VARIoT latest news about IoT security

Forescout’s Vedere Labs Discloses Three New Vulnerabilities Affecting OT Products \| UAE News 24/7 Related entries in the VARIoT vulnerabilities database: VAR-201501-0401 Trust: 4.5 Fetched: Dec. 7, 2022, 9:22 a.m., Published: Dec. 6, 2022, 1:25 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	codesys	model:	control
vendor:	codesys	model:	codesys
vendor:	codesys	model:	runtime

db:

NVD

ids:

CVE-2022-31806, CVE-2022-3079, CVE-2014-9195, CVE-2022-3270, CVE-2022-22515, CVE-2022-31896, CVE-2022-4048

Google says Google should do a better job of patching Android phones \| Ars Technica Trust: 4.5 Fetched: Dec. 7, 2022, 9:22 a.m., Published: Nov. 28, 2022, 6:23 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	samsung	model:	exynos
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2022-36449

Smart inverters’ vulnerability to cyberattack \| EurekAlert! Trust: 3.0 Fetched: Dec. 7, 2022, 9:21 a.m., Published: Nov. 29, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

What Project Memoria Foretold about TCP/IP Security and Supply Chain Vulnerabilities - Security Boulevard Trust: 3.75 Fetched: Dec. 7, 2022, 9:21 a.m., Published: Dec. 6, 2022, noon	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2020-7461, CVE-2020-11899

URGENT/11 vulnerabilities in VxWorks OS impact over 2 billion IoT devices - Latest Digital Transformation Trends \| Cloud News \| Wire19 Related entries in the VARIoT vulnerabilities database: VAR-201908-0712, VAR-201908-0702, VAR-201908-0714, VAR-201908-0713, VAR-201908-0701, VAR-201908-0715, VAR-201908-0706, VAR-201908-0705, VAR-201908-0699, VAR-201908-0703, VAR-201908-0704 Trust: 4.0 Fetched: Dec. 7, 2022, 9:19 a.m., Published: July 30, 2019, midnight	Vulnerabilities: information leak

Affected products

External IDs

db:

NVD

ids:

CVE-2019-12255, CVE-2019-12261, CVE-2019-12257, CVE-2019-12256, CVE-2019-12260, CVE-2019-12258, CVE-2019-12265, CVE-2019-12264, CVE-2019-12259, CVE-2019-12262, CVE-2019-12263

Vulnerability Summary for the Week of November 21, 2022 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202211-1389, VAR-202211-1344, VAR-202211-1392, VAR-202211-1418, VAR-202211-1287, VAR-202211-1487, VAR-202211-1361, VAR-202211-1815, VAR-202211-1497, VAR-202211-1527, VAR-202211-1688, VAR-202210-1070, VAR-202211-1796, VAR-202211-1567, VAR-202211-1634, VAR-202211-1393, VAR-202211-1362, VAR-202211-1417, VAR-202211-1323, VAR-202210-0997, VAR-202211-1363, VAR-202211-1593, VAR-202211-1777, VAR-202209-0222 Trust: 5.25 Fetched: Dec. 7, 2022, 9:16 a.m., Published: Nov. 21, 2022, midnight	Vulnerabilities: access control issue, improper access control, file upload vulnerability...

Affected products

External IDs

vendor:	bouncy castle	model:	bouncy castle
vendor:	bouncy castle	model:	fips java api
vendor:	schneider_electric	model:	modicon quantum
vendor:	schneider_electric	model:	m580
vendor:	schneider_electric	model:	modicon m580
vendor:	schneider_electric	model:	modicon m340
vendor:	schneider_electric	model:	bmxnoe0100
vendor:	schneider_electric	model:	bmxnoe0110
vendor:	schneider_electric	model:	modbus
vendor:	schneider_electric	model:	bmxnor0200h
vendor:	schneider_electric	model:	premium
vendor:	schneider_electric	model:	monitor pro
vendor:	schneider_electric	model:	m340 cpus
vendor:	schneider_electric	model:	monitor
vendor:	schneider_electric	model:	m340
vendor:	mitsubishi electric corporation	model:	gt27 model
vendor:	mitsubishi electric corporation	model:	gt23 model
vendor:	mitsubishi electric corporation	model:	gt25 model
vendor:	tenda	model:	ac18
vendor:	google	model:	wifi
vendor:	google	model:	chrome
vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	epson	model:	print
vendor:	epson	model:	connect
vendor:	epson	model:	webconfig
vendor:	mitsubishi	model:	gt27 model
vendor:	mitsubishi	model:	gt23 model
vendor:	mitsubishi	model:	gt25 model
vendor:	mitsubishi_electric	model:	gt27 model
vendor:	mitsubishi_electric	model:	gt23 model
vendor:	mitsubishi_electric	model:	gt25 model
vendor:	mitsubishi electric	model:	gt27 model
vendor:	mitsubishi electric	model:	gt23 model
vendor:	mitsubishi electric	model:	gt25 model
vendor:	hitachi	model:	web server
vendor:	zoho	model:	manageengine servicedesk plus

db:

