Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 31 - August 6. Sign up to get these updates right to your inbox!

AUGUST 04, 2022

CISA

CISA and the Australian Cybersecurity Center (ACSC) released a joint Cybersecurity Advisory (CSA) that explains the top malware strains observed in 2021.

Sources: 2021 Top Malware Strains, CISA

Cisco

Cisco released security updates for RV Series Routers due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco Security Advisories, CISA

F5

F5 released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: F5 Security Advisory, CISA

Inductive Automation

The Inductive Automation Ignition contains improper restriction of XML external entity reference that could lead to an attacker gaining file contents.

Sources: Inductive Automation Support, CISA

Digi International

The Digi International ConnectPort X2D Gateway contains an execution with unnecessary privileges vulnerability that could lead to code execution.


Sources: Digi International Support, CISA

AUGUST 03, 2022

VMware

VMware released security updates for VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation due to multiple vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: VMware Advisory, CISA

AUGUST 02, 2022

Delta Electronics

Delta Electronics DIAEnergie contains path traversal, incorrect default permissions, SQL injection and uncontrolled search path elements that could lead to remote code execution and cause a user to carry out an action unintentionally.

Sources: Delta Electronics, CISA

Delta Electronics

Delta Electronics DIAEnergie contains multiple vulnerabilities that could lead to an attacker retrieving passwords in cleartext, remotely executing code, causing a user to carry out an action unintentionally or logging in and using the device with administrative privileges.

Sources: Delta Electronics, CISA

Mitsubishi Electric

Mitsubishi Electric FA Engineering Software Products contain heap-based buffer overflow and improper handling of length parameter inconsistency vulnerabilities that could lead to a denial-of-service condition.

Sources: Mitsubishi Electric software updates, CISA

Mitsubishi Electric

Mitsubishi Electric Factory Automation Engineering products contain an unquoted search path or element vulnerability that could lead to an attacker gaining unauthorized information, editing information or causing a denial-of-service condition.

Sources: Mitsubishi Electric, CISA, Mitsubishi Electric software updates

Mitsubishi Electric

Mitsubishi Electric Factory Automation products contain a path traversal vulnerability that could lead to an attacker gaining unauthorized information, tampering with the information or causing a denial-of-service condition.

Sources: Mitsubishi Electric, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES