Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 16 - 22. Sign up to get these updates right to your inbox!

APRIL 21, 2023

PaperCut MF/NG

PaperCut MF/NG contains an improper access control vulnerability that can allow an authentication bypass and code execution in the context of a system.

Sources: CISA, NIST

MinIO

MinIO contains an information disclosure vulnerability that can lead to the disclosure of sensitive data and information.

Sources: CISA, NIST

Drupal Core

Drupal Core contains an access bypass vulnerability that can allow an attacker to take control of an affected system.

Sources: CISA, Drupal

APRIL 20, 2023

INEA ME RTU

INEA ME RTU contains an OS command injection vulnerability that can allow remote code execution.


Sources: CISA, INEA

APRIL 18, 2023

Omron CS/CJ Series

Omron CS/CJ Series contains a missing authentication for critical function vulnerability that can allow an attacker to access sensitive information in the file system and memory.


Sources: CISA, Omron

Schneider Electric Easy UPS Online Monitoring Software

Schneider Electric Easy UPS online monitoring software contains missing authentication for critical function and improper handling of case sensitivity vulnerabilities that can result in remote code execution, escalation of privileges or authentication bypass.


Sources: CISA, Schneider Electric

Mitsubishi Electric MELSEC iQ-F, iQ-R Series 

Mitsubishi Electric MELSEC iQ-F, iQ-R Series contains a predictable seed in pseudo-random number generator vulnerability that can allow an attacker to access the WEB server function by guessing the random numbers used for authentication.


Sources: CISA, Mitsubishi Electric

Omron PLC CJ and CS Series

Omron PLC CJ and CS Series contains authentication bypass by spoofing, authentication bypass by capture-replay and unrestricted externally accessible lock vulnerabilities that can allow an attacker to pose as an authorized user to obtain the status information of the PLC.


Sources: CISA, Omron

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES