Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 17 - 23. Sign up to get these updates right to your inbox!
Atlassian released a security advisory due to a vulnerability affecting Questions for Confluence App that could allow an attacker steal sensitive information.
Sources: Atlassian, CISA
The Mitsubishi Electric MC Works64 and the ICONICS Product Suite contain path traversal, deserialization of untrusted data, inclusion of functionality from untrusted control sphere and out-of-bounds read vulnerabilities.
Sources: ICONICS Suite, MC Works64, CISA
The AutomationDirect Stride Field I/O contains a cleartext transmission of sensitive information vulnerability.
Sources: AutomationDirect software downloads, CISA
The Rockwell Automation ISaGRAF contains an improper restriction of XML external entity reference vulnerability.
Sources: Rockwell Automation, CISA
Google released security updates for Chrome due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources: Google Chrome, CISA
ABB Drive Composer, Automation Builder and Mint Workbench contain improper privilege management vulnerabilities.
Sources: ABB Drive Composer, ABB Automation Builder, ABB Mint Workbench, CISA
The Johnson Controls, Inc Metasys ADS, ADX, OAS with MUI contain missing authentication for critical function vulnerabilities.
Sources: Johnson Controls, CISA
The Rockwell ISaGRAF Workbench contains deserialization of untrusted data and path traversal vulnerabilities.
Sources: Rockwell Automation, CISA
The MiCODUS MV720 GPS tracker contains use of hard-coded credentials, improper authentication, cross-site scripting and authorization bypass through user-controlled key.
Sources: CISA
