VARIoT latest news about IoT security

Potential Threats to Building Automation Systems \| TXOne Networks Trust: 4.25 Fetched: Jan. 22, 2023, 9:12 a.m., Published: Dec. 27, 2022, 8:51 a.m.	Vulnerabilities: denial of service, privilege escalation

Affected products

External IDs

vendor:	belkin	model:	router
vendor:	nest	model:	learning thermostat
vendor:	trend	model:	security

New Bluetooth vulnerability could break privacy Trust: 3.0 Fetched: Jan. 22, 2023, 9:11 a.m., Published: Nov. 25, 2022, midnight	Vulnerabilities: replay attack

Affected products	External IDs

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks Related entries in the VARIoT vulnerabilities database: VAR-202209-1931 Trust: 4.25 Fetched: Jan. 22, 2023, 9:10 a.m., Published: -	Vulnerabilities: authentication bypass, sql injection, code injection...

Affected products

External IDs

vendor:	sophos	model:	xg firewall
vendor:	sophos	model:	firewall
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2022-1040, CVE-2022-3236

Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products Trust: 3.75 Fetched: Jan. 22, 2023, 9:09 a.m., Published: Jan. 4, 2023, 11:28 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	synology	model:	synology router manager
vendor:	synology	model:	router manager

db:

NVD

ids:

CVE-2021-28799, CVE-2022-43931

Top 10 Hardware Vulnerabilities MSPs Should Watch Out For Trust: 3.75 Fetched: Jan. 22, 2023, 9:09 a.m., Published: Dec. 13, 2022, 5:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Synology Issues Patch for Severe VPN Plus Server Vulnerability \| NetZone Technologies Trust: 5.5 Fetched: Jan. 20, 2023, 9:30 a.m., Published: -	Vulnerabilities: command injection, command execution, injection attack

Affected products

External IDs

vendor:	synology	model:	router manager
vendor:	synology	model:	synology router manager

db:

NVD

ids:

CVE-2022-43931

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 4.25 Fetched: Jan. 20, 2023, 9:29 a.m., Published: Jan. 12, 2023, 1 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

simatic

db:

NVD

ids:

CVE-2022-38773

OS command injection vulnerabilities (Part 3) - ITZone Trust: 3.5 Fetched: Jan. 20, 2023, 9:25 a.m., Published: Jan. 17, 2023, 7:01 a.m.	Vulnerabilities: os command injection, command injection, command execution

Affected products	External IDs

Cisco Issues Warning on Security Flaws in Routers \| LanSource, Inc. Trust: 3.0 Fetched: Jan. 20, 2023, 9:24 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	rv082
vendor:	cisco	model:	small business
vendor:	cisco	model:	rv042g
vendor:	cisco	model:	rv016
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv042

First Security Updates from SAP for 2023 Fix Critical Vulnerabilities Trust: 3.75 Fetched: Jan. 20, 2023, 9:23 a.m., Published: Jan. 12, 2023, 2:11 p.m.	Vulnerabilities: sql injection, code injection

Affected products	External IDs

Cisco Issues Warning on Security Flaws in Routers \| MG\|Computer, Inc. Trust: 3.0 Fetched: Jan. 20, 2023, 9:23 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	rv082
vendor:	cisco	model:	small business
vendor:	cisco	model:	rv042g
vendor:	cisco	model:	rv016
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv042

Has adoption of “connected devices” outpaced security? - Techgoondu Techgoondu Trust: 3.0 Fetched: Jan. 20, 2023, 9:22 a.m., Published: Jan. 19, 2023, 10:39 a.m.	Vulnerabilities: -

Affected products	External IDs

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks \| Vumetric Cyber Portal Related entries in the VARIoT vulnerabilities database: VAR-202209-1931 Trust: 6.0 Fetched: Jan. 20, 2023, 9:22 a.m., Published: Jan. 20, 2023, midnight	Vulnerabilities: code execution, authentication bypass, code injection

Affected products

External IDs

vendor:

sophos

model:

firewall

db:

NVD

ids:

CVE-2022-3236

The prevalence of RCE exploits and what you should know about RCEs \| Tripwire Trust: 4.5 Fetched: Jan. 20, 2023, 9:21 a.m., Published: Jan. 17, 2023, midnight	Vulnerabilities: improper access control, code execution, privilege escalation...

Affected products

External IDs

vendor:

imperva

model:

web application firewall

Cisco CX Cloud Agent Privilege Escalation Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202301-1328, VAR-202301-1814 Trust: 5.25 Fetched: Jan. 20, 2023, 9:20 a.m., Published: Jan. 11, 2023, 3:47 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20043, CVE-2023-20044

Hackers are using device monitoring software Cacti to install malware \| TechRadar Trust: 5.0 Fetched: Jan. 20, 2023, 9:19 a.m., Published: Jan. 17, 2023, 7 p.m.	Vulnerabilities: command injection, denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2022-46169

Vulnerability Management Standard \| Office of the Vice Chancellor for IT and Chief Information Officer \| University of Colorado Boulder Trust: 3.0 Fetched: Jan. 20, 2023, 9:18 a.m., Published: Nov. 18, 2022, 12:52 a.m.	Vulnerabilities: denial of service

Affected products	External IDs

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202212-1313, VAR-202212-1311, VAR-202212-1314, VAR-202212-1312 Trust: 4.75 Fetched: Jan. 20, 2023, 9:18 a.m., Published: Jan. 13, 2023, midnight	Vulnerabilities: improper validation, denial of service

Affected products

External IDs

vendor:	siemens	model:	simatic s7-1500 software controller
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	simatic s7-plcsim
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	simatic s7-plcsim advanced
vendor:	siemens	model:	tim 1531 irc
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	simatic drive controller family
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic et
vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	simatic s7-1200

db:

NVD

ids:

CVE-2021-40365, CVE-2021-44693, CVE-2021-44695, CVE-2021-44694

Apple iOS < 16.1.2 Vulnerability (HT213516) \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 4.25 Fetched: Jan. 20, 2023, 9:18 a.m., Published: Jan. 16, 2002, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone_os

db:

NVD

ids:

CVE-2022-42856

Hacker Fails for the Win Trust: 3.0 Fetched: Jan. 20, 2023, 9:17 a.m., Published: Dec. 8, 2022, 1:55 a.m.	Vulnerabilities: buffer overflow

Affected products	External IDs

VARIoT news about IoT security