoT devices Related entries in the VARIoT vulnerabilities database: VAR-202006-1056, VAR-202206-0004, VAR-202002-1447 Trust: 4.75 Fetched: March 3, 2023, 9:31 a.m., Published: Feb. 24, 2023, 1:29 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	draytek	model:	vigor
vendor:	draytek	model:	routers

db:

NVD

ids:

CVE-2020-15415, CVE-2022-4257, CVE-2012-4869, CVE-2022-26134, CVE-2020-8515, CVE-2019-15107

VARIoT news about IoT security