Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 12 - 18. Sign up to get these updates right to your inbox!
Hillrom Medical Welch Allyn medical devices contain use of hard-coded password and improper access control vulnerabilities that could lead to an attacker compromising software security by executing commands, gaining privileges, reading sensitive information, evading detection and more.
CISA released three ICS advisories for AutomationDirect products: DirectLOGIC with Ethernet, DirectLOGIC with Serial Communication and C-more EA9 HMI.
Sources: C-more EA9 HMI, DirectLOGIC with Serial Communication, DirectLOGIC with Ethernet, CISA
CISA released 31 ICS advisories for Siemens products due to multiple different vulnerabilities.
Sources: CISA
Adobe released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources: CISA, Adobe InCopy, Adobe Bridge
Microsoft released security updates due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources: Microsoft, CISA
Johnson Controls Metasys ADS/ADX/OAS servers contain unverified password change and cross-site scripting vulnerabilities that could lead to unauthorized users compromising passwords and injecting malicious code into web interfaces.
Sources: Johnson Controls, CISA
Mitsubishi Electric MELSEC-Q/L Series and iQ-R Series contain an improper input validation that could lead to a denial-of-service condition or allow remote code execution.
Sources: Mitsubishi Electric, CISA
