Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 24 - 30. Sign up to get these updates right to your inbox!
CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Rockwell's Automation FactoryTalk Software, Enhanced HIM for PowerFlex and Connected Components Workbench contain a type confusion vulnerability.
Sources: Rockwell Automation, CISA
Mitsubishi Electric's Multiple Factory Automation Engineering Software products contain permission issues vulnerabilities that could lead to the reading of arbitrary files, cause a denial-of-service condition or execution of a malicious binary.
The Mitsubishi Electric FA Engineering Software contains out-of-bounds read and integer underflow vulnerabilities that could lead to a denial-of-service condition.
The Induction Automation Ignition platform contains an improper restriction of XML external entity reference vulnerability that could allow an attacker to obtain file contents.
Sources: Inductive Automation Ignition, CISA
The Honeywell Safety Manager contains vulnerabilities that could allow configuration and firmware manipulation or remote code execution.
Sources: Honeywell, CISA
The Honeywell Saia Burgess PG5 PCD contains authentication bypass and use of a broken or risky cryptographic algorithm vulnerabilities that could lead to configuration manipulation.
Sources: Saia Burgess Controls, CISA
The MOXA NPort 5110 contains an out-of-bounds write vulnerability that could lead to an attacker changing memory values or causing a device to become unresponsive.
Sources: MOXA support, CISA
The Mitsubishi Electric MELSEC and MELIPC Series contain uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation vulnerabilities.
Sources: Mitsubishi Electric advisory, CISA
