Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 11 - 17. Sign up to get these updates right to your inbox!

SEPTEMBER 15, 2022

Siemens Mobility CoreShield OWG Software

Siemens Mobility CoreShield OWG Software contains an improper access control vulnerability that could lead to local escalation of privileges to the local administrator.

Sources: Siemens Support, CISA

Siemens Simcenter Femap and Parasolid

Siemens Simcenter Femap and Parasolid contain multiple file parsing vulnerabilities that could lead to remote code execution.

Sources: Siemens Security Page, CISA

Siemens Simcenter Femap and Parasolid

Siemens Simcenter Femap and Parasolid contain an out-of-bounds read vulnerability that could lead to remote code execution.

Sources: Siemens Support, CISA

Siemens SIMATIC and SINUMERIK

Siemens SIMATIC and SINUMERIK contain a missing encryption of sensitive data vulnerability that could lead to unauthorized access to sensitive data, privilege escalation or configuration change.

Sources: Siemens Advisory, CISA

Siemens OpenSSL affected industrial products

Siemens OpenSSL-affected industrial products contain an infinite loop vulnerability that could lead to a denial-of-service condition.

Sources: Siemens Advisory, CISA

Siemens SCALANCE

Siemens SCALANCE contains improper neutralization of special elements in output used by a downstream component, allocation of resources without limits or throttling, and basic cross-site scripting vulnerabilities that could lead to custom code execution or a denial-of-service condition.

Sources: Siemens Advisory, CISA

Siemens RUGGEDCOM ROS

Siemens RUGGEDCOM ROS contains an uncontrolled resource consumption vulnerability that could lead to a denial-of-service condition.

Sources: Siemens Advisories, CISA

SEPTEMBER 14, 2022

Joint CSA

CISA, FBI, NSA, U.S. Cyber Command (USCC) - Cyber National Mission Force (CNMF), Department of the Treasury, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), and United Kingdom’s National Cyber Security Centre (NCSC) have released a joint CSA about Iranian Islamic Revolutionary Guard Corps affiliated cyber actors that are exploiting vulnerabilities.

Sources: CSA, CISA

SEPTEMBER 13, 2022

Apple Safari, iOS, macOS Monterey and more

Apple released security updates due to multiple vulnerabilities found in products, such as Safari, iOS, macOS Monterey, macOS Big Sur and iPadOS that could lead to an attacker gaining control of affected systems.

Sources: Apple Support, CISA

Hitachi Energy TXpert Hub CoreTec 4

The Hitachi Energy TXpert Hub CoreTec 4 contains an off-by-one error vulnerability that could lead to an attacker gaining control of the system node and its information.

Sources: Hitachi Security Advisory, CISA

Honeywell SoftMaster

Honeywell SoftMaster contains uncontrolled search path element and incorrect permission assignment for critical resource vulnerabilities that could lead to code execution.

Sources: Honeywell Support, CISA

Delta Industrial Automation DIAEnergie

Delta Industrial Automation DIAEnergie contains a use of hard-coded credentials vulnerability that could lead to remote code execution.

Sources: CISA

Kingspan TMS300 CS

Kingspan TMS300 CS contains an improper authentication vulnerability that could lead to an attacker viewing and modifying application settings without authenticating.

Sources: Kingspan Support, CISA

Paradox IP150

Paradox IP150 contains stack-based buffer overflow and classic buffer overflow vulnerabilities that could lead to remote arbitrary code execution.

Sources: CISA

Microsoft software

Microsoft released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Security Update Guide, Security Deployment Information, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES