Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 22 - 28. Sign up to get these updates right to your inbox!

OCTOBER 26, 2023

Dingtian DT-R002

Dingtian DT-R002 contains an authentication bypass by capture-replay vulnerability that can allow an attacker to bypass authentication.


Sources: CISA, Dingtian

Centralite Pearl Thermostat

Centralite Pearl Thermostat contains an allocation of resources without limits or throttling vulnerability that can allow an attacker to cause a denial of service on the affected product.


Sources: CISA, Centralite

Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium

Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium contains out-of-bounds write, heap-based buffer overflow and out-of-bounds read vulnerabilities that can allow an attacker to execute arbitrary code.


Sources: CISA, Ashlar-Vellum

Rockwell Automation Arena

Rockwell Automation Arena contains out-of-bounds read and access of uninitialized pointer vulnerabilities that can allow an attacker to execute arbitrary code by using a memory buffer overflow or using an uninitialized pointer in the application.


Sources: CISA, Rockwell Automation

Sielco PolyEco FM Transmitter

Sielco PolyEco FM Transmitter contains session fixation, improper restriction of excessive authentication attempts and improper access control vulnerabilities that can allow an attacker to escalate privileges, access restricted pages or hijack sessions.


Sources: CISA, Sielco

BD Alaris System with Guardrails Suite MX (Update A)

BD Alaris System with Guardrails Suite MX (Update A) contains missing support for integrity check, cross-site scripting, cleartext transmission of sensitive information and more vulnerabilities that can allow an attacker to compromise sensitive data, hijack a session, modify firmware and make changes to system configurations, among other system impacts.


Sources: CISA, BD

Rockwell Automation FactoryTalk View Site Edition

Rockwell Automation FactoryTalk View Site Edition contains an improper input validation vulnerability that can cause the product to become unavailable and require a restart to recover, resulting in a denial-of-service condition.


Sources: CISA, Rockwell Automation

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES