VARIoT latest news about IoT security

Thousands of Sophos Firewall devices at risk of RCE attacks \| SC Media Trust: 3.25 Fetched: Feb. 12, 2023, 9:11 a.m., Published: Jan. 18, 2023, 6:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

sophos

model:

firewall

Siemens S7-1500 CPU devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 3.5 Fetched: Feb. 12, 2023, 9:10 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	cpu 1512sp-1 pn
vendor:	siemens	model:	cpu 1515t-2 pn
vendor:	siemens	model:	cpu 1515-2
vendor:	siemens	model:	simatic s7-1500 cpu 1512c
vendor:	siemens	model:	cpu 1513pro f-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1513f-1 pn
vendor:	siemens	model:	cpu 1513r-1 pn
vendor:	siemens	model:	cpu 1515tf-2 pn
vendor:	siemens	model:	cpu 1516f-3
vendor:	siemens	model:	cpu 1513f-1 pn
vendor:	siemens	model:	cpu 1516pro-2 pn
vendor:	siemens	model:	cpu 1511c-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1516-3 pn
vendor:	siemens	model:	cpu 1512sp f-1 pn
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-1500 cpu 1518-4 pn
vendor:	siemens	model:	cpu 1515f-2
vendor:	siemens	model:	simatic s7-1500 cpu 1518
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	simatic s7-1500 cpu 1511f-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511-1 pn
vendor:	siemens	model:	cpu 1507d tf
vendor:	siemens	model:	cpu 1516pro f-2 pn
vendor:	siemens	model:	cpu 1513-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515f-2 pn
vendor:	siemens	model:	cpu 1504d tf
vendor:	siemens	model:	simatic
vendor:	siemens	model:	cpu 1512c-1 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1511c
vendor:	siemens	model:	cpu 1515r-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1515-2 pn
vendor:	siemens	model:	simatic s7-1500 cpu 1513-1 pn
vendor:	siemens	model:	cpu 1516-3
vendor:	siemens	model:	simatic s7-1500 cpu 1517-3 pn
vendor:	siemens	model:	s7-1500 cpu

db:

NVD

ids:

CVE-2022-38773

Lazarus campaign exploits unpatched Zimbra devices, targets medical data \| SC Media Trust: 3.0 Fetched: Feb. 12, 2023, 9:10 a.m., Published: Feb. 2, 2023, 6:18 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41352

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - AI Home Security Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630 Trust: 4.75 Fetched: Feb. 10, 2023, 11:25 a.m., Published: Feb. 9, 2023, 9:31 p.m.	Vulnerabilities: information disclosure, code execution, command injection...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - securityenews Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630 Trust: 4.75 Fetched: Feb. 10, 2023, 11:24 a.m., Published: Feb. 9, 2023, 2:40 p.m.	Vulnerabilities: information disclosure, code execution, command injection...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - BEKER Related entries in the VARIoT vulnerabilities database: VAR-202301-0629, VAR-202301-0630 Trust: 4.75 Fetched: Feb. 10, 2023, 11:24 a.m., Published: Feb. 9, 2023, 2:09 p.m.	Vulnerabilities: information disclosure, code execution, command injection...

Affected products

External IDs

vendor:

siemens

model:

automation license manager

db:

NVD

ids:

CVE-2022-43514, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-46650, CVE-2022-41607, CVE-2022-43513

Realtek の脆弱性 CVE-2021-35394：IoT サプライチェーン 1.4 億のデバイスに危機 - IoT OT Security News Trust: 3.75 Fetched: Feb. 10, 2023, 11:23 a.m., Published: Jan. 29, 2023, 6:12 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	asus	model:	asus
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2021-35394

The Internet of Everything: A Security and Forensics Look At Future Digital Forensics and Cyber Crime Scenarios \| Frontiers Research Topic Trust: 3.0 Fetched: Feb. 10, 2023, 11:22 a.m., Published: Jan. 16, 2023, midnight	Vulnerabilities: -

Affected products	External IDs

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - Access Point Technology Trust: 3.75 Fetched: Feb. 10, 2023, 11:22 a.m., Published: Feb. 1, 2023, 2:42 a.m.	Vulnerabilities: injection attack, sql injection, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware - Security & Privacy News - Nsane Forums Trust: 4.75 Fetched: Feb. 10, 2023, 11:22 a.m., Published: Feb. 2, 2023, 5:35 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:

qnap

model:

photo station

db:

NVD

ids:

CVE-2022-27596, CVE-2022-27593

QNAP NAS Critical Vulnerability Let Attacker Inject Arbitrary Code Trust: 4.75 Fetched: Feb. 10, 2023, 11:21 a.m., Published: Feb. 1, 2023, 5:13 p.m.	Vulnerabilities: injection attack, sql injection, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Security Advisory - Unauthorized device timestamp modification vulnerability exists in some Dahua embedded products Trust: 3.75 Fetched: Feb. 10, 2023, 11:16 a.m., Published: May 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dahua	model:	sd5a
vendor:	dahuasecurity	model:	sd5a

db:

NVD

ids:

CVE-2022-30564

Organizations Warned of Critical Vulnerability in Backstage Developer Portal Platform - SecurityWeek Trust: 5.75 Fetched: Feb. 10, 2023, 11:16 a.m., Published: Nov. 15, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	node.js	model:	node.js
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2022-36067

Snap One Wattbox WB-300-IP-3 \| CISA Trust: 4.75 Fetched: Feb. 10, 2023, 11:16 a.m., Published: -	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-23582, CVE-2023-22315, CVE-2023-22389, CVE-2023-24020

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek Trust: 3.75 Fetched: Feb. 10, 2023, 11:15 a.m., Published: Feb. 9, 2023, 12:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	dahua security	model:	camera
vendor:	dahua	model:	camera

db:

NVD

ids:

CVE-2022-30564

Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 5.75 Fetched: Feb. 10, 2023, 11:15 a.m., Published: Jan. 11, 2023, 11:13 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

siemens

model:

simatic

db:

NVD

ids:

CVE-2022-38773

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202211-0550, VAR-202211-1257 Trust: 4.5 Fetched: Feb. 10, 2023, 11:15 a.m., Published: Nov. 11, 2022, 10:26 a.m.	Vulnerabilities: improper memory management, default credentials, cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower management center
vendor:	citrix	model:	gateway

db:

NVD

ids:

CVE-2022-20927, CVE-2022-20946

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center: Software Vulnerability Information: Software: Hitachi Trust: 3.75 Fetched: Feb. 10, 2023, 11:14 a.m., Published: Oct. 6, 2001, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	hitachi	model:	tuning manager
vendor:	hitachi	model:	ops center common services
vendor:	hitachi	model:	device manager
vendor:	hitachi	model:	ops center analyzer viewpoint
vendor:	hitachi	model:	hitachi ops center common services
vendor:	hitachi	model:	hitachi ops center analyzer viewpoint
vendor:	hitachi	model:	hitachi tuning manager
vendor:	hitachi	model:	hitachi global link manager
vendor:	hitachi	model:	hitachi tiered storage manager
vendor:	hitachi	model:	global link manager
vendor:	hitachi	model:	hitachi infrastructure analytics advisor
vendor:	hitachi	model:	hitachi compute systems manager
vendor:	hitachi	model:	compute systems manager
vendor:	hitachi	model:	hitachi device manager
vendor:	hitachi	model:	hitachi replication manager
vendor:	hitachi	model:	replication manager
vendor:	hitachi	model:	tiered storage manager

db:

NVD

ids:

CVE-2023-21830, CVE-2023-21843, CVE-2023-21835

Cisco Email Security Appliance URL Filtering Bypass Vulnerability Trust: 3.0 Fetched: Feb. 10, 2023, 11:14 a.m., Published: Jan. 18, 2023, 3:55 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	cisco email security appliance

Apple Patches Exploited iOS Vulnerability in Old iPhones - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 5.75 Fetched: Feb. 10, 2023, 11:14 a.m., Published: Jan. 24, 2023, 3:59 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	tvos
vendor:	apple	model:	macos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-42856

VARIoT news about IoT security