VARIoT latest news about IoT security

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerabilities Trust: 3.0 Fetched: March 3, 2023, 9:30 a.m., Published: March 2, 2023, 8:18 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	web security appliance

Google's Vulnerability Program helped identify 2,900 security flaws Trust: 3.75 Fetched: March 3, 2023, 9:29 a.m., Published: Feb. 27, 2023, 11:51 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	android

6 Common Cybersecurity Risks That Could Impact Your Business (2023) \| Parachute Trust: 3.5 Fetched: March 3, 2023, 9:28 a.m., Published: March 1, 2023, 2:22 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home

Bug Bounty Radar // The latest bug bounty programs for March 2023 \| The Daily Swig Trust: 3.5 Fetched: March 3, 2023, 9:28 a.m., Published: Feb. 28, 2023, 7:15 p.m.	Vulnerabilities: cross-site scripting, authentication bypass, code execution

Affected products

External IDs

vendor:

google

model:

android

Top 10 Cybersecurity Threats in 2023 \| Embroker Trust: 3.75 Fetched: March 3, 2023, 9:26 a.m., Published: Jan. 26, 2022, 3:10 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

LastPass says employee’s home computer was hacked and corporate vault taken \| Ars Technica Trust: 3.0 Fetched: March 3, 2023, 9:26 a.m., Published: Feb. 28, 2023, 1:01 a.m.	Vulnerabilities: code execution

Affected products	External IDs

CVE - CVE-2023-20057 Trust: 3.75 Fetched: March 3, 2023, 9:26 a.m., Published: March 3, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco systems	model:	asyncos software
vendor:	cisco systems	model:	email security appliance
vendor:	cisco systems	model:	cisco email security appliance
vendor:	cisco systems	model:	cisco asyncos
vendor:	cisco systems	model:	asyncos
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	asyncos

db:

NVD

ids:

CVE-2023-20057

Millions of IoT devices vulnerable to remote vulnerabilities Trust: 6.0 Fetched: March 3, 2023, 9:25 a.m., Published: Oct. 28, 2022, 11:13 a.m.	Vulnerabilities: command injection, buffer overflow, code execution

Affected products

External IDs

vendor:

realtek

model:

realtek sdk

db:

NVD

ids:

CVE-2021-28372, CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, CVE-2021-35395

Cisco patches critical Web UI RCE flaw in multiple IP phones Related entries in the VARIoT vulnerabilities database: VAR-202212-0864, VAR-202303-0475, VAR-202303-0357 Trust: 5.75 Fetched: March 3, 2023, 9:23 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	ip phones
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	unified ip conference phone
vendor:	cisco	model:	unified ip phone 7900 series
vendor:	cisco	model:	unified ip conference phone 8831
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	8831
vendor:	cisco	model:	ip phone 7900 series
vendor:	cisco	model:	cisco unified ip phone
vendor:	cisco	model:	unified ip phone
vendor:	cisco	model:	ip conference phone

db:

NVD

ids:

CVE-2022-20968, CVE-2023-20078, CVE-2023-20079

Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202303-0357 Trust: 3.75 Fetched: March 3, 2023, 9:23 a.m., Published: March 1, 2023, 3:51 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ip phones
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	unified ip conference phone
vendor:	cisco	model:	unified ip phone 7900 series
vendor:	cisco	model:	unified ip conference phone 8831
vendor:	cisco	model:	unified ip phones
vendor:	cisco	model:	8831
vendor:	cisco	model:	ip phone 7900 series
vendor:	cisco	model:	cisco unified ip phone
vendor:	cisco	model:	unified ip phone
vendor:	cisco	model:	ip conference phone

db:

NVD

ids:

CVE-2023-20079

RONDS Equipment Predictive Maintenance Solution \| CISA Trust: 4.75 Fetched: March 3, 2023, 9:22 a.m., Published: Jan. 12, 2023, midnight	Vulnerabilities: path traversal, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-2893, CVE-2022-3091

When Pwning Cisco Persistence Is Key When Pwning Supply Chain Cisco Is Key Related entries in the VARIoT vulnerabilities database: VAR-202302-0213 Trust: 5.5 Fetched: March 3, 2023, 9:22 a.m., Published: Feb. 1, 2023, 6 a.m.	Vulnerabilities: remote command injection, command injection, privilege escalation...

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	industrial isrs
vendor:	cisco	model:	series
vendor:	cisco	model:	ir510 wpan
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	wireless access point
vendor:	cisco	model:	cgr1000
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	4431
vendor:	cisco	model:	access points
vendor:	cisco	model:	ic3000

db:

NVD

ids:

CVE-2007-4559, CVE-2023-20076

Positive Technologies helped to fix a vulnerability in Zyxel switches Related entries in the VARIoT vulnerabilities database: VAR-202301-0921 Trust: 4.25 Fetched: March 3, 2023, 9:21 a.m., Published: March 8, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-43393

Wireless Network Vulnerability Scanning \| CISA Trust: 4.25 Fetched: March 3, 2023, 9:21 a.m., Published: -	Vulnerabilities: weak password

Affected products	External IDs

2023-01 Security Bulletin: Junos OS: SRX Series: The flowd daemon will crash when Unified Policies are used with IPv6 and certain dynamic applications are rejected by the device (CVE-2023-22411) Trust: 3.25 Fetched: March 3, 2023, 9:20 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-22411

Siemens RUGGEDCOM Devices (Update D) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202203-0739 Trust: 3.5 Fetched: March 3, 2023, 9:20 a.m., Published: Dec. 15, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	ruggedcom ros
vendor:	siemens	model:	ruggedcom
vendor:	siemens	model:	rsl910

db:

NVD

ids:

CVE-2021-37209

Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202303-0357 Trust: 3.75 Fetched: March 3, 2023, 9:19 a.m., Published: March 1, 2023, 3:51 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ip phones
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	unified ip conference phone
vendor:	cisco	model:	unified ip phone 7900 series
vendor:	cisco	model:	unified ip conference phone 8831
vendor:	cisco	model:	unified ip phones
vendor:	cisco	model:	8831
vendor:	cisco	model:	ip phone 7900 series
vendor:	cisco	model:	cisco unified ip phone
vendor:	cisco	model:	unified ip phone
vendor:	cisco	model:	ip conference phone

db:

NVD

ids:

CVE-2023-20079

Siemens SCALANCE X-200RNA Switch Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202212-1142, VAR-202212-1143, VAR-202212-1144, VAR-202212-1146, VAR-202212-1141, VAR-202212-1145 Trust: 5.5 Fetched: March 3, 2023, 9:19 a.m., Published: Dec. 15, 2022, midnight	Vulnerabilities: cross-site scripting, improper access control

Affected products

External IDs

vendor:	siemens	model:	scalance x-200rna
vendor:	siemens	model:	scalance x204rna
vendor:	siemens	model:	scalance

db:

NVD

ids:

CVE-2022-46351, CVE-2022-46354, CVE-2022-46353, CVE-2022-46355, CVE-2022-46352, CVE-2022-46350

Snap One Wattbox WB-300-IP-3 \| CISA Trust: 4.75 Fetched: March 3, 2023, 9:19 a.m., Published: -	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-22315, CVE-2023-24020, CVE-2023-22389, CVE-2023-23582

Siemens S7-1500 CPU devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 3.5 Fetched: March 3, 2023, 9:18 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	cpu 1512sp-1 pn
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	cpu 1507d tf
vendor:	siemens	model:	cpu 1516pro-2 pn
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-1500 cpu 1517-3 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1518
vendor:	siemens	model:	cpu 1516-3
vendor:	siemens	model:	cpu 1513-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	cpu 1513pro f-2 pn
vendor:	siemens	model:	cpu 1511c-1 pn
vendor:	siemens	model:	cpu 1512c-1 pn
vendor:	siemens	model:	cpu 1512sp f-1 pn
vendor:	siemens	model:	cpu 1513f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515f-2 pn
vendor:	siemens	model:	cpu 1515r-2 pn
vendor:	siemens	model:	cpu 1516f-3
vendor:	siemens	model:	simatic s7-1500 cpu 1513f-1 pn
vendor:	siemens	model:	cpu 1515t-2 pn
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-1500 cpu 1512c
vendor:	siemens	model:	cpu 1515-2
vendor:	siemens	model:	cpu 1513r-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1516-3 pn
vendor:	siemens	model:	cpu 1515f-2
vendor:	siemens	model:	simatic s7-1500 cpu 1511c
vendor:	siemens	model:	cpu 1515tf-2 pn
vendor:	siemens	model:	cpu 1516pro f-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1513-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1518-4 pn
vendor:	siemens	model:	cpu 1504d tf

db:

NVD

ids:

CVE-2022-38773

VARIoT news about IoT security