VARIoT latest news about IoT security

Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware - Security & Privacy News - Nsane Forums Trust: 4.75 Fetched: Feb. 10, 2023, 11:22 a.m., Published: Feb. 2, 2023, 5:35 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:

qnap

model:

photo station

db:

NVD

ids:

CVE-2022-27596, CVE-2022-27593

QNAP NAS Critical Vulnerability Let Attacker Inject Arbitrary Code Trust: 4.75 Fetched: Feb. 10, 2023, 11:21 a.m., Published: Feb. 1, 2023, 5:13 p.m.	Vulnerabilities: injection attack, sql injection, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Security Advisory - Unauthorized device timestamp modification vulnerability exists in some Dahua embedded products Trust: 3.75 Fetched: Feb. 10, 2023, 11:16 a.m., Published: May 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dahua	model:	sd5a
vendor:	dahuasecurity	model:	sd5a

db:

NVD

ids:

CVE-2022-30564

Organizations Warned of Critical Vulnerability in Backstage Developer Portal Platform - SecurityWeek Trust: 5.75 Fetched: Feb. 10, 2023, 11:16 a.m., Published: Nov. 15, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	node.js	model:	node.js
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2022-36067

Snap One Wattbox WB-300-IP-3 \| CISA Trust: 4.75 Fetched: Feb. 10, 2023, 11:16 a.m., Published: -	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-23582, CVE-2023-22315, CVE-2023-22389, CVE-2023-24020

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek Trust: 3.75 Fetched: Feb. 10, 2023, 11:15 a.m., Published: Feb. 9, 2023, 12:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	dahua security	model:	camera
vendor:	dahua	model:	camera

db:

NVD

ids:

CVE-2022-30564

Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 5.75 Fetched: Feb. 10, 2023, 11:15 a.m., Published: Jan. 11, 2023, 11:13 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

siemens

model:

simatic

db:

NVD

ids:

CVE-2022-38773

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202211-0550, VAR-202211-1257 Trust: 4.5 Fetched: Feb. 10, 2023, 11:15 a.m., Published: Nov. 11, 2022, 10:26 a.m.	Vulnerabilities: improper memory management, default credentials, cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower management center
vendor:	citrix	model:	gateway

db:

NVD

ids:

CVE-2022-20927, CVE-2022-20946

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center: Software Vulnerability Information: Software: Hitachi Trust: 3.75 Fetched: Feb. 10, 2023, 11:14 a.m., Published: Oct. 6, 2001, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	hitachi	model:	tuning manager
vendor:	hitachi	model:	ops center common services
vendor:	hitachi	model:	device manager
vendor:	hitachi	model:	ops center analyzer viewpoint
vendor:	hitachi	model:	hitachi ops center common services
vendor:	hitachi	model:	hitachi ops center analyzer viewpoint
vendor:	hitachi	model:	hitachi tuning manager
vendor:	hitachi	model:	hitachi global link manager
vendor:	hitachi	model:	hitachi tiered storage manager
vendor:	hitachi	model:	global link manager
vendor:	hitachi	model:	hitachi infrastructure analytics advisor
vendor:	hitachi	model:	hitachi compute systems manager
vendor:	hitachi	model:	compute systems manager
vendor:	hitachi	model:	hitachi device manager
vendor:	hitachi	model:	hitachi replication manager
vendor:	hitachi	model:	replication manager
vendor:	hitachi	model:	tiered storage manager

db:

NVD

ids:

CVE-2023-21830, CVE-2023-21843, CVE-2023-21835

Cisco Email Security Appliance URL Filtering Bypass Vulnerability Trust: 3.0 Fetched: Feb. 10, 2023, 11:14 a.m., Published: Jan. 18, 2023, 3:55 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	cisco email security appliance

Apple Patches Exploited iOS Vulnerability in Old iPhones - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 5.75 Fetched: Feb. 10, 2023, 11:14 a.m., Published: Jan. 24, 2023, 3:59 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	tvos
vendor:	apple	model:	macos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-42856

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - AI Home Security Trust: 4.75 Fetched: Feb. 10, 2023, 9:11 a.m., Published: Jan. 31, 2023, 7:08 a.m.	Vulnerabilities: injection attack, code injection, sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Critical infrastructure at risk from new vulnerabilities found in IIoT wireless devices - Related entries in the VARIoT vulnerabilities database: VAR-202301-0630, VAR-202301-0629 Trust: 5.75 Fetched: Feb. 10, 2023, 9:10 a.m., Published: Feb. 9, 2023, 2:09 p.m.	Vulnerabilities: command injection, privilege escalation, code execution...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-46650, CVE-2022-46649, CVE-2022-40981, CVE-2022-41607, CVE-2022-43513, CVE-2022-43514, CVE-2022-3703

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - Domedigita Related entries in the VARIoT vulnerabilities database: VAR-202301-0630, VAR-202301-0629 Trust: 4.75 Fetched: Feb. 10, 2023, 9:10 a.m., Published: Feb. 9, 2023, 4:14 p.m.	Vulnerabilities: command injection, privilege escalation, code execution...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-46650, CVE-2022-46649, CVE-2022-40981, CVE-2022-41607, CVE-2022-43513, CVE-2022-43514, CVE-2022-3703

QNAP fixes critical bug letting hackers inject malicious code - Cyber Reports Cybersecurity News & Information Trust: 4.25 Fetched: Feb. 10, 2023, 9:09 a.m., Published: Jan. 31, 2023, 12:04 p.m.	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Evaluate and Secure Your Network with Vulnerability Scans Trust: 3.0 Fetched: Feb. 10, 2023, 9:09 a.m., Published: Feb. 10, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

QNAP NAS Devices at Risk of Remote Malicious Code Injection \| Black Hat Ethical Hacking Trust: 3.25 Fetched: Feb. 10, 2023, 9:04 a.m., Published: Jan. 31, 2023, 8:29 a.m.	Vulnerabilities: code injection

Affected products	External IDs

Critical Code Injection Flaw on QNAP NAS Devices \| SecureTeam Trust: 5.0 Fetched: Feb. 10, 2023, 9:03 a.m., Published: Feb. 1, 2023, 1:25 p.m.	Vulnerabilities: injection attack, code injection, sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices Related entries in the VARIoT vulnerabilities database: VAR-202301-0630, VAR-202301-0629 Trust: 4.75 Fetched: Feb. 10, 2023, 9:03 a.m., Published: Feb. 9, 2023, 2:09 p.m.	Vulnerabilities: command injection, privilege escalation, code execution...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-46650, CVE-2022-46649, CVE-2022-40981, CVE-2022-41607, CVE-2022-43513, CVE-2022-43514, CVE-2022-3703

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - iHash Trust: 4.75 Fetched: Feb. 8, 2023, 9:27 a.m., Published: Jan. 31, 2023, 4:06 a.m.	Vulnerabilities: code injection, injection attack, sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

VARIoT news about IoT security