Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 12 - 18. Sign up to get these updates right to your inbox!

JUNE 16, 2022

Hillrom Medical

Hillrom Medical Welch Allyn medical devices contain use of hard-coded password and improper access control vulnerabilities that could lead to an attacker compromising software security by executing commands, gaining privileges, reading sensitive information, evading detection and more.

Sources: Hillrom, CISA

AutomationDirect

CISA released three ICS advisories for AutomationDirect products: DirectLOGIC with Ethernet, DirectLOGIC with Serial Communication and C-more EA9 HMI.

Sources: C-more EA9 HMI, DirectLOGIC with Serial Communication, DirectLOGIC with Ethernet, CISA

Siemens

CISA released 31 ICS advisories for Siemens products due to multiple different vulnerabilities.

Sources: CISA

Cisco

Cisco released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco, CISA

JUNE 14, 2022

Adobe

Adobe released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: CISA, Adobe InCopy, Adobe Bridge

SAP

SAP released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: SAP, CISA

Citrix

Citrix released security updates due to vulnerabilities found in Application Delivery Management that could lead to an attacker gaining control of affected systems.

Sources: Citrix, CISA

Microsoft

Microsoft released security updates due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Microsoft, CISA

Johnson Controls

Johnson Controls Metasys ADS/ADX/OAS servers contain unverified password change and cross-site scripting vulnerabilities that could lead to unauthorized users compromising passwords and injecting malicious code into web interfaces.

Sources: Johnson Controls, CISA

Meridian Cooperative

Meridian contains an improper access control vulnerability that could lead to a disclosure of sensitive information.

Sources: Meridian, CISA

Mitsubishi Electric

Mitsubishi Electric MELSEC-Q/L Series and iQ-R Series contain an improper input validation that could lead to a denial-of-service condition or allow remote code execution.

Sources: Mitsubishi Electric, CISA

JUNE 13, 2022

Drupal

Drupal released security updates due to a third-party vulnerability that may affect contributed projects or custom code on Drupal sites, which could lead to an attacker gaining control of affected websites.


Sources: CISA, Drupal

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES