Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 28 - September 3. Sign up to get these updates right to your inbox!

SEPTEMBER 02, 2022

Mozilla Thunderbird 102.2.1

Mozilla released a security update for Thunderbird due to a vulnerability found that could lead to an attacker gaining control of affected systems.

Sources: Thunderbird Advisory, CISA

SEPTEMBER 01, 2022

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor contains improper access control, uncontrolled resource consumption, use of hard-coded credentials and active debug code vulnerabilities.

Sources: Contec Health Support, CISA

Delta Electronics DOPSoft

Delta Electronics DOPSoft contains an out-of-bounds read vulnerability that could lead to an attacker gaining sensitive information.

Sources: Delta Electronics Support, CISA

AUGUST 30, 2022

Hitachi Energy FACTS Control Platform (FCP) Product

Hitachi Energy FACTS Control Platform (FCP) Product contains inconsistent interpretation of HTTP requests, use after free, classic buffer overflow, integer underflow, improper certificate validation and observable discrepancy vulnerabilities.

Sources: Hitachi Energy Advisory, CISA

Hitachi Energy Gateway Station (GWS) Product

Hitachi Energy Gateway Station (GWS) Product contains inconsistent interpretation of HTTP requests, use after free, classic buffer overflow, integer underflow, improper certificate validation and observable discrepancy vulnerabilities.

Sources: Hitachi Energy Advisory, CISA

Hitachi Energy MSM Product

Hitachi Energy MSM Product contains a reliance on uncontrolled component vulnerability that could lead to a denial-of-service condition.

Sources: Hitachi Energy Advisory, CISA

Hitachi Energy RTU500 series

Hitachi Energy RTU500 series contains an improper input validation vulnerability that could lead to an internal buffer overflow.

Sources: Hitachi Energy Advisory, CISA

Fuji Electric D300win

Fuji Electric D300win contains an out-of-bounds read and write-what-where condition vulnerabilities that could lead to a loss of sensitive data and manipulation of information.

Sources: Fuji Electric Support, CISA

Honeywell ControlEdge

Honeywell ControlEdge contains a missing authentication for critical function vulnerability that could lead to remote code execution, denial-of-service or configuration manipulation.

Sources: CISA

Honeywell Experion LX

Honeywell Experion LX contains a missing authentication for critical function vulnerability that could lead to a denial-of-service condition.

Sources: Honeywell Support, CISA

Honeywell Trend Controls IQ Series that utilize Inter-Controller (IC) protocol

Honeywell Trend Controls IQ Series that utilize Inter-Controller (IC) protocol contains a cleartext transmission of sensitive information vulnerability that could lead to the loss of authentication information.

Sources: Trend Partner Network, CISA

Omron CX-Programmer

Omron CX-Programmer contains a use after free vulnerability that could lead to an attacker executing arbitrary code.

Sources: CISA

PTC Kepware KEPServerEX

PTC Kepware KEPServerEX contains a heap-based buffer overflow and a stack-based buffer overflow vulnerabilities that could lead to an attacker crashing the device or rebotely executing arbitrary code.

Sources: Kepware KepServerEx Upgrade, CISA

Sensormatic Electronics iSTAR Ultra

Sensormatic Electronics iSTAR Ultra contains a command injection vulnerability that could lead to an attacker using a malicious request to run arbitrary commands as a root user.

Sources: iStar Ultra, CISA

MitsubishiGOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch and MELSEC iQ-R Series OPC UA Server Module contains an infinite loop and an OS command injection vulnerabilities that could lead to a denial-of-service condition or arbitrary code execution.

Sources: Mitsubishi Electric Security Advisory, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES