Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 27 - December 3. Sign up to get these updates right to your inbox!

DECEMBER 01, 2022

Mitsubishi Electric MELSEC iQ-R Series

Mitsubishi Electric MELSEC iQ-R Series contains an improper input validation vulnerability that could allow a remote unauthenticated attacker to cause a denial-of-service condition on a target product by sending specially crafted packets.

Sources: Mitsubishi Electric Advisory, CISA

Horner Automation Remote Compact Controller (RCC) 972

Horner Automation Remote Compact Controller (RCC) 972 contains inadequate encryption strength, use of hard-coded cryptographic key and excessive reliance on global variables vulnerabilities that could lead to an attacker gaining complete control of affected devices.

Sources: Horner Automation Update, CISA

BD BodyGuard Pumps

BD BodyGuard Pumps contain a missing protection mechanism for alternate hardware interface vulnerability that could lead to an attacker changing configuration settings or disabling the pump.

Sources: BD Advisory, CISA

NOVEMBER 29, 2022

Mitsubishi Electric GOT2000 Series

Mitsubishi Electric GOT2000 Series contains an improper input validation vulnerability that could lead to a denial-of-service condition.

Sources: Mitsubishi Electric Advisory, CISA

Hitachi Energy PCM600

Hitachi Energy PCM600 contains a cleartext storage of sensitive information vulnerability that could lead to an attacker gaining sensitive credentials and having access to the affected products, performing unauthorized modifications or causing a denial-of-service condition.

Sources: Hitachi Energy Advisory, CISA

Hitachi Energy MicroSCADA X SYS600 and MicroSCADA ProHitachi Energy

Hitachi Energy MicroSCADA X SYS600 and MicroSCADA ProHitachi Energy contain an improper input validation vulnerability that could allow an unauthorized user to execute administrator level scripts.

Sources: Hitachi Energy Advisory, CISA

Moxa UC Series

The Moxa UC Series contains an improper physical access control vulnerability that could allow an attacker with physical access to take full control of the device using the console port.

Sources: Moxa Support, CISA

Mitsubishi Electric GX Works3 and MX OPC UA Module Configurator-RMitsubishi Electric

Mitsubishi Electric GX Works3 and MX OPC UA Module Configurator-RMitsubishi Electric contain cleartext storage of sensitive information, use of hard-coded password, insufficiently protected credentials, use of hard-coded cryptographic key and cleartext storage of sensitive information in memory vulnerabilities that could lead to unauthorized users obtaining access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs.

Sources: Mitsubishi Electric Updates, CISA

Mitsubishi Electric MELSEC and MELIPC Series

Mitsubishi Electric MELSEC and MELIPC Series contain uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation vulnerabilities that could lead to a denial-of-service condition.

Sources: Mitsubishi Electric Advisory, CISA

Omron PLC CJ and CS Series

Omron PLC CJ and CS Series contain authentication bypass by spoofing, authentication bypass by capture-replay and unrestricted externally accessible lock vulnerabilities that could lead to an attacker gaining the status information of a PLC.

Sources: Omron Advisory, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES