Security Vulnerabilities In Robustel R1510 Cellular Router – An Open Door For Code Execution, Denial Of Service

Nine vulnerabilities in the Robustel R1510 industrial cellular router have been discovered by Cisco Talos. Some of the security holes could allow an adversary to inject operating system code remotely. “The Robustel R1510 router is a dual-ethernet port wireless router that shares 3G and 4G wireless signals for use in industrial and internet-of-things environments.” The vulnerabilities identified are of a high severity with a score 9.1 out of 10: TALOS-2022-1578 (CVE-2022-34850), TALOS-2022-1577 (CVE-2022-33150), TALOS-2022-1576 (CVE-2022-32765), TALOS-2022-1573 (CVE-2022-33325 – CVE-2022-33329), TALOS-2022-1572 (CVE-2022-33312 – CVE-2022-33314).

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://blog.talosintelligence.com/2022/10/vuln-spotlight-robustel-router.html?&web_view=true

Vulnerable Horner PLC Software – A Way For A Code Execution Attack

A total of seven high-severity remote code execution vulnerabilities have been discovered in Horner Automation’s Cscape product and they can all be exploited using malicious font files. “Horner Automation is a US-based company that provides solutions for industrial process and building automation.” The vulnerabilities are described as heap-based buffer overflow, out-of-bounds read/write, and uninitialized pointer issues related to improper validation of user-supplied data when the application parses fonts.

Binaré’s platform will check your IoT device, e.g. PLC, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://www.securityweek.com/several-horner-plc-software-vulnerabilities-allow-code-execution-malicious-font-files?&web_view=true

Attackers Turn Bulbs On Full Blast Exploiting IKEA Smart Light System Flaw

“Researchers have demonstrated how an attacker could take over control of light bulbs in the Ikea Trådfri smart lighting system, ultimately turning the bulbs up to full brightness — and users can’t turn them down through the app or the remote control.” According to cybersecurity analysts at Synopsys CyRC, if the malicious third-party re-sent the same malformed Zigbee frame over and over again, an attacker could advantage of two vulnerabilities in the Ikea Trådfri smart lighting system. 

Binaré’s platform will check your IoT device, e.g. smart light system, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://www.darkreading.com/application-security/ikea-smart-light-system-flaw-lets-attackers-turn-bulbs-on-full-blast?&web_view=true

Vercada Internal Cameras Leaked!

“Cameras inside Verkada’s facilities were made publicly available by a leak of a Verkada API key, IPVM discovered, though Verkada told IPVM that this was a “demo” system that they shared with partners and customers. Nevertheless, the Verkada API key we found was quicky revoked and IPVM sees significant concerns for the privacy and security of Verkada employees and visitors who are exposed to anyone who Verkada shares these API keys with.”

Binaré’s platform will check your IoT device, e.g. camera, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://ipvm.com/reports/verkada-demo-leaked

Security Vulnerability Identified In Cancer Testing System

“A hard-coded credential vulnerability in medical laboratory equipment used for cervical cancer screenings could allow an attacker to modify sensitive patient information.” According to manufacturer BD and the CISA, the flaw affects the BD Totalys MultiProcessor versions 1.70 and earlier. The security hole enables malicious third-parties to modify health data, possibly causing lab results to be associated with the wrong patient, which would create the potential for bad clinical outcomes.

Binaré’s platform will check your IoT device, e.g. cancer testing system, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://www.healthcareinfosecurity.com/bd-cisa-warn-security-flaw-in-cancer-testing-system-a-20213

Free icons courtesy of flaticon.com by authors: vectorsmarket15, Freepik, dreamicons, nawicon.

Leave a Reply