NVD

ids:

CVE-2022-41157, CVE-2022-4136, CVE-2022-29829, CVE-2022-45872, CVE-2022-41712, CVE-2022-41924, CVE-2022-41925, CVE-2022-33012, CVE-2022-37931, CVE-2022-38166, CVE-2022-43213, CVE-2022-38114, CVE-2022-29830, CVE-2022-43212, CVE-2022-3500, CVE-2022-45476, CVE-2022-35407, CVE-2022-41937, CVE-2022-44859, CVE-2022-0222, CVE-2022-37301, CVE-2022-45207, CVE-2022-41705, CVE-2022-3388, CVE-2022-41958, CVE-2022-30257, CVE-2022-23044, CVE-2022-45886, CVE-2022-30258, CVE-2022-44183, CVE-2022-38767, CVE-2022-35500, CVE-2022-41935, CVE-2022-29828, CVE-2022-38813, CVE-2022-45909, CVE-2022-45908, CVE-2022-39331, CVE-2022-44178, CVE-2022-40771, CVE-2022-45037, CVE-2022-43984, CVE-2022-4087, CVE-2022-41131, CVE-2022-44858, CVE-2022-4135, CVE-2022-36179, CVE-2022-41954, CVE-2022-41928, CVE-2022-45888, CVE-2022-38145, CVE-2022-41929, CVE-2022-36337, CVE-2022-36227, CVE-2022-39332, CVE-2022-44175, CVE-2022-44176, CVE-2022-44748, CVE-2022-45866, CVE-2022-44278, CVE-2022-4088, CVE-2022-38147, CVE-2022-44843, CVE-2022-37720, CVE-2022-35501, CVE-2022-40772, CVE-2022-45907, CVE-2022-36180, CVE-2022-39067, CVE-2022-29825, CVE-2022-41946, CVE-2022-39066, CVE-2022-2721, CVE-2022-41931, CVE-2022-2650, CVE-2022-45039, CVE-2022-45036, CVE-2022-39397, CVE-2022-29833, CVE-2009-1143, CVE-2022-41936, CVE-2022-44860, CVE-2022-41933, CVE-2022-43196, CVE-2022-4068, CVE-2022-44280, CVE-2022-41706, CVE-2022-44117, CVE-2022-40954, CVE-2022-45152, CVE-2022-44844, CVE-2022-42095, CVE-2022-39334, CVE-2022-44120, CVE-2022-41934, CVE-2022-40304, CVE-2022-26885, CVE-2022-4089, CVE-2022-29832, CVE-2022-36133, CVE-2022-41156, CVE-2022-2513, CVE-2022-41932, CVE-2022-39070, CVE-2022-41158, CVE-2022-44140, CVE-2022-45205, CVE-2022-40266, CVE-2022-44171, CVE-2022-44789, CVE-2022-37429, CVE-2022-4091, CVE-2022-3861, CVE-2022-41875, CVE-2022-45363, CVE-2022-43983, CVE-2022-45163, CVE-2022-40189, CVE-2022-39338, CVE-2022-37421, CVE-2022-41923, CVE-2022-37430, CVE-2022-4090, CVE-2022-38724, CVE-2022-44411, CVE-2022-45040, CVE-2022-44118, CVE-2022-30529, CVE-2022-24999, CVE-2021-35246, CVE-2022-23740, CVE-2022-44177, CVE-2021-29334, CVE-2022-45276, CVE-2022-41446, CVE-2022-44172, CVE-2022-39339, CVE-2022-44174, CVE-2022-45280, CVE-2022-45873, CVE-2022-35897, CVE-2009-1142, CVE-2022-45038, CVE-2022-45210, CVE-2022-39325, CVE-2022-40303, CVE-2022-45884, CVE-2022-29827, CVE-2022-0698, CVE-2022-41926, CVE-2021-43258, CVE-2022-44180, CVE-2022-39333, CVE-2022-44737, CVE-2022-4141, CVE-2022-38113, CVE-2022-45278, CVE-2022-45887, CVE-2022-44749, CVE-2022-41922, CVE-2022-41927, CVE-2022-45885, CVE-2021-35284, CVE-2022-41945, CVE-2022-40282, CVE-2022-38377, CVE-2022-38649, CVE-2022-25164, CVE-2022-38115, CVE-2022-29831, CVE-2022-45475, CVE-2022-45206, CVE-2022-29826, CVE-2022-45868, CVE-2022-39346, CVE-2022-45218, CVE-2022-37721, CVE-2022-43751, CVE-2022-45225, CVE-2022-39833, CVE-2022-45208, CVE-2022-45146, CVE-2022-40770, CVE-2022-41930

Eufy Security Vulnerabilities: How Many Households Might Be Affected? - CUJO AI Trust: 3.0 Fetched: Dec. 7, 2022, 9:16 a.m., Published: Dec. 2, 2022, 12:43 p.m.	Vulnerabilities: -

Affected products	External IDs

Address medical device vulnerabilities to protect healthcare system cybersecurity Trust: 3.0 Fetched: Dec. 7, 2022, 9:15 a.m., Published: Dec. 6, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network Trust: 3.0 Fetched: Dec. 7, 2022, 9:15 a.m., Published: Dec. 7, 2022, 4:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

d-link

model:

dns-320

The State of TCP/IP Security: What Project Memoria Foretold - Forescout Trust: 3.75 Fetched: Dec. 7, 2022, 9:14 a.m., Published: Dec. 6, 2022, noon	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2020-7461, CVE-2020-11899

Samsung December 2022 security update: Eligible devices, vulnerabilities fixed and more - Times of India Trust: 3.0 Fetched: Dec. 7, 2022, 9:13 a.m., Published: Dec. 7, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

galaxy

Remote Code Execution Vulnerabilities Found in F5 Products \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202211-1139, VAR-202211-1118 Trust: 4.0 Fetched: Dec. 7, 2022, 9:13 a.m., Published: Dec. 7, 2022, midnight	Vulnerabilities: privilege escalation, request forgery, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41622, CVE-2022-41800

CyRC Vulnerability Advisory: Remote code execution vulnerabilities in mouse and keyboard apps \| Synopsys Trust: 4.5 Fetched: Dec. 7, 2022, 9:12 a.m., Published: Nov. 30, 2022, 1 p.m.	Vulnerabilities: weak password, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-45477, CVE-2022-45480, CVE-2022-45482, CVE-2022-45483, CVE-2022-45479, CVE-2022-45481, CVE-2022-45478

November-2022-Huawei Phone/Tablet Security Bulletins-Updates-HarmonyOSDevice Related entries in the VARIoT vulnerabilities database: VAR-202210-0355 Trust: 3.75 Fetched: Dec. 7, 2022, 9:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

huawei

model:

huawei

db:

NVD

ids:

CVE-2022-20271, CVE-2022-20268, CVE-2022-20399, CVE-2022-25666, CVE-2022-20413, CVE-2022-20341, CVE-2021-0986, CVE-2021-0645, CVE-2022-25664, CVE-2021-0975, CVE-2022-20278, CVE-2022-20292, CVE-2021-39758, CVE-2022-20297, CVE-2022-20324, CVE-2022-20412, CVE-2022-20274, CVE-2022-20423, CVE-2022-20290, CVE-2022-20415, CVE-2022-20421, CVE-2022-25720, CVE-2022-20422, CVE-2022-20302, CVE-2022-20272

How Axonius Customers Can Identify Assets Impacted by OpenSSL Vulnerability CVE-2022-3786 and CVE-2022-3602 Trust: 4.75 Fetched: Dec. 7, 2022, 9:11 a.m., Published: Oct. 31, 2022, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-3786, CVE-2022-3602

Anker's Eufy Security Camera Vulnerabilities Trust: 6.0 Fetched: Dec. 6, 2022, 9:21 a.m., Published: Dec. 5, 2022, 1:21 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2022-29504, CVE-2022-29503

Smart inverters’ vulnerability to cyberattacks needs to be identified and countered, according to Concordia researchers - Concordia University Trust: 3.0 Fetched: Dec. 6, 2022, 9:21 a.m., Published: Nov. 29, 2022, 9:51 a.m.	Vulnerabilities: -

Affected products	External IDs

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Trust: 5.0 Fetched: Dec. 6, 2022, 9:20 a.m., Published: Dec. 29, 2022, midnight	Vulnerabilities: code execution, buffer overrun, denial of service...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-42260, CVE-2022-34671, CVE-2022-34669, CVE-2022-34672, CVE-2022-34670, CVE-2022-42261

The FBI Warns of Top Critical Vulnerabilities for Businesses - Alliant Cybersecurity Trust: 3.75 Fetched: Dec. 6, 2022, 9:20 a.m., Published: -	Vulnerabilities: privilege escalation, feature bypass, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41049, CVE-2022-4135, CVE-2021-35587, CVE-2022-41091, CVE-2022-41073

All Android devices are in danger… A new vulnerability has emerged \| Daily News GO Trust: 3.0 Fetched: Dec. 6, 2022, 9:19 a.m., Published: Dec. 6, 2022, 5:54 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

VARIoT news about IoT security