Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 10 - 16. Sign up to get these updates right to your inbox!
Aruba released patches for versions of the Aruba ClearPass Policy Manager that have a remote authentication bypass vulnerability.
Sources: arubanetworks.com
Versions 9.0.3 and before of Advantech WebAccess SCADA can allow an authenticated user to use API functions to reveal project names and paths from other users.
Sources: us-cert.cisa.gov
Tuleap Open ALM versions before 11.16.99.173 of the Community Edition and versions 11.16-6 and 11.15-8 of the Enterprise Edition contain a vulnerability that would allow an attacker with admin rights to execute arbitrary SQL queries.
Sources: github.com
CISA, the FBI, the EPA and the NDA released a joint cybersecurity advisory (CSA) that explains ongoing cyber threats and vulnerabilities to the U.S. water and wastewater systems (WWS) sector.
Sources: us-cert.cisa.gov
Juniper Networks released security updates for multiple products to address vulnerabilities that would allow an attacker to take control of an affected system.
Sources: kb.juniper.net
Microsoft released security updates to address multiple vulnerabilities that would lead an attacker to take control of affected systems.
Sources: msrc.microsoft.com
Apple released a security update to address CVE-2021-30883 that has been found in multiple products, which would allow an attacker to take control of an affected system.
Sources: support.apple.com
Due to vulnerabilities that would allow an attacker to take control of an affected system, Adobe released security updates for multiple products such as Acrobat and Reader, Connect, Reader Mobile, ops-cli, Commerce and Campaign Standard.
Sources: helpx.adobe.com
Due to vulnerabilities that would allow an attacker to take control of an affected system, Google has released security updates for Chrome for Windows, Mac and Linux.
Sources: chromereleases.googleblog.com
