Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 22 - 28. Sign up to get these updates right to your inbox!
Centralite Pearl Thermostat contains an allocation of resources without limits or throttling vulnerability that can allow an attacker to cause a denial of service on the affected product.
Sources: CISA, Centralite
Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium contains out-of-bounds write, heap-based buffer overflow and out-of-bounds read vulnerabilities that can allow an attacker to execute arbitrary code.
Sources: CISA, Ashlar-Vellum
Rockwell Automation Arena contains out-of-bounds read and access of uninitialized pointer vulnerabilities that can allow an attacker to execute arbitrary code by using a memory buffer overflow or using an uninitialized pointer in the application.
Sources: CISA, Rockwell Automation
BD Alaris System with Guardrails Suite MX (Update A) contains missing support for integrity check, cross-site scripting, cleartext transmission of sensitive information and more vulnerabilities that can allow an attacker to compromise sensitive data, hijack a session, modify firmware and make changes to system configurations, among other system impacts.
Rockwell Automation FactoryTalk View Site Edition contains an improper input validation vulnerability that can cause the product to become unavailable and require a restart to recover, resulting in a denial-of-service condition.
Sources: CISA, Rockwell Automation
