Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of February 11 - 17. Sign up to get these updates right to your inbox!

FEBRUARY 15, 2024

Siemens SCALANCE W1750D

Siemens SCALANCE W1750D contains classic buffer overflow, improper input validation and command injection vulnerabilities that can allow an attacker to inject commands or exploit buffer overflow vulnerabilities, which could lead to sensitive information disclosure, unauthenticated denial-of-service or unauthenticated remote code execution.


Sources: CISA, Siemens

Siemens Unicam FX

Siemens Unicam FX contains an incorrect use of privileged APIs vulnerability that can allow an attacker to gain SYSTEM privileges.


Sources: CISA, Siemens

Rockwell Automation FactoryTalk Service Platform

Rockwell Automation FactoryTalk Service Platform contains an incorrect execution-assigned permissions vulnerability that can allow malicious users with basic user group privileges to receive administrator group privileges.


Sources: CISA, Rockwell Automation

Siemens SINEC NMS

Siemens SINEC NMS contains out-of-bounds read, inadequate encryption strength, double free and more vulnerabilities that can result in a information dislosure, authentication bypass, unauthorized modification, arbitrary code execution or denial of service.


Sources: CISA, Siemens

Siemens Polarion ALM

Siemens Polarion ALM contains incorrect default permissions and improper authentication vulnerabilities that can allow unauthenticated access or privilege escalation.


Sources: CISA, Siemens

Siemens SCALANCE XCM-/XRM-300

Siemens SCALANCE XCM-/XRM-300 contains incorrect comparison, out-of-bounds read, incorrect default permissions and more vulnerabilities that can affect confidentiality, integrity or system availability.


Sources: CISA, Siemens

FEBRUARY 13, 2024

Mitsubishi Electric MELSEC iQ-R Series Safety CPU

Mitsubishi Electric MELSEC iQ-R Series Safety CPU contains an incorrect privilege assignment vulnerability that can allow a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than themselves.


Sources: CISA, Mitsubishi Electric

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES