Sign-up

VARIoT news about IoT security

2023-01 Security Bulletin: Junos OS: SRX Series: The flowd daemon will crash when Unified Policies are used with IPv6 and certain dynamic applications are rejected by the device (CVE-2023-22411)

Trust: 3.25

Fetched: March 3, 2023, 9:20 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-22411

Siemens RUGGEDCOM Devices (Update D) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202203-0739

Trust: 3.5

Fetched: March 3, 2023, 9:20 a.m., Published: Dec. 15, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: ruggedcom ros
vendor: siemens model: ruggedcom
vendor: siemens model: rsl910
db: NVD ids: CVE-2021-37209

Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202303-0357

Trust: 3.75

Fetched: March 3, 2023, 9:19 a.m., Published: March 1, 2023, 3:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phones
vendor: cisco model: series
vendor: cisco model: ip phone
vendor: cisco model: unified ip conference phone
vendor: cisco model: unified ip phone 7900 series
vendor: cisco model: unified ip conference phone 8831
vendor: cisco model: unified ip phones
vendor: cisco model: 8831
vendor: cisco model: ip phone 7900 series
vendor: cisco model: cisco unified ip phone
vendor: cisco model: unified ip phone
vendor: cisco model: ip conference phone
db: NVD ids: CVE-2023-20079

Siemens SCALANCE X-200RNA Switch Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202212-1142, VAR-202212-1143, VAR-202212-1144, VAR-202212-1146, VAR-202212-1141, VAR-202212-1145

Trust: 5.5

Fetched: March 3, 2023, 9:19 a.m., Published: Dec. 15, 2022, midnight
 Vulnerabilities: cross-site scripting, improper access control
Affected productsExternal IDs
vendor: siemens model: scalance x-200rna
vendor: siemens model: scalance x204rna
vendor: siemens model: scalance
db: NVD ids: CVE-2022-46351, CVE-2022-46354, CVE-2022-46353, CVE-2022-46355, CVE-2022-46352, CVE-2022-46350

Snap One Wattbox WB-300-IP-3 | CISA

Trust: 4.75

Fetched: March 3, 2023, 9:19 a.m., Published: -
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-22315, CVE-2023-24020, CVE-2023-22389, CVE-2023-23582

Siemens S7-1500 CPU devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 3.5

Fetched: March 3, 2023, 9:18 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: cpu 1512sp-1 pn
vendor: siemens model: s7-1500 cpu
vendor: siemens model: cpu 1507d tf
vendor: siemens model: cpu 1516pro-2 pn
vendor: siemens model: simatic
vendor: siemens model: simatic s7-1500 cpu 1517-3 pn
vendor: siemens model: simatic s7-1500 cpu 1518
vendor: siemens model: cpu 1516-3
vendor: siemens model: cpu 1513-1 pn
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: cpu 1513pro f-2 pn
vendor: siemens model: cpu 1511c-1 pn
vendor: siemens model: cpu 1512c-1 pn
vendor: siemens model: cpu 1512sp f-1 pn
vendor: siemens model: cpu 1513f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515f-2 pn
vendor: siemens model: cpu 1515r-2 pn
vendor: siemens model: cpu 1516f-3
vendor: siemens model: simatic s7-1500 cpu 1513f-1 pn
vendor: siemens model: cpu 1515t-2 pn
vendor: siemens model: simatic s7-1500
vendor: siemens model: simatic s7-1500 cpu 1512c
vendor: siemens model: cpu 1515-2
vendor: siemens model: cpu 1513r-1 pn
vendor: siemens model: simatic s7-1500 cpu 1511-1 pn
vendor: siemens model: simatic s7-1500 cpu 1516-3 pn
vendor: siemens model: cpu 1515f-2
vendor: siemens model: simatic s7-1500 cpu 1511c
vendor: siemens model: cpu 1515tf-2 pn
vendor: siemens model: cpu 1516pro f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1515-2 pn
vendor: siemens model: simatic s7-1500 cpu 1511f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1513-1 pn
vendor: siemens model: simatic s7-1500 cpu 1518-4 pn
vendor: siemens model: cpu 1504d tf
db: NVD ids: CVE-2022-38773

Siemens TCP Event Service of SCALANCE And RUGGEDCOM Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202210-0430

Trust: 3.5

Fetched: March 3, 2023, 9:16 a.m., Published: Jan. 13, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: ruggedcom rm1224
vendor: siemens model: ruggedcom
vendor: siemens model: scalance s615
vendor: siemens model: scalance
db: NVD ids: CVE-2022-31766

Electronics | Free Full-Text | Analysis of Consumer IoT Device Vulnerability Quantification Frameworks

Trust: 4.0

Fetched: March 3, 2023, 9:13 a.m., Published: Jan. 3, 2023, midnight
 Vulnerabilities: code execution, data injection, code injection...
Affected productsExternal IDs
vendor: belkin model: router
vendor: google model: google home
vendor: google model: home
vendor: google model: android
vendor: symantec model: system works
vendor: trend model: security
vendor: tp-link model: routers
vendor: tp-link model: gateway

New class of security vulnerabilities found on Apple devices

Trust: 4.75

Fetched: March 1, 2023, 9:13 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software - Sigma Cyber Security

Trust: 3.0

Fetched: March 1, 2023, 9:13 a.m., Published: Feb. 26, 2023, 1:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: clamav model: clamav

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices - Parrot CTFs Blog

Related entries in the VARIoT vulnerabilities database: VAR-202302-2044

Trust: 4.0

Fetched: March 1, 2023, 9:12 a.m., Published: Feb. 26, 2023, 8:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2023-23520

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices - CyberConvoy Blog

Related entries in the VARIoT vulnerabilities database: VAR-202302-2044, VAR-202302-2240, VAR-202302-2045

Trust: 4.75

Fetched: March 1, 2023, 9:12 a.m., Published: Feb. 22, 2023, 8:23 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2023-23520, CVE-2023-23531, CVE-2023-23530

Security Vulnerabilities Newsletter: Top News Rundown (Weeks 5/9-2023) - binaré (binare.io)

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 4.5

Fetched: March 1, 2023, 9:11 a.m., Published: Feb. 28, 2023, 3:26 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: router
db: NVD ids: CVE-2023-20076

Considerations for Medical Device Vulnerability Remediation | Nexus

Trust: 3.0

Fetched: March 1, 2023, 9:11 a.m., Published: March 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

U.S. Defense Dept Purchased Chinese IT Equipment with Known Vulnerabilities for Use at Sensitive Base. | SGT Report

Trust: 3.5

Fetched: March 1, 2023, 9:10 a.m., Published: Feb. 27, 2023, 3 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: tp-link model: routers

OESIS Framework February 09, 2023 Release - OPSWAT

Trust: 4.0

Fetched: March 1, 2023, 9:10 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ringcentral model: ringcentral
db: NVD ids: CVE-2023-0472, CVE-2023-0473, CVE-2023-0474, CVE-2022-42330, CVE-2023-22241, CVE-2023-22240, CVE-2022-42919, CVE-2023-0471, CVE-2023-22242

Hacker Tracker: February 2023 | Beyond Identity

Trust: 3.5

Fetched: March 1, 2023, 9:09 a.m., Published: Feb. 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: home
vendor: emsisoft model: antivirus
vendor: trend model: password manager
vendor: trend model: security
vendor: trend model: antivirus

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Related entries in the VARIoT vulnerabilities database: VAR-202302-1452, VAR-202302-1614, VAR-202302-1598

Trust: 5.5

Fetched: March 1, 2023, 9:08 a.m., Published: Feb. 17, 2023, 5:46 a.m.
 Vulnerabilities: buffer overflow, information leak, entity injection...
Affected productsExternal IDs
vendor: google model: nexus
vendor: clamav model: clamav
vendor: cisco model: email security appliance
vendor: cisco model: web security appliance
vendor: cisco model: nexus
vendor: cisco model: management appliance
vendor: cisco model: advanced malware protection
vendor: cisco model: clamav
db: NVD ids: CVE-2023-20052, CVE-2023-20032, CVE-2023-20075, CVE-2023-20014, CVE-2023-20009

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software - Parrot CTFs Blog

Related entries in the VARIoT vulnerabilities database: VAR-202302-1452

Trust: 5.75

Fetched: Feb. 26, 2023, 9:28 a.m., Published: Feb. 20, 2023, 10:58 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: clamav
vendor: clamav model: clamav
db: NVD ids: CVE-2023-20032

The right way to Protect The Devices and Accounts Out of Hackers | Rinn

Trust: 4.0

Fetched: Feb. 26, 2023, 9:27 a.m., Published: Feb. 19, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone