Sign-up

VARIoT news about IoT security

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Phila Communications Blog | Philadelphia, PA | Phila Communications

Trust: 3.0

Fetched: Jan. 13, 2023, 9:27 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

China cyberwar: Beijing’s dominance in IoT & smart technology & vulnerabilities for India

Trust: 3.75

Fetched: Jan. 13, 2023, 9:26 a.m., Published: Jan. 13, 2042, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei

CVE-2022-43389: OS Command Injection Vulnerability in Zyxel CPE devices - Haxf4rall

Trust: 5.0

Fetched: Jan. 13, 2023, 9:26 a.m., Published: Jan. 12, 2023, 1:23 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-43389

6 Search Engines Hackers Often Use to Find Vulnerabilities - AnonyViet - English Version

Trust: 3.75

Fetched: Jan. 13, 2023, 9:25 a.m., Published: Jan. 10, 2023, 8:29 a.m.
 Vulnerabilities: directory traversal, request forgery, sql injection
Affected productsExternal IDs
vendor: google model: wifi

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 3.75

Fetched: Jan. 13, 2023, 9:24 a.m., Published: Jan. 12, 2023, 3:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500
vendor: siemens model: cpu 1516pro-2 pn
vendor: siemens model: simatic s7-1500 cpu 1511-1 pn
vendor: siemens model: cpu 1513r-1 pn
vendor: siemens model: cpu 1516pro f-2 pn
vendor: siemens model: cpu 1513f-1 pn
vendor: siemens model: cpu 1515f-2
vendor: siemens model: cpu 1513-1 pn
vendor: siemens model: cpu 1512sp f-1 pn
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic s7-1500 cpu 1511f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1517-3 pn
vendor: siemens model: cpu 1512c-1 pn
vendor: siemens model: cpu 1515-2
vendor: siemens model: s7-1500 cpu
vendor: siemens model: cpu 1512sp-1 pn
vendor: siemens model: cpu 1511c-1 pn
vendor: siemens model: cpu 1515t-2 pn
vendor: siemens model: simatic s7-1500 cpu 1518
vendor: siemens model: simatic s7-1500 cpu 1515f-2 pn
vendor: siemens model: cpu 1515r-2 pn
vendor: siemens model: simatic s7-1500 cpu 1513-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515-2 pn
vendor: siemens model: simatic
vendor: siemens model: cpu 1516-3
vendor: siemens model: simatic s7-1500 cpu 1516-3 pn
vendor: siemens model: cpu 1515tf-2 pn
vendor: siemens model: cpu 1516f-3
vendor: siemens model: simatic s7-1500 cpu 1513f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1512c
vendor: siemens model: simatic s7-1500 cpu 1518-4 pn
vendor: siemens model: cpu 1513pro f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1511c
db: NVD ids: CVE-2022-38773

Old vulnerabilities in Cisco products actively exploited in the wildSecurity Affairs

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387, VAR-201803-1369, VAR-201802-0594, VAR-201709-0655

Trust: 4.75

Fetched: Jan. 13, 2023, 9:24 a.m., Published: Dec. 19, 2022, 9:07 p.m.
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: hyperflex
vendor: cisco model: cisco hyperflex
vendor: cisco model: ios software
vendor: cisco model: nx-os
vendor: cisco model: rv132w
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
vendor: cisco model: rv134w
vendor: cisco model: cisco ios xe
db: NVD ids: CVE-2018-0171, CVE-2021-1497, CVE-2018-0147, CVE-2018-0125, CVE-2017-12240

Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability

Trust: 4.25

Fetched: Jan. 13, 2023, 9:21 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Vulnerability Management as a Service (VMaaS): Ultimate Guide

Trust: 3.5

Fetched: Jan. 13, 2023, 9:20 a.m., Published: Dec. 16, 2022, 2:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
vendor: trend model: internet security

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Trust: 5.5

Fetched: Jan. 13, 2023, 9:20 a.m., Published: Jan. 12, 2023, 1:51 p.m.
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: google model: android
vendor: cisco model: ip phone
vendor: cisco model: ip phone 7800
db: NVD ids: CVE-2023-21563, CVE-2023-21743, CVE-2023-21674

New OpenSSL Vulnerabilities Are a Bigger Deal for IoT, but Our Customers Are Protected

Trust: 3.75

Fetched: Jan. 13, 2023, 9:19 a.m., Published: Jan. 4, 2023, midnight
 Vulnerabilities: memory corruption, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-3786, CVE-2022-3602

Onboard to the Microsoft Defender for Endpoint service | Microsoft Learn

Trust: 3.0

Fetched: Jan. 13, 2023, 9:19 a.m., Published: Dec. 6, 2022, 12:10 a.m.
 Vulnerabilities: configuration attack
Affected productsExternal IDs

Global Car Brands Had Multiple Hackable Vulnerabilities In Cars And Applications | Spiceworks

Trust: 4.0

Fetched: Jan. 13, 2023, 9:18 a.m., Published: Jan. 6, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 4.75

Fetched: Jan. 13, 2023, 9:18 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: simatic
db: NVD ids: CVE-2022-38773

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability

Trust: 3.75

Fetched: Jan. 13, 2023, 9:11 a.m., Published: Aug. 17, 2022, 12:48 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: adaptive security appliance
vendor: cisco model: adaptive security appliance software
vendor: cisco model: asa software
vendor: cisco model: adaptive security device manager
vendor: cisco model: device manager
vendor: cisco model: intrusion prevention system
vendor: cisco model: asdm
vendor: cisco model: security device manager
vendor: cisco model: firepower management center
vendor: cisco model: firepower

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Phantom Technology Solutions Blog | Rolling Prairie, IN | PhantomTS

Trust: 3.0

Fetched: Jan. 11, 2023, 9:14 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Apple issues fix for ‘actively exploited’ WebKit zero day vulnerability - TechCentral.ie

Related entries in the VARIoT vulnerabilities database: VAR-202209-0759, VAR-202212-1751

Trust: 3.75

Fetched: Jan. 11, 2023, 9:10 a.m., Published: Dec. 14, 2022, 2:49 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: icloud
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: webkit
db: NVD ids: CVE-2022-32917, CVE-2022-42856

Cybersecurity Vulnerabilities: Types, Examples, And More - Data Intelligence.

Trust: 3.75

Fetched: Jan. 11, 2023, 9:09 a.m., Published: Jan. 10, 2023, 11:13 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: manageengine model: network configuration manager

A Significant Vulnerability is Present in Apple Devices Through MacKeeper - PC Technologies Blog | Olympia, Lacey, Tumwater, Washington | PC Technologies

Trust: 3.0

Fetched: Jan. 11, 2023, 9:09 a.m., Published: Jan. 11, 2003, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Siemens PROFINET Devices (Update L) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201910-1595

Trust: 4.0

Fetched: Jan. 11, 2023, 9:07 a.m., Published: Jan. 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic et
vendor: siemens model: sinamics s120
vendor: siemens model: simatic hmi ktp mobile panels
vendor: siemens model: simatic s7-1200
vendor: siemens model: simatic et 200mp im 155-5 pn ba
vendor: siemens model: simatic s7-400 h
vendor: siemens model: simatic s7-400 pn/dp v7
vendor: siemens model: ek-ertec 200
vendor: siemens model: simatic hmi comfort panels
vendor: siemens model: dk standard ethernet controller
vendor: siemens model: ek-ertec 200p
vendor: siemens model: simatic s7-400
vendor: siemens model: sinamics g150
vendor: siemens model: sinamics s110
vendor: siemens model: sinamics sm120
vendor: siemens model: sinamics s150
vendor: siemens model: simatic winac rtx
vendor: siemens model: s7-400
vendor: siemens model: simatic et 200mp im 155-5 pn st
vendor: siemens model: sinamics g110m
vendor: siemens model: simatic et 200sp im 155-6 pn hs
vendor: siemens model: simatic s7-410 v8
vendor: siemens model: simatic
vendor: siemens model: simatic s7-300 cpu
vendor: siemens model: sinumerik 828d
vendor: siemens model: sinumerik 840d sl
vendor: siemens model: simatic hmi
vendor: siemens model: sinamics gl150
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc
vendor: siemens model: sinamics dcp
vendor: siemens model: simatic et 200m
vendor: siemens model: profinet io
vendor: siemens model: 840d
vendor: siemens model: simatic et 200sp im 155-6 pn st
vendor: siemens model: sinamics dcm
vendor: siemens model: simatic et 200sp im 155-6 pn hf
vendor: siemens model: sinamics
vendor: siemens model: simatic profinet driver
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: simatic s7-400 h v6
vendor: siemens model: s7-400 pn/dp
vendor: siemens model: simatic s7-300 cpu family
vendor: siemens model: s7-300
vendor: siemens model: et 200sp open controller
vendor: siemens model: simatic s7-300
vendor: siemens model: simatic et 200mp im 155-5 pn hf
vendor: siemens model: sinamics g120
vendor: siemens model: simatic et 200s
vendor: siemens model: simatic et 200pro
vendor: siemens model: simatic s7-400 pn/dp v6
vendor: siemens model: simatic s7-410
vendor: siemens model: ek-ertec
vendor: siemens model: simatic et 200sp open controller
vendor: siemens model: simatic pn/pn coupler
vendor: siemens model: s7-1200 cpu
vendor: siemens model: simatic tdc cp51m1
vendor: siemens model: sinumerik 840d
vendor: siemens model: profinet driver
vendor: siemens model: sinamics gh150
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: s7-410
vendor: siemens model: simatic s7-1500 cpu family
vendor: siemens model: simatic s7-400 pn
vendor: siemens model: simatic et 200al
vendor: siemens model: simatic s7-400 pn/dp
vendor: siemens model: simatic cfu pa
vendor: siemens model: simatic s7-1500
vendor: siemens model: simatic et 200mp
vendor: siemens model: simatic et 200sp open
vendor: siemens model: sinamics sl150
vendor: siemens model: s7-1500 cpu
vendor: siemens model: simatic et 200ecopn
vendor: siemens model: sinamics gm150
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: pn/pn coupler
vendor: siemens model: simatic et 200sp im 155-6 pn ba
vendor: siemens model: simatic et 200sp im 155-6 pn ha
vendor: siemens model: sinamics g130
vendor: siemens model: simatic tdc cpu555
vendor: siemens model: simatic et 200sp
vendor: siemens model: simatic hmi comfort outdoor panels
db: NVD ids: CVE-2019-10936

Warning over ransomware attacks spreading via Fortinet kit | Computer Weekly

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-202210-0198

Trust: 3.75

Fetched: Jan. 11, 2023, 9:07 a.m., Published: Jan. 5, 2023, midnight
 Vulnerabilities: authentication bypass, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-42475, CVE-2022-40684