Sign-up

VARIoT news about IoT security

Cisco NX-OS Software CLI Command Injection Vulnerability

Trust: 4.0

Fetched: March 7, 2023, 9:14 a.m., Published: Feb. 22, 2023, 3:50 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: 1000v
vendor: cisco model: nexus
vendor: cisco model: nexus 1000v
vendor: cisco model: nx-os software
vendor: cisco model: series
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: nexus 9000 series
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
vendor: cisco model: series switches
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 9000

Sierra Wireless Airlink ACEmanager Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201905-0851

Trust: 5.25

Fetched: March 7, 2023, 9:13 a.m., Published: Jan. 30, 2023, midnight
 Vulnerabilities: command execution, code execution, command injection
Affected productsExternal IDs
vendor: sierra model: mp70
vendor: sierra model: rv50x
vendor: sierra model: es450
vendor: sierra model: gx450
vendor: sierra model: rv50
vendor: sierra model: aleos
vendor: sierra wireless model: mp70
vendor: sierra wireless model: rv50x
vendor: sierra wireless model: es450
vendor: sierra wireless model: gx450
vendor: sierra wireless model: rv50
vendor: sierra wireless model: aleos
db: NVD ids: CVE-2022-46650, CVE-2018-4061, CVE-2022-46649

Multiple vulnerabilities in Audiocodes Device Manager Express

Trust: 4.75

Fetched: March 7, 2023, 9:13 a.m., Published: Feb. 27, 2023, midnight
 Vulnerabilities: input validation error, cross-site scripting, sql injection...
Affected productsExternal IDs
db: NVD ids: CVE-2022-24632, CVE-2022-24629, CVE-2022-24628, CVE-2022-24631, CVE-2022-24627, CVE-2022-24630

Cisco Unified Intelligence Center Vulnerabilities

Trust: 3.0

Fetched: March 7, 2023, 9:13 a.m., Published: March 1, 2023, 3:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco unified intelligence center
vendor: cisco model: unified intelligence center

Cisco patches critical bugs in IP Phones | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202303-0475, VAR-202303-0357

Trust: 5.5

Fetched: March 7, 2023, 9:12 a.m., Published: March 2, 2023, 3:29 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: cisco model: ip phone 7900 series
vendor: cisco model: ip phone
vendor: cisco model: 8831
vendor: cisco model: unified ip conference phone 8831
vendor: cisco model: unified ip conference phone
vendor: cisco model: series
vendor: cisco model: ip conference phone
vendor: cisco model: ip phones
vendor: cisco model: unified ip phone 7900 series
vendor: cisco model: unified ip phone
db: NVD ids: CVE-2023-20078, CVE-2023-20079

Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities - Cisco

Related entries in the VARIoT vulnerabilities database: VAR-202303-0357

Trust: 3.75

Fetched: March 7, 2023, 9:11 a.m., Published: March 6, 2023, 7:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phone
vendor: cisco model: ip conference phone
vendor: cisco model: ip phones
vendor: cisco model: ip phone 7900 series
vendor: cisco model: unified ip conference phone 8831
vendor: cisco model: series
vendor: cisco model: unified ip phone
vendor: cisco model: unified ip phones
vendor: cisco model: unified ip phone 7900 series
vendor: cisco model: 8831
vendor: cisco model: unified ip conference phone
vendor: cisco model: cisco unified ip phone
db: NVD ids: CVE-2023-20079

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202212-1314, VAR-202212-1312, VAR-202212-1311, VAR-202212-1313

Trust: 4.75

Fetched: March 7, 2023, 9:10 a.m., Published: Jan. 13, 2023, midnight
 Vulnerabilities: denial of service, improper validation
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500 cpu family
vendor: siemens model: et 200sp open controller
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc2
vendor: siemens model: simatic s7-1500
vendor: siemens model: simatic s7-plcsim advanced
vendor: siemens model: simatic s7-1200
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: simatic et 200sp
vendor: siemens model: tim 1531 irc
vendor: siemens model: simatic s7-plcsim
vendor: siemens model: simatic et 200sp open
vendor: siemens model: simatic s7-1500 software controller
vendor: siemens model: simatic
vendor: siemens model: simatic et 200sp open controller
vendor: siemens model: s7-1500 cpu
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: s7-1200 cpu
vendor: siemens model: simatic et
vendor: siemens model: simatic drive controller family
db: NVD ids: CVE-2021-44695, CVE-2021-44694, CVE-2021-44693, CVE-2021-40365

OESIS Framework February 09, 2023 Release - OPSWAT

Trust: 4.0

Fetched: March 5, 2023, 9:25 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ringcentral model: ringcentral
db: NVD ids: CVE-2022-42330, CVE-2023-22241, CVE-2023-0474, CVE-2023-22240, CVE-2023-22242, CVE-2023-0472, CVE-2023-0471, CVE-2022-42919, CVE-2023-0473

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

Trust: 4.75

Fetched: March 5, 2023, 9:23 a.m., Published: Feb. 27, 2023, 10:04 a.m.
 Vulnerabilities: file execution
Affected productsExternal IDs
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: trend micro model: security
vendor: palo model: networks

Privacy expert urges iPhone users to update devices after Apple bug discovered that can access photos - Irish Mirror Online

Related entries in the VARIoT vulnerabilities database: VAR-202302-2044, VAR-202302-2240

Trust: 4.0

Fetched: March 5, 2023, 9:22 a.m., Published: March 1, 2023, 10:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2023-23520, CVE-2023-23531

Serious Security Flaw in Cisco ClamAV Discovered | LanSource, Inc.

Trust: 3.75

Fetched: March 5, 2023, 9:21 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: clamav model: clamav
vendor: cisco model: clamav

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine

Trust: 3.0

Fetched: March 5, 2023, 9:20 a.m., Published: March 3, 2023, 4:30 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018

Medtronic Micro Clinician and InterStim Apps | CISA

Trust: 4.75

Fetched: March 5, 2023, 9:20 a.m., Published: March 6, 2023, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
db: NVD ids: CVE-2023-25931

A Comprehensive Guide to IoT Security Testing - Java Code Geeks - 2023

Trust: 4.25

Fetched: March 5, 2023, 9:19 a.m., Published: March 3, 2023, 1:32 p.m.
 Vulnerabilities: sql injection, cross-site scripting, default credentials
Affected productsExternal IDs

Security Defects in TPM 2.0 Reference Library Expose Devices to Code Execution Attacks - Vulnera

Trust: 3.75

Fetched: March 5, 2023, 9:19 a.m., Published: Feb. 28, 2023, 9:50 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018, CVE-2023-1017

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

Trust: 3.0

Fetched: March 5, 2023, 9:19 a.m., Published: March 3, 2023, 10:18 a.m.
 Vulnerabilities: information disclosure, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Siemens PROFINET Devices (Update L) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201910-1595

Trust: 4.0

Fetched: March 5, 2023, 9:17 a.m., Published: Jan. 13, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic pn/pn coupler
vendor: siemens model: simatic tdc cp51m1
vendor: siemens model: sinamics s110
vendor: siemens model: simatic et 200sp open
vendor: siemens model: simatic hmi comfort panels
vendor: siemens model: simatic et 200al
vendor: siemens model: simatic et 200mp
vendor: siemens model: s7-300
vendor: siemens model: simatic et 200s
vendor: siemens model: sinumerik 840d sl
vendor: siemens model: sinamics g120
vendor: siemens model: 840d
vendor: siemens model: sinamics s120
vendor: siemens model: simatic hmi comfort outdoor panels
vendor: siemens model: simatic s7-300 cpu family
vendor: siemens model: simatic s7-400
vendor: siemens model: dk standard ethernet controller
vendor: siemens model: simatic s7-410 v8
vendor: siemens model: simatic s7-400 pn/dp v6
vendor: siemens model: sinumerik 840d
vendor: siemens model: simatic et
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc
vendor: siemens model: s7-1200 cpu
vendor: siemens model: simatic winac rtx
vendor: siemens model: s7-410
vendor: siemens model: simatic et 200sp
vendor: siemens model: simatic tdc cpu555
vendor: siemens model: simatic s7-300
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: sinamics dcm
vendor: siemens model: simatic s7-1500 cpu family
vendor: siemens model: simatic cfu pa
vendor: siemens model: simatic s7-410
vendor: siemens model: sinamics gm150
vendor: siemens model: s7-400 pn/dp
vendor: siemens model: sinamics dcp
vendor: siemens model: simatic et 200sp im 155-6 pn ba
vendor: siemens model: simatic et 200ecopn
vendor: siemens model: profinet driver
vendor: siemens model: simatic s7-1200
vendor: siemens model: sinamics g110m
vendor: siemens model: s7-400
vendor: siemens model: simatic s7-400 pn
vendor: siemens model: simatic s7-400 h v6
vendor: siemens model: simatic s7-400 pn/dp
vendor: siemens model: sinamics sm120
vendor: siemens model: simatic hmi
vendor: siemens model: sinamics g130
vendor: siemens model: sinamics
vendor: siemens model: simatic et 200mp im 155-5 pn hf
vendor: siemens model: simatic et 200mp im 155-5 pn st
vendor: siemens model: sinamics gh150
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: ek-ertec 200p
vendor: siemens model: pn/pn coupler
vendor: siemens model: profinet io
vendor: siemens model: ek-ertec
vendor: siemens model: sinamics sl150
vendor: siemens model: ek-ertec 200
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: simatic et 200sp im 155-6 pn hs
vendor: siemens model: simatic s7-300 cpu
vendor: siemens model: simatic et 200sp open controller
vendor: siemens model: sinamics g150
vendor: siemens model: sinamics gl150
vendor: siemens model: simatic et 200sp im 155-6 pn ha
vendor: siemens model: simatic et 200mp im 155-5 pn ba
vendor: siemens model: et 200sp open controller
vendor: siemens model: s7-1500 cpu
vendor: siemens model: sinumerik 828d
vendor: siemens model: simatic et 200sp im 155-6 pn st
vendor: siemens model: sinamics s150
vendor: siemens model: simatic
vendor: siemens model: simatic hmi ktp mobile panels
vendor: siemens model: simatic profinet driver
vendor: siemens model: simatic s7-1500
vendor: siemens model: simatic et 200m
vendor: siemens model: simatic s7-400 pn/dp v7
vendor: siemens model: simatic s7-400 h
vendor: siemens model: simatic et 200pro
vendor: siemens model: simatic et 200sp im 155-6 pn hf
db: NVD ids: CVE-2019-10936

Cisco Patches Critical Vulnerability in IP Phones - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202303-0357, VAR-202303-0475

Trust: 3.75

Fetched: March 5, 2023, 9:17 a.m., Published: March 2, 2023, 12:09 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: 8831
vendor: cisco model: ip phone
vendor: cisco model: prime infrastructure
vendor: cisco model: unified ip phone
vendor: cisco model: ip conference phone
vendor: cisco model: webex
vendor: cisco model: finesse
vendor: cisco model: unified intelligence center
vendor: cisco model: ip phones
vendor: cisco model: unified ip conference phone 8831
vendor: cisco model: unified ip conference phone
vendor: cisco model: series
vendor: cisco model: unified ip phone 7900 series
vendor: cisco model: ip phone 7900 series
vendor: cisco model: series ip phones
db: NVD ids: CVE-2023-20079, CVE-2023-20078

Detecting Vulnerability on IoT Device Firmware: A Survey

Trust: 4.25

Fetched: March 5, 2023, 9:14 a.m., Published: March 10, 2023, midnight
 Vulnerabilities: information disclosure, authentication bypass, denial of service...
Affected productsExternal IDs
vendor: samsung smartthings model: printer
vendor: samsung smartthings model: printers
vendor: samsung model: printer
vendor: samsung model: printers

CVE-2023-0127 (dwl-2600ap_firmware) | GoVanguard Threat Center

Related entries in the VARIoT vulnerabilities database: VAR-202302-0845

Trust: 3.0

Fetched: March 3, 2023, 9:39 a.m., Published: Feb. 11, 2023, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-0127