Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 1 - 7. Sign up to get these updates right to your inbox!
May 05, 2022
May 04, 2022
F5
F5 released security advisories on vulnerabilities affecting multiple products that could permit undisclosed requests to bypass the iControl REST authentication in BIG-IP.
Sources:F5,
CISA
Mozilla
Mozilla released security updates for Firefox, Firefox ESR and Thunderbird due to vulnerabilities that could lead to an attacker gaining control of affected systems.
Sources:Firefox,
Firefox ESR,
Thunderbird,
CISA
CISA
CISA added five vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Sources:Known Exploited Vulnerabilities Catalog,
CISA
May 03, 2022
May 02, 2022
IBM
IBM ICP4A – User Management System Component could allow an attacker with physical access to the system to perform unauthorized actions or gain private information due to insufficient validation vulnerabilities.
Sources:IBM,
NIST
Delta Electronics
Delta Electronics DIAEnergie contains a bling SQL injection vulnerability.
Sources:NIST
Java Remote Management
The Java Remote Management Interface of all versions of Orlansoft ERP contains a vulnerability that could lead to an attacker executing arbitrary code.
Sources: