Sign-up

VARIoT news about IoT security

Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking | SecurityWeek.Com

Trust: 4.75

Fetched: Dec. 25, 2022, 9:18 a.m., Published: Dec. 25, 2022, midnight
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2022-28173

Siemens Multiple Vulnerabilities in SCALANCE Products | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202207-0621, VAR-202212-1133, VAR-202212-1134, VAR-202212-1136

Trust: 5.25

Fetched: Dec. 25, 2022, 9:17 a.m., Published: Dec. 1, 2022, midnight
 Vulnerabilities: code injection, improper validation
Affected productsExternal IDs
vendor: siemens model: scalance sc642-2c
vendor: siemens model: scalance xc206-2sfp g
vendor: siemens model: scalance xr524
vendor: siemens model: scalance xr326-2c poe wg
vendor: siemens model: scalance xc216-4c g eec
vendor: siemens model: scalance xb208
vendor: siemens model: scalance xr526
vendor: siemens model: scalance sc636-2c
vendor: siemens model: scalance sc632-2c
vendor: siemens model: scalance xc206-2sfp g eec
vendor: siemens model: scalance xr528
vendor: siemens model: scalance sc622-2c
vendor: siemens model: scalance xb213-3ld
vendor: siemens model: scalance xf204 dna
vendor: siemens model: scalance xc208
vendor: siemens model: scalance xc206-2g poe eec
vendor: siemens model: scalance xb213-3
vendor: siemens model: scalance xc208g eec
vendor: siemens model: scalance xp216
vendor: siemens model: scalance xc224-4c g
vendor: siemens model: scalance xr324wg
vendor: siemens model: scalance xr552
vendor: siemens model: scalance xc216-4c g
vendor: siemens model: scalance xp208poe eec
vendor: siemens model: scalance xc206-2sfp eec
vendor: siemens model: scalance xc216-4c
vendor: siemens model: scalance xp216eec
vendor: siemens model: scalance sc646-2c
vendor: siemens model: ruggedcom rm1224
vendor: siemens model: scalance xr526-8c
vendor: siemens model: scalance xc208g poe
vendor: siemens model: scalance xr524-8c
vendor: siemens model: scalance xc206-2
vendor: siemens model: scalance s615
vendor: siemens model: scalance xc224
vendor: siemens model: scalance xb205-3ld
vendor: siemens model: scalance xc206-2sfp
vendor: siemens model: scalance xc208g
vendor: siemens model: scalance xc216eec
vendor: siemens model: scalance xc208eec
vendor: siemens model: scalance xf204-2ba dna
vendor: siemens model: scalance xc206-2g poe
vendor: siemens model: scalance xp208eec
vendor: siemens model: scalance xp208
vendor: siemens model: scalance xc216
vendor: siemens model: scalance xf204
vendor: siemens model: scalance xb205-3
vendor: siemens model: scalance
vendor: siemens model: scalance xb216
vendor: siemens model: ruggedcom
vendor: siemens model: scalance xr328-4c wg
vendor: siemens model: scalance xr528-6m
vendor: siemens model: scalance xc224-4c g eec
vendor: siemens model: scalance xp216poe eec
db: NVD ids: CVE-2022-46144, CVE-2022-34821, CVE-2022-46140, CVE-2022-46142, CVE-2022-46143

Apple issues fix for ‘actively exploited’ WebKit zero-day vulnerability | IT PRO

Related entries in the VARIoT vulnerabilities database: VAR-202209-0759, VAR-202212-1751

Trust: 3.75

Fetched: Dec. 25, 2022, 9:16 a.m., Published: May 25, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: icloud
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2022-32917, CVE-2022-42856

Industrial device vulnerabilities increase by 50% in some cases as vendors ignore warnings - CIO World Asia

Trust: 3.75

Fetched: Dec. 25, 2022, 9:15 a.m., Published: Dec. 12, 2022, 5:14 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

OT:ICEFALL Continues: Vedere Labs Discloses Three New Vulnerabilities Affecting OT Products | Forescout

Related entries in the VARIoT vulnerabilities database: VAR-201501-0401

Trust: 4.5

Fetched: Dec. 25, 2022, 9:14 a.m., Published: Nov. 30, 2022, 12:30 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: wibu-systems model: codemeter
vendor: codesys model: codesys
vendor: codesys model: control
vendor: codesys model: runtime
vendor: wibu model: codemeter
db: NVD ids: CVE-2022-3079, CVE-2022-3270, CVE-2014-9195, CVE-2022-22515, CVE-2022-31806, CVE-2022-4048

Cisco Reports Critical IP Phone Vulnerability | QPC Security

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 25, 2022, 9:14 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: ip phone
vendor: cisco model: link layer discovery protocol
vendor: cisco model: series
vendor: cisco model: ip phone 7800
db: NVD ids: CVE-2022-20968

Computer Vulnerability | Most Common Security Vulnerabilities

Trust: 3.75

Fetched: Dec. 25, 2022, 9:14 a.m., Published: Oct. 11, 2022, 10:19 a.m.
 Vulnerabilities: os command injection, cross-site scripting, path traversal...
Affected productsExternal IDs

ICS/OT/SCADA Impacting Vulnerability - Microsoft to Force DCOM Patch in March, Could Shutdown ICS/OT/SCADA Devices | WaterISAC

Trust: 3.75

Fetched: Dec. 23, 2022, 9:20 a.m., Published: Dec. 22, 2022, 7:46 p.m.
 Vulnerabilities: feature bypass, security feature bypass
Affected productsExternal IDs

Samsung updates Galaxy S10 series to December security patch

Trust: 3.75

Fetched: Dec. 23, 2022, 9:19 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: galaxy s10
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products - info database | Vulners

Related entries in the VARIoT vulnerabilities database: VAR-202201-0561, VAR-202201-0554, VAR-202208-1294, VAR-202209-0759, VAR-202202-0109, VAR-202203-1579, VAR-202208-1345, VAR-202210-1624, VAR-202212-1751, VAR-202203-1580

Trust: 4.75

Fetched: Dec. 23, 2022, 9:18 a.m., Published: Dec. 14, 2022, 3:44 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: icloud
vendor: apple model: safari
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2022-22587, CVE-2022-22594, CVE-2022-32894, CVE-2022-32917, CVE-2022-22620, CVE-2022-22674, CVE-2022-32893, CVE-2022-42827, CVE-2022-42856, CVE-2022-22675

Running in Place: Staying Afloat With Language-Level Vulnerability Management - CPO Magazine

Trust: 3.0

Fetched: Dec. 23, 2022, 9:17 a.m., Published: Dec. 11, 2022, 10:52 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Chinese State Hackers Exploit Zero-Day Vulnerabilities in Citrix Networking Equipment | Robinson+Cole Data Privacy + Security Insider - JDSupra

Trust: 3.75

Fetched: Dec. 23, 2022, 9:17 a.m., Published: Dec. 19, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: gateway
db: NVD ids: CVE-2022-27518

Fortinet Heap-Based Buffer Overflow Vulnerability - Lansweeper

Trust: 4.0

Fetched: Dec. 23, 2022, 9:16 a.m., Published: Dec. 13, 2022, 3:31 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

Cisco Reports Critical IP Phone Vulnerability | The VeriCom Group

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 23, 2022, 9:14 a.m., Published: -
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: cisco model: link layer discovery protocol
vendor: cisco model: ip phone
vendor: cisco model: ip phone 7800
vendor: cisco model: series
db: NVD ids: CVE-2022-20968

New and Actively Exploited Zero-Day Vulnerability discovered in Multiple Apple Devices - TecSec Services Ltd

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 3.75

Fetched: Dec. 23, 2022, 9:11 a.m., Published: Dec. 22, 2022, 2:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: icloud
db: NVD ids: CVE-2022-42856

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks | SecurityWeek.Com

Trust: 4.5

Fetched: Dec. 23, 2022, 9:11 a.m., Published: Dec. 23, 2022, midnight
 Vulnerabilities: default credentials, code execution
Affected productsExternal IDs
vendor: lenovo model: system
vendor: asus model: bmc firmware
vendor: asus model: asus
vendor: huawei model: huawei
db: NVD ids: CVE-2022-40259, CVE-2022-40242

Security Advisory: Asus M25 NAS Vulnerability - ONEKEY

Trust: 4.75

Fetched: Dec. 23, 2022, 9:10 a.m., Published: Dec. 1, 2022, 9:25 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: asus model: asus

OESIS Framework December 06, 2022 Release - OPSWAT

Related entries in the VARIoT vulnerabilities database: VAR-201903-0177, VAR-201907-0116, VAR-201903-0183, VAR-201903-0185, VAR-201903-0187, VAR-201903-0184

Trust: 3.75

Fetched: Dec. 21, 2022, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: quick heal model: quick heal
vendor: palo alto networks model: networks
vendor: symantec model: antivirus
vendor: symantec model: norton
vendor: palo model: networks
vendor: quick heal technologies model: quick heal
db: NVD ids: CVE-2018-16472, CVE-2022-3370, CVE-2022-4191, CVE-2019-6522, CVE-2022-4262, CVE-2019-5457, CVE-2022-4192, CVE-2020-25598, CVE-2022-4181, CVE-2022-4194, CVE-2022-4180, CVE-2022-4178, CVE-2022-4193, CVE-2020-3481, CVE-2022-3373, CVE-2019-6557, CVE-2019-5444, CVE-2022-4189, CVE-2022-4172, CVE-2022-4176, CVE-2022-4144, CVE-2019-6561, CVE-2022-3725, CVE-2020-15852, CVE-2022-4175, CVE-2019-6565, CVE-2022-4195, CVE-2022-4184, CVE-2022-4187, CVE-2022-4190, CVE-2022-4188, CVE-2022-4177, CVE-2022-4179, CVE-2022-4183, CVE-2019-6559, CVE-2022-4186, CVE-2022-4174, CVE-2022-4182, CVE-2017-2599

Update X.org Server 21.1.5 and Xwayland 22.1.6 with elimination of 6 vulnerabilities | Altus Intel

Trust: 3.0

Fetched: Dec. 21, 2022, 9:28 a.m., Published: Dec. 14, 2022, 6:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-46343, CVE-2022-46340, CVE-2022-46283, CVE-2022-46342, CVE-2022-46344, CVE-2022-46341

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth : spixnet_gmbh_official

Trust: 4.5

Fetched: Dec. 21, 2022, 9:23 a.m., Published: March 21, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android