VARIoT latest news about IoT security

ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities \| SecurityWeek.Com Trust: 4.5 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: path traversal, denial of service, code execution...

Affected products

External IDs

vendor:	siemens	model:	siprotec
vendor:	siemens	model:	sinec nms
vendor:	siemens	model:	scalance
vendor:	siemens	model:	desigo cc
vendor:	siemens	model:	teamcenter
vendor:	siemens	model:	ruggedcom
vendor:	siemens	model:	sinema remote connect server
vendor:	siemens	model:	siprotec 5
vendor:	siemens	model:	simatic
vendor:	siemens	model:	sinema remote connect
vendor:	siemens	model:	sinema server
vendor:	siemens	model:	simatic net
vendor:	schneider	model:	scadapack
vendor:	schneider	model:	ecostruxure control expert
vendor:	schneider	model:	modicon m340 plc
vendor:	schneider	model:	m340 plc
vendor:	schneider	model:	modicon m340
vendor:	schneider	model:	m340
vendor:	schneider	model:	control expert
vendor:	schneider	model:	struxureware data center expert
vendor:	schneider	model:	struxureware data center
vendor:	schneider electric	model:	scadapack
vendor:	schneider electric	model:	ecostruxure control expert
vendor:	schneider electric	model:	modicon m340 plc
vendor:	schneider electric	model:	m340 plc
vendor:	schneider electric	model:	modicon m340
vendor:	schneider electric	model:	m340
vendor:	schneider electric	model:	control expert
vendor:	schneider electric	model:	struxureware data center expert
vendor:	schneider electric	model:	struxureware data center

NVD - CVE-2021-40825 Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-40825

Vulnerability Assessment \| Vulnerability Assessment Tool - ManageEngine Vulnerability Manager Plus Trust: 3.75 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

trend

model:

security

Message: "At Risk: Your Vulnerability Protection definitions are not up-to-date. Your Mac may be at risk." Trust: 3.25 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Researcher Releases Updated 0-Day Vulnerability for Windows Systems after Patch Tuesday Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379

Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202108-2172, VAR-202108-1057 Trust: 3.25 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 14, 2022, 8:53 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-30858, CVE-2021-30860

xorl %eax, %eax Trust: 3.5 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	trend	model:	security
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	google	model:	android
vendor:	google	model:	chrome

Device Health Checker Services - Apps on Google Play Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

oneplus

model:

oneplus

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Product Security \| Axis Communications Trust: 3.75 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	axis communications	model:	axis
vendor:	axis communications	model:	communications
vendor:	axis	model:	axis
vendor:	axis	model:	communications

db:

NVD

ids:

CVE-2021-31986, CVE-2021-31987, CVE-2021-31988

No vulnerabilities found on device Vulnerability tab Trust: 3.25 Fetched: Jan. 18, 2022, 11:54 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

novell

model:

zenworks

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Research finds some medical devices vulnerable to hackers Trust: 3.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Sept. 18, 2021, 11:06 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

The DirTeam.com / ActiveDir.org Weblogs - Trust: 4.0 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Jan. 15, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-21907, CVE-2022-21857

FireEye, CISA Warn of Critical IoT Device Vulnerability Trust: 3.75 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Jan. 17, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

watch

db:

NVD

ids:

CVE-2021-28372

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits \| AT&T Alien Labs Related entries in the VARIoT vulnerabilities database: VAR-202003-0363, VAR-202007-1256, VAR-201805-0263, VAR-201403-0306, VAR-201612-0015, VAR-202002-1447, VAR-202001-0633, VAR-201805-0262, VAR-201905-0651, VAR-202007-0064, VAR-201502-0201, VAR-201702-0952, VAR-202003-1707, VAR-201704-0303, VAR-201703-1017, VAR-201311-0288 Trust: 4.5 Fetched: Jan. 18, 2022, 11:53 a.m., Published: Nov. 18, 2021, midnight	Vulnerabilities: authentication bypass, command injection

Affected products

External IDs

vendor:	zyxel	model:	nas520
vendor:	zyxel	model:	nsa320
vendor:	zyxel	model:	p660hn-t1a v1
vendor:	zyxel	model:	nsa221
vendor:	zyxel	model:	nsa210
vendor:	zyxel	model:	nsa220
vendor:	zyxel	model:	nsa310
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	nsa325
vendor:	zyxel	model:	nsa325v2
vendor:	zyxel	model:	nsa310s
vendor:	zyxel	model:	nsa320s
vendor:	zyxel	model:	nas540
vendor:	totolink	model:	a702r
vendor:	totolink	model:	n300rt
vendor:	totolink	model:	a3002ru
vendor:	totolink	model:	n150rt
vendor:	d-link	model:	dir-645
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-610
vendor:	d-link	model:	dsl-2760u
vendor:	d-link	model:	d-link dir-610
vendor:	d-link	model:	dcs-930l
vendor:	xiongmai	model:	uc-httpd
vendor:	google	model:	home
vendor:	wireshark	model:	wireshark
vendor:	rising	model:	antivirus
vendor:	realtek	model:	realtek sdk
vendor:	netgear	model:	r7000
vendor:	netgear	model:	wn604
vendor:	netgear	model:	d6220
vendor:	netgear	model:	r8000
vendor:	netgear	model:	wndap350
vendor:	netgear	model:	r6400
vendor:	netgear	model:	router
vendor:	netgear	model:	wndap360
vendor:	netgear	model:	dgn2200
vendor:	netgear	model:	r7900
vendor:	netgear	model:	wn802tv2
vendor:	netgear	model:	r6250
vendor:	netgear	model:	netgear wn604
vendor:	netgear	model:	d6400
vendor:	netgear	model:	wnap320
vendor:	netgear	model:	wnap210v2
vendor:	netgear	model:	r6700
vendor:	netgear	model:	wndap660
vendor:	netgear	model:	r7300dst
vendor:	netgear	model:	r7100lg
vendor:	netgear	model:	d7000
vendor:	netgear	model:	r6900
vendor:	comtrend	model:	vr-3033
vendor:	comtrend	model:	vr-3033 de11-416ssg-c01_r02.a2pvi042j1.d26m
vendor:	draytek	model:	vigor300b
vendor:	draytek	model:	vigor3900
vendor:	draytek	model:	routers
vendor:	draytek	model:	vigor2960
vendor:	draytek	model:	vigor3900 1.4.4_beta
vendor:	draytek	model:	vigor2960 1.3.1_beta
vendor:	draytek	model:	vigor300b 1.3.3_beta
vendor:	tenda	model:	ac15
vendor:	tenda	model:	router
vendor:	tenda	model:	ac15 ac1900

db:

NVD

ids:

CVE-2020-10173, CVE-2020-9377, CVE-2018-10562, CVE-2017-18362, CVE-2014-2321, CVE-2016-11021, CVE-2020-8958, CVE-2016-6277, CVE-2020-8515, CVE-2019-19824, CVE-2018-10561, CVE-2017-18368, CVE-2013-3307, CVE-2020-10987, CVE-2018-10088, CVE-2015-2051, CVE-2017-6077, CVE-2020-9054, CVE-2019-6277, CVE-2016-1555, CVE-2017-6334, CVE-2013-5223

VARIoT news about IoT security