Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 20 - 26. Sign up to get these updates right to your inbox!

NOVEMBER 22, 2022

AVEVA Edge

AVEVA Edge contains uncontrolled search path element, exposure of sensitive information to an unauthorized actor, uncontrolled resource consumption, improper access control and Windows UNC share vulnerabilities that could lead to the insertion of malicious DLL files or code execution.

Sources: AVEVA Update, CISA

Digital Alert Systems DASDEC

Digital Alert Systems DASDEC contains a cross-site scripting vulnerability that could lead to false alerts being issued to broadcast or cable sites that are connected to the compromised system.

Sources: Digital Alert Systems Support, CISA

Phoenix Contact Automation Worx Software Suite

Phoenix Contact Automation Worx Software Suite contains improper restriction of operations within the bounds of a memory buffer and out-of-bounds read vulnerabilities that could lead to a heap buffer overflow, release of unallocated memory or a read access violation.

Sources: Phoenix Contact Update, CISA

GE CIMPLICITY

GE CIMPLICITY contains access of uninitialized pointer, heap-based buffer overflow, untrusted pointer dereference and out-of-bounds write vulnerabilities that could lead to the execution of arbitrary code.

Sources: GE Digital Product Advisory, CISA

Moxa ARM-Based Computers 

Moxa ARM-Based Computers contain a privilege escalation vulnerability that could give an attacker root privileges and total control of the system.

Sources: Moxa Advisory, CISA

Hillrom Welch Allyn medical device management tools

Hillrom Welch Allyn medical device management tools contain an out-of-bounds write and an out-of-bounds read vulnerability that could lead to memory corruption and remote arbitrary code execution.

Sources: Hillrom Disclosure Page, CISA

Mitsubishi Electric Factory Automation Engineering products

Mitsubishi Electric Factory Automation Engineering products contain an unquoted search path or element vulnerability that could lead to an attacker gaining unauthorized information, modify information and cause a denial-of-service condition.

Sources: Mitsubishi Electric Patches, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES