Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 7 - 13. Sign up to get these updates right to your inbox!

AUGUST 11, 2022


Cisco released a security update for the Adaptive Security Appliance Software and Firepower Threat Defense Software due to a vulnerability that could lead to an attacker gaining sensitive information.

Sources: Cisco advisory, CISA

Zeppelin ransomware

CISA and the FBI released a joint CSA (cybersecurity advisory) sharing information about Zeppelin ransomware.

Sources: Joint CSA, CISA


CISA released 25 Industrial Control Systems Advisories for different Siemens products due to vulnerabilities found.

Sources: CISA

Schneider Electric

Schneider Electric EcoStruxure, EcoStruxure Process Expert and SCADAPack RemoteConnect for x70 contain heap-based buffer overflow, wrap or wraparound, classic buffer overflow and out-of-bounds write vulnerabilities.

Sources: EcoStruxure Control Expert, CISA, EcoStruxure Process Expert, SCADAPack RemoteConnect


Baxter Sigma Spectrum Infusion Pumps contain use of hard-coded password, cleartext transmission of sensitive data, incorrect permission assignment for critical resource and operation on a resource after expiration or release vulnerabilities.

Sources: Baxter security bulletin, CISA

AUGUST 10, 2022

Palo Alto Networks

Palo Alto Networks released a security update for PAN-OS firewall configurations due to a vulnerability found that could lead to a denial-of-service.

Sources: Palo Alto Networks security advisory, CISA

AUGUST 09, 2022


The Emerson ControlWave contains an insufficient verification of data authenticity vulnerability that could lead to file manipulation, remote code execution or denial-of-service.

Sources: Emerson Support, CISA


Emerson OpenBSI contains use of broken or risky cryptographic algorithm and use of hard-coded cryptographic key vulnerabilities that could lead to remote code execution, change controller configuration or cause a denial-of-service condition.

Sources: OpenBSI Utilities Manual, CISA

Mitsubishi Electric

Mitsubishi Electric GT SoftGOT2000 contains an infinite loop vulnerability and an OS command injection vulnerability that could lead to a denial-of-service condition or enable arbitrary code execution.

Sources: Mitsubishi Electric’s security advisory, CISA


VMware released security updates for vRealize Operations due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: VMware, CISA


Microsoft released security updates due to multiple vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.

Sources: Microsoft security updates, CISA


Adobe released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Adobe Commerce, Adobe Acrobat and Reader, Illustrator, FrameMaker, Premiere Elements, CISA




Keep your finger on the pulse of top industry news