VARIoT latest news about IoT security

New botnet targets network security devices with critical exploits Related entries in the VARIoT vulnerabilities database: VAR-202102-0290, VAR-202002-0403, VAR-202010-0585 Trust: 5.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: -	Vulnerabilities: command injection, command execution, code execution...

Affected products

External IDs

vendor:	sonicwall	model:	ssl-vpn
vendor:	sonicwall	model:	sonicwall ssl-vpn
vendor:	netgear	model:	prosafe
vendor:	netgear	model:	router
vendor:	netis	model:	wf2419
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	networks
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	router

db:

NVD

ids:

CVE-2021-27561, CVE-2021-22502, CVE-2020-25506, CVE-2021-27562, CVE-2019-19356, CVE-2020-26919

'BadAlloc' vulnerabilities spell trouble for IoT, OT devices Trust: 4.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: May 6, 2021, midnight	Vulnerabilities: integer overflow, code execution, system crash

Affected products

External IDs

vendor:

mbed

model:

mbed

db:

NVD

ids:

CVE-2021-3420

CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager - Blog \| Tenable® Trust: 3.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: -	Vulnerabilities: command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2020-6927, CVE-2020-6925, CVE-2020-6926

Threat actors start attacking F5 devices using recent vulnerability - The Record by Recorded Future Related entries in the VARIoT vulnerabilities database: VAR-202007-1393, VAR-202103-0654 Trust: 4.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: -	Vulnerabilities: command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2020-5902, CVE-2021-22986

Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability Trust: 3.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Sept. 22, 2021, 3:48 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios

Siemens SIMATIC HMI Devices Vulnerabilities (Update E) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201504-0031, VAR-201504-0235, VAR-201504-0234 Trust: 4.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: -	Vulnerabilities: resource exhaustion

Affected products

External IDs

vendor:	siemens	model:	simatic net pc-software
vendor:	siemens	model:	wincc runtime advanced
vendor:	siemens	model:	siemens simatic hmi
vendor:	siemens	model:	simatic pcs 7
vendor:	siemens	model:	simatic wincc runtime advanced
vendor:	siemens	model:	simatic net
vendor:	siemens	model:	simatic wincc runtime professional
vendor:	siemens	model:	wincc
vendor:	siemens	model:	simatic pcs
vendor:	siemens	model:	simatic hmi panels
vendor:	siemens	model:	tia portal
vendor:	siemens	model:	simatic wincc
vendor:	siemens	model:	simatic automation tool
vendor:	siemens	model:	simatic wincc runtime
vendor:	siemens	model:	wincc tia portal
vendor:	siemens	model:	pcs 7
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic wincc comfort
vendor:	siemens	model:	simatic net pc
vendor:	siemens	model:	simatic hmi
vendor:	siemens	model:	simatic hmi basic panels 2nd generation

db:

NVD

ids:

CVE-2015-1601, CVE-2015-2823, CVE-2015-2822

'CallStranger' vulnerability affects billions of UPNP devices Related entries in the VARIoT vulnerabilities database: VAR-202006-0391 Trust: 5.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: -	Vulnerabilities: request forgery

Affected products

External IDs

vendor:	samsung	model:	samsung
vendor:	broadcom	model:	broadcom
vendor:	cisco	model:	routers

db:

NVD

ids:

CVE-2020-12695

Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices \| SecurityWeek.Com Trust: 3.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2020-27252, CVE-2020-25183, CVE-2020-25187

US warns Log4j flaw puts hundreds of millions of devices at risk \| ZDNet Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.0 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Threat Intel: Log4j - Critical Zero Day Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566 Trust: 3.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, midnight	Vulnerabilities: denial of service, service disruption, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-4104

Log4j under siege, millions of devices vulnerable \| Cybersecurity Dive Trust: 3.0 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Critical Vulnerability in Ubiquitous Apache Log4j Library Under Active Attack - Medigate Blog Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011, VAR-202112-0562 Trust: 3.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, 7:06 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-4104, CVE-2021-44832, CVE-2021-45046

NVD - CVE-2021-34758 Related entries in the VARIoT vulnerabilities database: VAR-202110-0211 Trust: 5.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	telepresence
vendor:	cisco systems	model:	telepresence collaboration endpoint
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	roomos
vendor:	cisco systems	model:	cisco telepresence
vendor:	cisco systems	model:	cisco roomos
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	roomos
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco roomos

db:

NVD

ids:

CVE-2021-34758

[no-title] Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562 Trust: 4.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: -	Vulnerabilities: cross-site request forgery, cross-site scripting, request forgery...

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2014-4829, CVE-2021-44228, CVE-2021-20401, CVE-2020-4786, CVE-2021-45046, CVE-2015-1997, CVE-2021-20400, CVE-2017-1724

Enterprise Cybersecurity Roundup [September 2021] Related entries in the VARIoT vulnerabilities database: VAR-202109-1909 Trust: 4.25 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Sept. 16, 2021, midnight	Vulnerabilities: command execution, privilege escalation, code execution

Affected products

External IDs

vendor:	serve	model:	serve
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks
vendor:	apple	model:	macos
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks

db:

NVD

ids:

CVE-2021-38649, CVE-2021-40444, CVE-2021-38645, CVE-2021-38648, CVE-2021-38647

What is Log4Shell? The Log4j vulnerability explained \| Dynatrace news Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 5.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 17, 2021, 7:15 a.m.	Vulnerabilities: information leak, code execution

Affected products

External IDs

vendor:

google

model:

home

db:

NVD

ids:

CVE-2021-44832, CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 3.75 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 23, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

How serious is the Log4j vulnerability? \| SecureTeam Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562 Trust: 4.25 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 10:50 a.m.	Vulnerabilities: injection attack, sql injection

Affected products

External IDs

vendor:	apple	model:	icloud
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2021-44228, CVE-2021-45046

NVD - CVE-2021-34362 Trust: 4.5 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Aug. 20, 2021, midnight	Vulnerabilities: os command injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34362

Vulnerability management - Microsoft Service Assurance \| Microsoft Docs Trust: 3.0 Fetched: Dec. 28, 2021, 9:20 a.m., Published: Nov. 17, 2021, 10:47 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

VARIoT news about IoT security