Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 17 - 23. Sign up to get these updates right to your inbox!
The FBI released a flash report stating indicators of compromise (IOCs) linked with BlackCat/ALPHV, which is a ransomware-as-a-service that has compromised at least 60 entities worldwide.
Sources: FBI flash report, CISA
Johnson Controls' Metasys contains a server-side request forgery vulnerability.
Sources: Johnson Controls, CISA
Delta Electronics' ASDA-Soft contains out-of-bounds write and out-of-bounds read vulnerabilities.
Sources: Delta Electronics, CISA
Cybersecurity authorities of the U.S., Australia, Canada, New Zealand and the U.K. released a joint cybersecurity advisory to caution organizations that Russia's invasion of Ukraine could increase malicious cyber activity.
Sources: CISA alert (AA22-110A), CISA
CISA added three vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Sources: CISA
Elcomplus' SmartPPT SCADA server contains multiple vulnerabilities, such as cross-site scripting, unauthorized exposure to sensitive information, path traversal and more.
Sources: Elcomplus support, CISA
The Automated Logic WebCtrl server contains an open redirect vulnerability.
Sources: Automated Logic, CISA
The Interlogix Hills ComNav contains improper restriction of excessive authentication attempts and inadequate encryption strength vulnerabilties.
Sources: Carrier Global Corporation, CISA
