Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 9 - 15. Sign up to get these updates right to your inbox!

OCTOBER 13, 2022

Mitsubishi Electric Corporation MELSEC iQ-R Series CPU Module

Mitsubishi Electric Corporation MELSEC iQ-R Series CPU Module contains a cleartext transmission of sensitive information vulnerability that could lead to a remote attacker logging into the CPU module by obtaining credentials.

Sources: Mitsubishi Electric Advisory, CISA

Hitachi Energy Lumada Asset Performance Management

Hitachi Energy Lumada Asset Performance Management contains allocation of resources without limits or throttling and code injection vulnerabilities that could lead to remote code execution.

Sources: Hitachi Energy Support, CISA

Siemens 22 ICS Advisories

CISA released industrial control systems advisories for 22 Siemens products due to vulnerabilities found that should lead to updates for each product.

Sources: CISA, Siemens Operational Guidelines

OCTOBER 11, 2022

Adobe Cold Fusion, Acrobat and Reader, Commerce and Magneto Open Source and Dimension

Adobe Cold Fusion, Acrobat and Reader, Commerce and Magneto Open Source and Dimension contain vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Adobe Cold Fusion, Adobe Acrobat and Reader, Adobe Commerce and Magneto Open Source, Adobe Dimension, CISA

Microsoft October 2022 multiple products

Microsoft released security updates for multiple Microsoft products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Microsoft Security Updates, Update Deployment Information, CISA

Sensormatic Electronics C-CURE 9000

Sensormatic Electronics C-CURE 9000 contains an observable response discrepancy vulnerability that could lead an unauthorized user to enumerate user accounts.

Sources: Upgrade, Johnson Controls Product Advisory, CISA

Daikin Holdings Singapore Pte Ltd. SVMPC1 and SVMPC2

Daikin Holdings Singapore Pte Ltd. SVMPC1 and SVMPC2 contain use of hard-coded password and improper access control vulnerabilities that could lead to the disclosure of sensitive information and an attacker gaining full control of affected systems.

Sources: Vulnerability Information, CISA

Altair HyperView Player

Altair HyperView Player contains improper restriction of operations within the bounds of a memory buffer, use of uninitialized resource and improper validation of array index vulnerabilities that could lead to a device crashing.

Sources: Latest Version of HyperView Player, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES