Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 2 - 8. Sign up to get these updates right to your inbox!

OCTOBER 06, 2022

Cisco Enterprise NFV Infrastructure Software, Expressway Series and TelePresence Video Communication Server

Cisco released security updates for their Enterprise NFV Infrastructure Software, Expressway Series and TelePresence Video Communication Server due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco Advisory, CISA

Rockwell Automation FactoryTalk VantagePoint software

Rockwell Automation FactoryTalk VantagePoint software contains improper access control and SQL injection vulnerabilities that could lead to remote code execution.

Sources: Rockwell Automation Security Advisory, CISA

HIWIN Robot System Software

HIWIN Robot System Software (HRSS) contains an improper access control vulnerability that could lead to a denial-of-service condition.

Sources: HIWIN Technical Support, CISA

OCTOBER 05, 2022

Hitachi Energy Modular Switchgear Monitoring

Hitachi Energy Modular Switchgear Monitoring (MSM) contains cross-site request forgery (CSRF) and HTTP response splitting vulnerabilities that could lead to malicious command injection and trick a valid user into downloading malicious software onto their computer.

Sources: Hitachi Energy Advisory, CISA

FBI and CISA joint PSA

The FBI and CISA published a joint PSA on malicious cyber activity against election infrastructure that explains their findings.

Sources: Joint PSA, CISA

OCTOBER 04, 2022

Johnson Controls Metasys ADX Server

Johnson Controls Metasys ADX Server running MVE contains an improper authentication that could allow an active directory user to execute validated actions without providing a valid password.

Sources: Johnson Controls Security Advisory, CISA

Horner Automation Cscape

Horner Automation Cscape contains out-of-bounds write and access of uninitialized pointer vulnerabilities that could lead to arbitrary code execution.

Sources: Horner Automation Update, CISA

OMRON CX-Programmer

OMRON CX-Programmer contains an out-of-bounds write vulnerability that could lead to arbitrary code execution or crash the device.


Sources: Omron release, CISA

Becton, Dickinson and Company (BD) Totalys MultiProcessor

BD Totalys MultiProcessor contains a use of hard-coded credentials vulnerability that could allow an attacker to access, modify or delete sensitive information.

Sources: BD Security Bulletin, CISA

Impacket and Exfiltration Toolkit

Impacket and Exfiltration Tool was used to steal sensitive information from the Defense Industrial Base (DIB) Sector organization's enterprise network.

Sources: CISA

OCTOBER 03, 2022

CISA Binding Operational Directive 23-01

CISA issued Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks.

Sources: CISA Directive, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES