Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 30 - November 5. Sign up to get these updates right to your inbox!

NOVEMBER 03, 2022

Multiple Cisco products

Cisco released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco Advisories, CISA

Apple Xcode

Apple released a security update for Xcode due to vulnerabilities found that could lead to a remote attacker gain control of affected systems.

Sources: Xcode Update, CISA

ETIC Telecom Remote Access Server (RAS)

ETIC Telecom Remote Access Server (RAS) contains insufficient verification of data authenticity, path traversal and unrestricted upload of file with dangerous type vulnerabilities that could lead to an attacker gaining sensitive information and compromise devices and other connected systems.

Sources: ETIC Telecom RAS, CISA

Nokia ASIK AirScale 5G Common System Module

Nokia ASIK AirScale 5G Common System Module contains improper access control for volatile memory containing boot code, and assumed-immutable data is stored in writable memory. These vulnerabilities could lead to malicious kernel execution, arbitrary malicious programs or modified Nokia programs.

Sources: Nokia, CISA

Delta Industrial Automation DIALink contains a path traversal vulnerability that could lead to malicious code execution.

Sources: Delta Industrial Automation Support, CISA

NOVEMBER 01, 2022

OpenSSL security update

OpenSSL released a security update due to two vulnerabilities found that could lead to a denial-of-service condition or remote code execution.

Sources: OpenSSL Advisory, CISA

Mitsubishi Electric GOT2000-compatible HMI software and more

Mitsubishi Electric GOT2000-compatible HMI software, CC-Link IE TSN Industrial Managed Switch and MELSEC iQ-R Series OPC UA Server Module contain infinite loop and OS command injection vulnerabilities that could lead to a denial-of-service condition or enable arbitrary code execution.

Sources: Mitsubishi Electric Advisory, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES