Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 12 - 18. Sign up to get these updates right to your inbox!
June 16, 2022
Cisco
Cisco released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources:Cisco,
CISA
Siemens
CISA released 31 ICS advisories for Siemens products due to multiple different vulnerabilities.
Sources:CISA
AutomationDirect
CISA released three ICS advisories for AutomationDirect products: DirectLOGIC with Ethernet, DirectLOGIC with Serial Communication and C-more EA9 HMI.
Sources:C-more EA9 HMI,
DirectLOGIC with Serial Communication,
DirectLOGIC with Ethernet,
CISA
Hillrom Medical
Hillrom Medical Welch Allyn medical devices contain use of hard-coded password and improper access control vulnerabilities that could lead to an attacker compromising software security by executing commands, gaining privileges, reading sensitive information, evading detection…
Sources:Hillrom,
CISA
June 14, 2022
Mitsubishi Electric
Mitsubishi Electric MELSEC-Q/L Series and iQ-R Series contain an improper input validation that could lead to a denial-of-service condition or allow remote code execution.
Sources:Mitsubishi Electric,
CISA
Meridian Cooperative
Meridian contains an improper access control vulnerability that could lead to a disclosure of sensitive information.
Sources:Meridian,
CISA
Johnson Controls
Johnson Controls Metasys ADS/ADX/OAS servers contain unverified password change and cross-site scripting vulnerabilities that could lead to unauthorized users compromising passwords and injecting malicious code into web interfaces.
Sources:Johnson Controls,
CISA
Microsoft
Microsoft released security updates due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources:Microsoft,
CISA
Citrix
Citrix released security updates due to vulnerabilities found in Application Delivery Management that could lead to an attacker gaining control of affected systems.
Sources:Citrix,
CISA
SAP
SAP released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources:SAP,
CISA
Adobe
Adobe released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources: