Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 9 - 15. Sign up to get these updates right to your inbox!
Mitsubishi Electric Multiple Products (Update G) contains a predictable exact value from previous values vulnerability that can be used to hijack TCP sessions and allow remote command execution.
Sources: CISA, Mitsubishi Electric
Mitsubishi Electric MELSEC-Q/L Series (Update B) contains incorrect pointer scaling and integer overflow or wraparound vulnerabilities that can allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.
Sources: CISA, Mitsubishi Electric
Motorola Solutions Vigilant License Plate Readers contains authentication bypass using an alternate path or channel, cleartext storage in a file or on disk, use of hard-coded credentials vulnerabilities that can allow an attacker to tamper with the device, access sensitive information and credentials or perform a replay attack.
Sources: CISA, Motorola Solutions
Rockwell Automation FactoryTalk View SE contains an improper authentication vulnerability that can allow a user from a remote system with FTView to view an HMI project.
Sources: CISA, Rockwell Automation
Rockwell Automation FactoryTalk View SE contains an incorrect permission assignment for critical resource vulnerability that can allow low-privilege users to edit scripts, bypassing access control lists and potentially gain further access within the system.
Sources: CISA, Rockwell Automation
Rockwell Automation FactoryTalk View SE contains an improper authentication vulnerability that can allow an outside attacker to view an HMI project.
Sources: CISA, Rockwell Automation
Fuji Electric Tellus Lite V-Simulator contains out-of-bounds write and stack-based buffer overflow vulnerabilities that can allow a local attacker to perform code execution.
Sources: CISA, Fuji Electric
Siemens Teamcenter Visualization and JT2Go contains out-of-bounds read, allocation of resources without limits or throttling and NULL pointer dereference vulnerabilities that can allow an attacker to create a denial-of-service condition or execute code within the context of the current process.
Siemens TIM 1531 IRC contains improper input validation, out-of-bounds write, inadequate encryption strength and more vulnerabilities that can result in leaked information, improper input validation, a denial-of-service condition, an out-of-bounds read on heap memory, privilege escalation, memory exhaustion blocking the server, system crash and arbitrary code execution.
