Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of December 11 - 17. Sign up to get these updates right to your inbox!

DECEMBER 16, 2022

Multiple versions of Samba

Multiple versions of Samba contain vulnerabilities that could allow an attacker to take control of affected systems.

Sources: Samba Security Update, Samba Security Update 2, Samba Security Update 3, Samba Security Update 4, CISA

Joint CSA Food and Beverage sector

The FBI, the Food and Drug Administration Office of Criminal Investigations and the U.S. Department of Agriculture released a CSA titled "Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients."

Sources: Joint CSA, CISA

DECEMBER 15, 2022

Drupal H5P and the File Paths modules

Drupal released security updates due to vulnerabilities found that could allow an attacker to access sensitive information and remotely execute code.

Sources: Drupal Security Advisory, CISA

Siemens 40 ICS advisories

CISA released ICS advisories for 40 Siemens products.

Sources: Siemens Support, CISA

Prosys OPC UA Simulation Server

Prosys OPC UA Simulation Server contains an insufficiently protected credentials vulnerability that could lead to an attacker gaining credentials and access to system data.

Sources: Prosys Update, CISA

DECEMBER 13, 2022

VMware ESXi, Workstation, Fusion and vRealize Network Insight

VMware ESXi, Workstation, Fusion and vRealize Network Insight contain vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: VMware vRealize Network Insight Security Advisory, VMware ESXi, Workstation and Fusion Security Advisory, CISA

Multiple Apple products

Apple released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Apple Security Updates, CISA

Microsoft December security updates

Microsoft released security updates due to vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.

Sources: Microsoft Security Updates, CISA, Deployment Information

Mozilla Thunderbird and Firefox

Mozilla released security updates for Thunderbird, Firefox ESR and Firefox due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Thunderbird, Firefox ESR, Firefox, CISA

ICONICS and Mitsubishi Electric Product Suite

ICONICS and Mitsubishi Electric Product Suite including GENESIS64, Hyper Historian, AnalytiX and MobileHMI contain a path traversal vulnerability that could lead to an attacker writing arbitrary files.

Sources: ICONICS Suite Security Patches, CISA

Schneider Electric APC Easy UPS Online

Schneider Electric APC Easy UPS Online contains missing authentication for critical function, unrestricted upload of file with dangerous type, incorrect permission assignment for critical resource and use of hard-coded credentials vulnerabilities that could lead to remote code execution, unauthenticated password changes and escalation of privileges.

Sources: Schneider Electric Security Advisory, CISA

Contec CONPROSYS HMI System

Contec CONPROSYS HMI System contains an OS command injection vulnerability that could lead to a remote attacker sending specially crafted requests.

Sources: Contec Update, CISA

Citrix ADC and Citrix Gateway

Citrix ADC and Citrix Gateway contain a vulnerability that could lead to an attacker gaining control of affected systems.

Sources: Citrix Security Advisory, Citrix Blog, CISA

DECEMBER 12, 2022

Fortinet FortiOS

Fortinet FortiOS contains a heap-based buffer overflow vulnerability that could lead to an attacker gaining control of affected systems. This has been exploited in the wild before.

Sources: Fortinet Security Advisory, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES