Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 3 - 9. Sign up to get these updates right to your inbox!

JULY 08, 2022

IBM

IBM CICS TX Standard and Advanced 11.1 are vulnerable to HTTP header injections that could lead to cross-site scripting, cache poisoning or session hijacking.

Sources: IBM, NIST

Mitsubishi Electric

Mitsubishi Electric MELSEC iQ-R Series C Controller Module R12CCPU-V contains an uncontrolled resource consumption vulnerability.

Sources: Mitsubishi Electric, CISA

JULY 07, 2022

Rockwell Automation

Rockwell Automation MicroLogix 1100/1400 contains an improper restriction of rendered UI layers or frames vulnerability.

Sources: Rockwell Automation, CISA

Apache

Versions of Apache Druid are vulnerable to reflected XSS attacks.

Sources: Apache Druid, NIST

Cisco

Cisco released security updates due to vulnerabilities found in multiple Cisco products that could lead to an attacker gaining control of affected systems.

Sources: Cisco, CISA

Bently Nevada

Bently Nevada 3701/4X series and 60M100 (3701/60) Condition Monitoring System contain vulnerabilities, such as use of hard-coded credentials and missing authentication for critical function.

Sources: Bently Nevada support, CISA

JULY 06, 2022

Joint Cybersecurity Advisory

CISA, the FBI and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) that provides information on Maui ransomware, which has been targeting health care and public health sector organizations.

Sources: Joint CSA, CISA

OpenSSL

OpenSSL released a security update due to a vulnerability affecting OpenSSL 3.0.4 that could lead to an attacker gaining control of affected systems.

Sources: OpenSSL advisory, CISA

JULY 05, 2022

Google

Google released a security update for Chrome due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Google Chrome, CISA

Post-Quantum Cryptographic Standard

NIST stated that a new post-quantum cryptographic standard is replacing the public-key cryptography that is vulnerable to quantum-based attacks.

Sources: National Security Memorandum, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES