Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 14 - 20. Sign up to get these updates right to your inbox!

AUGUST 18, 2022

Cisco Secure Web Appliance

Cisco released security updates for Cisco Secure Web Appliance due to vulnerabilities found that could lead to an attacker to gain control of affected systems.

Sources: Cisco Security Advisory, CISA

Siemens Linux-based products

Siemens Linux-based products contain a use of insufficiently random values vulnerability that could lead to an attacker compromising confidentiality and integrity.

Sources: Siemens Security Advisory, CISA

Siemens Industrial Products LLDP

Siemens Industrial Products contain classic buffer overflow and uncontrolled resource consumption vulnerabilities that could lead to a denial-of-service condition or execution of arbitrary code.

Sources: Siemens Security Advisory, CISA

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series contain an improper resource locking vulnerability that could lead to a denial-of-service condition for Ethernet communication.

Sources: Mitsubishi Electric Security Advisory, CISA

Mitsubishi Electric factory automation products

Mitsubishi Electric OT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch and MELSEC iQ-R Series OPC UA Server Module contain infinite loop and OS command injection vulnerabilities.

Sources: Mitsubishi Electric Security Advisory, CISA

AUGUST 16, 2022

Yokogawa CENTUM Controller FCS

The Yokogawa CENTUM Controller FCS contains a denial of service vulnerability.

Sources: Yokogawa Advisory, CISA

LS ELECTRIC PLC and XG5000

The LS ELECTRIC PLC and XG5000 contain an inadequate encryption strength vulnerability that could lead to an attacker gaining access to affected PLCs.

Sources: LS Electric, CISA

Delta Electronics DRAS

The Delta Electronics Delta Robot Automation Studio (DRAS) contains an improper restriction of XML external entity reference that could lead to an attacker reading and exfiltrating sensitive information.

Sources: Delta Electronics, CISA

Softing Secure Integration Server

The Softing Secure Integration Server contains out-of-bounds read, uncontrolled search path element, improper authentication, relative path traversal, cleartext transmission of sensitive information, NULL pointer dereference and integer underflow vulnerabilities.

Sources: Softing, CISA

B&R Industrial Automation Automation Studio 4

B&R Industrial Automation Automation Studio 4 contains an unrestricted upload of file with dangerous type vulnerability.

Sources: B&R Cybersecurity Guidelines, CISA

Emerson Proficy Machine Edition

The Emerson Proficy Machine Edition contains vulnerabilities that could lead to remote hidden code execution on a connected PLC and to malicious files being uploaded from the PLC to connected workstations.

Sources: Emerson Security Advisory, CISA

Sequi PortBloque S

The Sequi PortBloque S contains improper authentication and improper authorization vulnerabilities.

Sources: Sequi Support, CISA

Siemens SIMATIC NET PC, SITOP Manager and TeleControl Server Basic

The Siemens SIMATIC NET PC, SITOP Manager and TeleControl Server Basic contain a null pointer dereference vulnerability.

Sources: Siemens, CISA

Zimbra cybersecurity advisory

CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint cybersecurity advisory about the Zimbra Collaboration Suite (ZCS) being exploited.

Sources: Joint Cybersecurity Advisory, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES