Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 18 - 24. Sign up to get these updates right to your inbox!

SEPTEMBER 22, 2022

Internet Systems Consortium Security Advisories

The Internet Systems Consortium (ISC) released security advisories due to vulnerabilities found in Berkeley Internet Name Domain (BIND) 9.

Sources: ISC Advisory, CISA

Measuresoft ScadaPro Server

Measuresoft ScadaPro Server contains an improper access control vulnerability that could lead to modification of the service binary path and start malicious commands with SYSTEM privileges.

Sources: CISA

Mitsubishi Electric products update E

Multiple Mitsubishi Electric products contain predictable exact value from previous values vulnerabilities that could lead to remote command execution.

Sources: Mitsubishi Electric Support, CISA

Mitsubishi Electric multiple factory automation engineering software products

Multiple factory automation engineering software products from Mitsubishi Electric contain a permissions issues vulnerability that could lead to the reading of arbitrary files, cause a denial-of-service condition or allow execution of a malicious binary.

Sources: Mitsubishi Electric Advisory, CISA

Joint Cybersecurity Advisory on Control System Defense

CISA and the NSA released a joint cybersecurity advisory (CSA) about control system defense for operational technology (OT) and industrial control systems (ICSs).

Sources: Joint CSA, CISA

SEPTEMBER 21, 2022

Iranian State Actors Conduct Cyber Operations Against the Government of Albania CSA

CISA and the FBI released a joint cybersecurity advisory (CSA) that indicates Iranian state cyber actors' techniques and operations.

Sources: Joint CSA, CISA

Mozilla Firefox 105, Firefox ESR 102.3 and Thunderbird 91.13.1

Mozilla released security updates in Firefox, Firefox ESR and Thunderbird due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Firefox Advisory, CISA, Firefox ESR Advisory, Thunderbird Advisory

Microsoft Endpoint Configuration Manager

Microsoft released a security update for Microsoft Endpoint Configuration Manager due to vulnerabilities found that could lead to an attacker gaining sensitive information.

Sources: Microsoft Vulnerability, CISA

SEPTEMBER 20, 2022

Medtronic MiniMed 600 Series Insulin Pumps

Medtronic MiniMed 600 Series Insulin Pumps contain a protection mechanism failure vulnerability that could lead to delivering too much or too little insulin through delivery of an unintended insulin bolus or because insulin delivery is slowed or stopped.

Sources: CISA

Hitachi Energy PROMOD IV

Hitachi Energy PROMOD IV contains an improper access control vulnerability that could lead to an attacker deleting arbitrary files on affected systems.

Sources: Hitachi Energy Advisory, CISA

Hitachi Energy AFF660/665 Firewall

Hitachi Energy AFF660/665 Firewall contains a stack-based buffer overflow vulnerability that could lead to fully compromising a device.

Sources: Hitachi Energy’s Advisory, CISA

Dataprobe iBoot-PDU FW

Dataprobe iBoot-PDU FW contains OS command injection, path traversal, exposure of sensitive information to an unauthorized actor, improper access control, improper authorization, incorrect authorization and SSRF vulnerabilities that could lead to unauthenticated remote code execution.

Sources: iBoot-PDU FW Support, CISA

Host Engineering H0-ECOM100 Communications Module

Host Engineering H0-ECOM100 Communications Module contains a stack-based buffer overflow vulnerability that could lead to a denial-of-service condition.

Sources: Host Engineering Website, CISA

AutomationDirect DirectLOGIC with Ethernet Communication Modules

AutomationDirect DirectLOGIC with Ethernet Communication Modules contains uncontrolled resource consumption and cleartext transmission of sensitive information vulnerabilities that could lead to a loss of sensitive information, unauthorized changes and a denial-of-service condition.

Sources: AutomationDirect Security Advisory, CISA

AutomationDirect DirectLOGIC with Serial Communication

AutomationDirect DirectLOGIC with Serial Communication contains a cleartext transmission of sensitive information vulnerability that could lead to a loss of sensitive information and unauthorized changes.

Sources: AutomationDirect Security Advisory, CISA

MiCODUS MV720 GPS tracker

MiCODUS MV720 GPS tracker contains use of hard-coded credentials, improper authentication, cross-site scripting and authorization bypass through user-controlled key vulnerabilities that could lead to an attacker having control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands and the disarming of various features.

Sources: MiCODUS Update, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES