Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 11 - 17. Sign up to get these updates right to your inbox!

AUGUST 13, 2024

AVEVA SuiteLink Server contains an allocation of resources without limits or throttling vulnerability that could allow an attacker to cause the server to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host.


Sources: CISA, AVEVA

Rockwell Automation AADvance Standalone OPC-DA Server

Rockwell Automation AADvance Standalone OPC-DA Server contains improper input validation and use of externally controlled format string vulnerabilities that could allow an attacker to execute arbitrary code in the affected product.


Sources: CISA

Rockwell Automation GuardLogix/ControlLogix 5580 Controller

Rockwell Automation GuardLogix/ControlLogix 5580 Controller contains an improper check for unusual or exceptional conditions vulnerability that could allow an attacker to perform a denial-of-service on the device.


Sources: CISA

Rockwell Automation Pavilion8

Rockwell Automation Pavilion8 contains a missing encryption of sensitive data vulnerability that could allow an attacker to view sensitive data due to a lack of encryption.


Sources: CISA

Rockwell Automation DataMosaix Private Cloud

Rockwell Automation DataMosaix Private Cloud contains an improper authentication vulnerability that could allow an attacker to generate cookies for a user ID without the use of a username or password, resulting in the malicious actor to take over the account.


Sources: CISA

Rockwell Automation FactoryTalk View Site Edition

Rockwell Automation FactoryTalk View Site Edition contains an incorrect permission assignment for critical resource vulnerability that could allow any user to edit or replace files, which are executed by account with elevated permissions.


Sources: CISA, Rockwell

Rockwell Automation Micro850/870

Rockwell Automation Micro850/870 contains an uncontrolled resource consumption vulnerability that may cause CIP/Modbus communication to be disrupted for short duration.


Sources: CISA, Rockwell

Ocean Data Systems Dream Report

Ocean Data Systems Dream Report contains path traversal and incorrect permission assignment for critical resource vulnerabilities that could allow an attacker to perform remote code execution or escalate their privileges and cause a denial-of-service condition.


Sources: CISA, Ocean Data Systems

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES