VARIoT latest news about IoT security

Apple issues fix for ‘actively exploited’ WebKit zero day vulnerability - TechCentral.ie Related entries in the VARIoT vulnerabilities database: VAR-202209-0759, VAR-202212-1751 Trust: 3.75 Fetched: Jan. 11, 2023, 9:10 a.m., Published: Dec. 14, 2022, 2:49 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	icloud
vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	tvos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-32917, CVE-2022-42856

Cybersecurity Vulnerabilities: Types, Examples, And More - Data Intelligence. Trust: 3.75 Fetched: Jan. 11, 2023, 9:09 a.m., Published: Jan. 10, 2023, 11:13 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:

manageengine

model:

network configuration manager

A Significant Vulnerability is Present in Apple Devices Through MacKeeper - PC Technologies Blog \| Olympia, Lacey, Tumwater, Washington \| PC Technologies Trust: 3.0 Fetched: Jan. 11, 2023, 9:09 a.m., Published: Jan. 11, 2003, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Siemens PROFINET Devices (Update L) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201910-1595 Trust: 4.0 Fetched: Jan. 11, 2023, 9:07 a.m., Published: Jan. 1, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	simatic et
vendor:	siemens	model:	sinamics s120
vendor:	siemens	model:	simatic hmi ktp mobile panels
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	simatic et 200mp im 155-5 pn ba
vendor:	siemens	model:	simatic s7-400 h
vendor:	siemens	model:	simatic s7-400 pn/dp v7
vendor:	siemens	model:	ek-ertec 200
vendor:	siemens	model:	simatic hmi comfort panels
vendor:	siemens	model:	dk standard ethernet controller
vendor:	siemens	model:	ek-ertec 200p
vendor:	siemens	model:	simatic s7-400
vendor:	siemens	model:	sinamics g150
vendor:	siemens	model:	sinamics s110
vendor:	siemens	model:	sinamics sm120
vendor:	siemens	model:	sinamics s150
vendor:	siemens	model:	simatic winac rtx
vendor:	siemens	model:	s7-400
vendor:	siemens	model:	simatic et 200mp im 155-5 pn st
vendor:	siemens	model:	sinamics g110m
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hs
vendor:	siemens	model:	simatic s7-410 v8
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-300 cpu
vendor:	siemens	model:	sinumerik 828d
vendor:	siemens	model:	sinumerik 840d sl
vendor:	siemens	model:	simatic hmi
vendor:	siemens	model:	sinamics gl150
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc
vendor:	siemens	model:	sinamics dcp
vendor:	siemens	model:	simatic et 200m
vendor:	siemens	model:	profinet io
vendor:	siemens	model:	840d
vendor:	siemens	model:	simatic et 200sp im 155-6 pn st
vendor:	siemens	model:	sinamics dcm
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hf
vendor:	siemens	model:	sinamics
vendor:	siemens	model:	simatic profinet driver
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	simatic s7-400 h v6
vendor:	siemens	model:	s7-400 pn/dp
vendor:	siemens	model:	simatic s7-300 cpu family
vendor:	siemens	model:	s7-300
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	simatic s7-300
vendor:	siemens	model:	simatic et 200mp im 155-5 pn hf
vendor:	siemens	model:	sinamics g120
vendor:	siemens	model:	simatic et 200s
vendor:	siemens	model:	simatic et 200pro
vendor:	siemens	model:	simatic s7-400 pn/dp v6
vendor:	siemens	model:	simatic s7-410
vendor:	siemens	model:	ek-ertec
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	simatic pn/pn coupler
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	simatic tdc cp51m1
vendor:	siemens	model:	sinumerik 840d
vendor:	siemens	model:	profinet driver
vendor:	siemens	model:	sinamics gh150
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	s7-410
vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	simatic s7-400 pn
vendor:	siemens	model:	simatic et 200al
vendor:	siemens	model:	simatic s7-400 pn/dp
vendor:	siemens	model:	simatic cfu pa
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic et 200mp
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	sinamics sl150
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	simatic et 200ecopn
vendor:	siemens	model:	sinamics gm150
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	pn/pn coupler
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ba
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ha
vendor:	siemens	model:	sinamics g130
vendor:	siemens	model:	simatic tdc cpu555
vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	simatic hmi comfort outdoor panels

db:

NVD

ids:

CVE-2019-10936

Warning over ransomware attacks spreading via Fortinet kit \| Computer Weekly Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-202210-0198 Trust: 3.75 Fetched: Jan. 11, 2023, 9:07 a.m., Published: Jan. 5, 2023, midnight	Vulnerabilities: authentication bypass, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2022-42475, CVE-2022-40684

Siemens SICAM P850 and P855 Devices (Update A) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202210-0447 Trust: 5.75 Fetched: Jan. 11, 2023, 9:06 a.m., Published: Jan. 1, 2023, midnight	Vulnerabilities: code execution, session fixation

Affected products

External IDs

vendor:

siemens

model:

sicam

db:

NVD

ids:

CVE-2022-41665, CVE-2022-40226

Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202203-1506, VAR-202203-0505, VAR-201803-1048, VAR-202210-1176, VAR-201812-1038, VAR-202202-0832, VAR-201805-0262, VAR-201712-0829, VAR-202007-0064, VAR-201505-0274, VAR-201903-1398, VAR-202102-0290, VAR-202205-0957, VAR-202203-0700, VAR-202208-1439, VAR-202110-1690, VAR-201712-0828 Trust: 4.25 Fetched: Jan. 11, 2023, 9:05 a.m., Published: Dec. 21, 2022, 7:56 p.m.	Vulnerabilities: denial of service, command injection, default password

Affected products

External IDs

vendor:	sophos	model:	firewall
vendor:	tenda	model:	ac1200

db:

NVD

ids:

CVE-2022-22965, CVE-2022-26186, CVE-2017-17215, CVE-2022-30023, CVE-2016-20017, CVE-2022-33891, CVE-2021-46422, CVE-2018-20057, CVE-2022-25075, CVE-2018-10561, CVE-2022-42013, CVE-2020-25223, CVE-2017-17106, CVE-2018-12613, CVE-2020-10987, CVE-2021-35395, CVE-2014-8361, CVE-2022-34538, CVE-2019-10655, CVE-2021-36260, CVE-2022-31137, CVE-2020-7209, CVE-2020-25506, CVE-2022-30525, CVE-2022-26210, CVE-2022-37061, CVE-2021-42013, CVE-2017-17105

Qualcomm and Lenovo Fix High Severity UEFI Vulnerabilities in Chipsets \| Spiceworks Related entries in the VARIoT vulnerabilities database: VAR-202301-0521 Trust: 4.5 Fetched: Jan. 11, 2023, 9:05 a.m., Published: Jan. 11, 2023, midnight	Vulnerabilities: buffer overflow, information disclosure

Affected products

External IDs

vendor:	lenovo	model:	bios
vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	system
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2022-4432, CVE-2022-40520, CVE-2022-40516, CVE-2022-4433, CVE-2022-40518, CVE-2022-4435, CVE-2022-40519, CVE-2022-4434, CVE-2022-40517

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devicesSecurity Affairs Related entries in the VARIoT vulnerabilities database: VAR-202301-0628, VAR-202301-0582 Trust: 5.5 Fetched: Jan. 10, 2023, 9:20 a.m., Published: Jan. 9, 2023, 8:53 a.m.	Vulnerabilities: integer overflow, buffer overflow, information exposure...

Affected products

External IDs

vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2022-33218, CVE-2022-33219, CVE-2022-33265

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Fuse Networks Blog \| Seattle, Tacoma, Pudget Sound Trust: 3.0 Fetched: Jan. 10, 2023, 9:19 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Researcher Reveals Google Home Speakers Could've Been Hijacked And Turned Into Wiretaps - Truth Unmuted Trust: 3.0 Fetched: Jan. 10, 2023, 9:16 a.m., Published: Jan. 2, 2023, 2:52 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home

Multiple vulnerabilities detected on billions of Android phones \| Deccan Herald Trust: 3.75 Fetched: Jan. 10, 2023, 9:15 a.m., Published: Jan. 9, 2023, 6:50 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices Related entries in the VARIoT vulnerabilities database: VAR-202301-0521 Trust: 4.25 Fetched: Jan. 10, 2023, 9:15 a.m., Published: Jan. 9, 2023, 7:58 p.m.	Vulnerabilities: memory leak, code execution, buffer overflow...

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	system

db:

NVD

ids:

CVE-2022-4432, CVE-2022-40519, CVE-2022-40516, CVE-2022-4435, CVE-2022-40520, CVE-2022-4433, CVE-2022-40517, CVE-2022-40518, CVE-2022-4434

Spying on Kids’ Smart Devices: Beware of Security Vulnerabilities! \| SpringerLink Trust: 5.0 Fetched: Jan. 10, 2023, 9:15 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

sophos

model:

mobile

Binarly Discovers 16 New, High-Impact Vulnerabilities in Firmware Affecting HP Enterprise Devices Related entries in the VARIoT vulnerabilities database: VAR-202301-0521 Trust: 4.25 Fetched: Jan. 10, 2023, 9:14 a.m., Published: Jan. 9, 2023, midnight	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	system

db:

NVD

ids:

CVE-2022-40516, CVE-2022-40520, CVE-2022-40517

Time to uninstall! Abandoned Android apps pack a vulnerability punch Trust: 4.5 Fetched: Jan. 10, 2023, 9:11 a.m., Published: Dec. 8, 2022, 7:15 p.m.	Vulnerabilities: code execution, weak password

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-45482, CVE-2022-45481, CVE-2022-45478, CVE-2022-45477, CVE-2022-45479, CVE-2022-45480, CVE-2022-45483

Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks \| SecurityWeek.Com Trust: 3.5 Fetched: Jan. 10, 2023, 9:11 a.m., Published: Jan. 10, 2022, midnight	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	system
vendor:	lenovo	model:	updates

Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware - Infosecurity Magazine Related entries in the VARIoT vulnerabilities database: VAR-202210-0198 Trust: 4.0 Fetched: Jan. 10, 2023, 9:11 a.m., Published: Jan. 5, 2023, 6 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40684

Configure advanced features in Microsoft Defender for Endpoint \| Microsoft Learn Trust: 4.5 Fetched: Jan. 10, 2023, 9:10 a.m., Published: Nov. 17, 2022, 11:48 p.m.	Vulnerabilities: policy violation, script execution

Affected products

External IDs

vendor:

essential

model:

phone

January Pixel update, security patch hits 4a devices and newer Trust: 3.0 Fetched: Jan. 8, 2023, 9:17 a.m., Published: Jan. 8, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

pixel

VARIoT news about IoT security