Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 29 - June 4. Sign up to get these updates right to your inbox!

JUNE 02, 2022

Atlassian

Atlassian released a security advisory due to a remote code execution vulnerability found in the Confluence server and Data Center products.

Sources: Confluence Support, CISA

Illumina

Illumina Local Run Manager (LRM) contains multiple vulnerabilities, such as path traversal, unrestricted upload of file with dangerous type, improper access control and cleartext transmission of sensitive information.

Sources: Illumina, CISA Advisory

Carrier LenelS2

Carrier LenelS2 HID Mercury access panels contain multiple vulnerabilities, such as protection mechanism failure, forced browsing, classic buffer overflow, path traversal and OS command injection.

Sources: Carrier Support Channel, CISA

JUNE 01, 2022

Mozilla

Mozilla released security updates for Firefox, Firefox ESR and Thunderbird due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Firefox, Firefox ESR, Thunderbird, CISA

Karakurt

CISA, the FBI, the Department of Treasury and Financial Crimes Enforcement Network (FinCEN) released a joint CSA on the Karakurt data extortion group.

Sources: Joint CSA on Karakurt, CISA

MAY 31, 2022

Microsoft

Microsoft released workaround guidance for a Microsoft Support Diagnostic Tool (MSDT) in Windows "Follina" vulnerability that has been reported to be actively exploited in the wild.

Sources: Microsoft Guidance Report, CISA

Fuji Electric

The Fuji Electric Alpha7 PC Loader contains a stack-based buffer overflow vulnerability.

Sources: CISA Advisory

Becton, Dickinson and Company

Becton, Dickinson and Company (BD) Pyxis contains a not using password aging vulnerability.

Sources: BD, CISA Advisory

Becton, Dickinson and Company

Becton, Dickinson and Company (BD) Synapsys contains an insufficient session expiration vulnerability.


Sources: BD, CISA Advisory

Mitsubishi Electric

Multiple products from Mitsubishi Electric contain vulnerabilities, such as a predictable exact value from previous values vulnerability, which could lead to an attacker hijacking TCP sessions and remote command execution.

Sources: CISA Advisory

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES