Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 26 - June 1. Sign up to get these updates right to your inbox!

MAY 30, 2024

LenelS2 NetBox

LenelS2 NetBox contains use of hard-coded password, OS command injection and argument injection vulnerabilities that can allow an attacker to bypass authentication and execute malicious commands with elevated permissions.


Sources: CISA, Carrier

Fuji Electric Monitouch V-SFT

Fuji Electric Monitouch V-SFT contains out-of-bounds write and stack-based buffer overflow vulnerabilities that can allow an attacker to execute arbitrary code.


Sources: CISA, Fuji Electric

Inosoft VisiWin

Inosoft VisiWin contains incorrect default permissions vulnerabilities that can allow an attacker to gain system privileges.


Sources: CISA, Inosoft

Westermo EDW-100

Westermo EDW-100 contains use of hard-coded password and insufficiently protected credentials vulnerabilities that can allow an attacker to access the device using hardcoded credentials and download cleartext username and passwords.


Sources: CISA, Westermo

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C) contains an improper resource shutdown or release vulnerability that can allow a remote attacker to cause a denial-of-service condition in the module's ethernet communication.


Sources: CISA, Mitsubishi Electric

Baxter Welch Allyn Configuration Tool

Baxter Welch Allyn Configuration Tool contains an insufficiently protected credentials vulnerability that can lead to the unintended exposure of credentials to unauthorized users.


Sources: CISA, Baxter

Baxter Welch Allyn Connex Spot Monitor

Baxter Welch Allyn Connex Spot Monitor contains a use of default cryptographic key vulnerability that can allow an attacker to modify device configuration and firmware data. Tampering with this data could lead to device compromise, resulting in impact and/or delay in patient care.


Sources: CISA, Baxter

MAY 28, 2024

Campbell Scientific CSI Web Server

Campbell Scientific CSI Web Server contains a path traversal and weak encoding for password vulnerability that can allow an attacker to download files and decode stored passwords.


Sources: CISA, Campbell Scientific

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES