Sign-up

VARIoT news about IoT security

Vulnerabilities open Korenix JetWave industrial networking devices to attack - Help Net Security

Trust: 3.0

Fetched: Feb. 15, 2023, 9:13 a.m., Published: Feb. 13, 2023, 2:24 p.m.
 Vulnerabilities: command injection, default credentials, request forgery...
Affected productsExternal IDs

Apple's iOS and macOS have a nasty vulnerability, so update now | Mashable

Trust: 3.75

Fetched: Feb. 15, 2023, 9:13 a.m., Published: Feb. 14, 2023, 1:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: safari

Vulnerability in QTS and QuTS hero - Security Advisory | QNAP (IN)

Trust: 3.25

Fetched: Feb. 12, 2023, 9:14 a.m., Published: Feb. 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Security Advisory - Unauthorized device timestamp modification vulnerability exists in some Dahua embedded products

Trust: 3.75

Fetched: Feb. 12, 2023, 9:12 a.m., Published: May 12, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dahua model: sd5a
vendor: dahuasecurity model: sd5a
db: NVD ids: CVE-2022-30564

Thousands of Sophos Firewall devices at risk of RCE attacks | SC Media

Trust: 3.25

Fetched: Feb. 12, 2023, 9:11 a.m., Published: Jan. 18, 2023, 6:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall

Siemens S7-1500 CPU devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 3.5

Fetched: Feb. 12, 2023, 9:10 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: cpu 1512sp-1 pn
vendor: siemens model: cpu 1515t-2 pn
vendor: siemens model: cpu 1515-2
vendor: siemens model: simatic s7-1500 cpu 1512c
vendor: siemens model: cpu 1513pro f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1513f-1 pn
vendor: siemens model: cpu 1513r-1 pn
vendor: siemens model: cpu 1515tf-2 pn
vendor: siemens model: cpu 1516f-3
vendor: siemens model: cpu 1513f-1 pn
vendor: siemens model: cpu 1516pro-2 pn
vendor: siemens model: cpu 1511c-1 pn
vendor: siemens model: simatic s7-1500 cpu 1516-3 pn
vendor: siemens model: cpu 1512sp f-1 pn
vendor: siemens model: simatic s7-1500
vendor: siemens model: simatic s7-1500 cpu 1518-4 pn
vendor: siemens model: cpu 1515f-2
vendor: siemens model: simatic s7-1500 cpu 1518
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic s7-1500 cpu 1511f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1511-1 pn
vendor: siemens model: cpu 1507d tf
vendor: siemens model: cpu 1516pro f-2 pn
vendor: siemens model: cpu 1513-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515f-2 pn
vendor: siemens model: cpu 1504d tf
vendor: siemens model: simatic
vendor: siemens model: cpu 1512c-1 pn
vendor: siemens model: simatic s7-1500 cpu 1511c
vendor: siemens model: cpu 1515r-2 pn
vendor: siemens model: simatic s7-1500 cpu 1515-2 pn
vendor: siemens model: simatic s7-1500 cpu 1513-1 pn
vendor: siemens model: cpu 1516-3
vendor: siemens model: simatic s7-1500 cpu 1517-3 pn
vendor: siemens model: s7-1500 cpu
db: NVD ids: CVE-2022-38773

Lazarus campaign exploits unpatched Zimbra devices, targets medical data | SC Media

Trust: 3.0

Fetched: Feb. 12, 2023, 9:10 a.m., Published: Feb. 2, 2023, 6:18 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-41352

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - AI Home Security

Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630

Trust: 4.75

Fetched: Feb. 10, 2023, 11:25 a.m., Published: Feb. 9, 2023, 9:31 p.m.
 Vulnerabilities: information disclosure, code execution, command injection...
Affected productsExternal IDs
vendor: siemens model: automation license manager
db: NVD ids: CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - securityenews

Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630

Trust: 4.75

Fetched: Feb. 10, 2023, 11:24 a.m., Published: Feb. 9, 2023, 2:40 p.m.
 Vulnerabilities: information disclosure, code execution, command injection...
Affected productsExternal IDs
vendor: siemens model: automation license manager
db: NVD ids: CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - BEKER

Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630

Trust: 4.75

Fetched: Feb. 10, 2023, 11:24 a.m., Published: Feb. 9, 2023, 2:09 p.m.
 Vulnerabilities: information disclosure, code execution, command injection...
Affected productsExternal IDs
vendor: siemens model: automation license manager
db: NVD ids: CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

Realtek の脆弱性 CVE-2021-35394:IoT サプライチェーン 1.4 億のデバイスに危機 - IoT OT Security News

Trust: 3.75

Fetched: Feb. 10, 2023, 11:23 a.m., Published: Jan. 29, 2023, 6:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2021-35394

The Internet of Everything: A Security and Forensics Look At Future Digital Forensics and Cyber Crime Scenarios | Frontiers Research Topic

Trust: 3.0

Fetched: Feb. 10, 2023, 11:22 a.m., Published: Jan. 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - Access Point Technology

Trust: 3.75

Fetched: Feb. 10, 2023, 11:22 a.m., Published: Feb. 1, 2023, 2:42 a.m.
 Vulnerabilities: injection attack, sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware - Security & Privacy News - Nsane Forums

Trust: 4.75

Fetched: Feb. 10, 2023, 11:22 a.m., Published: Feb. 2, 2023, 5:35 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: qnap model: photo station
db: NVD ids: CVE-2022-27596, CVE-2022-27593

QNAP NAS Critical Vulnerability Let Attacker Inject Arbitrary Code

Trust: 4.75

Fetched: Feb. 10, 2023, 11:21 a.m., Published: Feb. 1, 2023, 5:13 p.m.
 Vulnerabilities: injection attack, sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Security Advisory - Unauthorized device timestamp modification vulnerability exists in some Dahua embedded products

Trust: 3.75

Fetched: Feb. 10, 2023, 11:16 a.m., Published: May 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dahua model: sd5a
vendor: dahuasecurity model: sd5a
db: NVD ids: CVE-2022-30564

Organizations Warned of Critical Vulnerability in Backstage Developer Portal Platform - SecurityWeek

Trust: 5.75

Fetched: Feb. 10, 2023, 11:16 a.m., Published: Nov. 15, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2022-36067

Snap One Wattbox WB-300-IP-3 | CISA

Trust: 4.75

Fetched: Feb. 10, 2023, 11:16 a.m., Published: -
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-23582, CVE-2023-22315, CVE-2023-22389, CVE-2023-24020

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek

Trust: 3.75

Fetched: Feb. 10, 2023, 11:15 a.m., Published: Feb. 9, 2023, 12:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dahua security model: camera
vendor: dahua model: camera
db: NVD ids: CVE-2022-30564

Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 5.75

Fetched: Feb. 10, 2023, 11:15 a.m., Published: Jan. 11, 2023, 11:13 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: simatic
db: NVD ids: CVE-2022-38773