Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of January 15 - 21. Sign up to get these updates right to your inbox!

JANUARY 20, 2023

IBM InfoSphere Information Server 11.7

IBM InfoSphere Information Server 11.7 contains a vulnerability that can cause some of the components to be unusable until the process is restarted.

Sources: CVE, IBM Support

Cisco TelePresence CE and RoomOS Software

Cisco TelePresence CE and RoomOS software contain an improper validation vulnerability that can allow a threat actor to send arbitrary network requests that are sourced from the affected system.

Sources: CVE, Cisco

JANUARY 19, 2023

Hitachi Energy PCU400

Hitachi Energy PCU400 contains a reliance on uncontrolled component vulnerability that can lead to a denial-of-service condition on both the logging function of the device and its associated server.


Sources: CISA, Hitachi Energy

JANUARY 17, 2023

GE Digital Proficy Historian

GE digital proficy historian contains an authenticated bypass, unrestricted upload, improper access control and weak password encoding vulnerabilities that could lead to a device crash, a buffer overflow condition and allow remote code execution.

Sources: CISA, GE Digital

Mitsubishi Electric MELSEC iQ-F, iQ-R series

Mitsubishi Electric MELSEC iQ-F, iQ-R series contains a predictable seed in pseudo-random number generator vulnerability that can lead to a threat actor access to the WEB server function by guessing the random numbers used for authentication.


Sources: CISA, Mitsubishi Electric

Siemens SINEC INS

Siemens SINEC INS contains an OS command injection, inadequate encryption strength, out-of-bounds write vulnerabilities and more that can lead to an attacker reading and writing arbitrary files from the file system of the affected component.


Sources: CISA, Siemens

Contec CONPROSYS HMI System

Contec CONPROSYS HMI System contains an OS command injection, use of default credentials, cross-site stripping vulnerabilities and more that can allow a threat actor to send specially crafted requests and cause a loss of sensitive information.


Sources: CISA, Contec

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES