Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 24 - 30. Sign up to get these updates right to your inbox!

JULY 29, 2022

CISA

CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: Known Exploited Vulnerabilities Catalog

JULY 28, 2022

Rockwell Automation

Rockwell's Automation FactoryTalk Software, Enhanced HIM for PowerFlex and Connected Components Workbench contain a type confusion vulnerability.

Sources: Rockwell Automation, CISA

Mitsubishi Electric

Mitsubishi Electric's Multiple Factory Automation Engineering Software products contain permission issues vulnerabilities that could lead to the reading of arbitrary files, cause a denial-of-service condition or execution of a malicious binary.

Sources: Mitsubishi Electric software updates, CISA

Mitsubishi Electric

The Mitsubishi Electric FA Engineering Software contains out-of-bounds read and integer underflow vulnerabilities that could lead to a denial-of-service condition.


Sources: Mitsubishi Electric software updates, CISA

JULY 26, 2022

Inductive Automation

The Induction Automation Ignition platform contains an improper restriction of XML external entity reference vulnerability that could allow an attacker to obtain file contents.

Sources: Inductive Automation Ignition, CISA

Honeywell

The Honeywell Safety Manager contains vulnerabilities that could allow configuration and firmware manipulation or remote code execution.

Sources: Honeywell, CISA

Honeywell

The Honeywell Saia Burgess PG5 PCD contains authentication bypass and use of a broken or risky cryptographic algorithm vulnerabilities that could lead to configuration manipulation.

Sources: Saia Burgess Controls, CISA

MOXA

The MOXA NPort 5110 contains an out-of-bounds write vulnerability that could lead to an attacker changing memory values or causing a device to become unresponsive.

Sources: MOXA support, CISA

Mitsubishi Electric

The Mitsubishi Electric MELSEC and MELIPC Series contain uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation vulnerabilities.

Sources: Mitsubishi Electric advisory, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES