Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 4 - 10. Sign up to get these updates right to your inbox!

SEPTEMBER 08, 2022

MZ Automation GmbH libIEC61850

The MZ Automation GmbH libIEC61850 contains buffer overflow, access of resource using incompatible type and NULL pointer dereference vulnerabilities that could lead to remote code execution.

Sources: MZ Automation, CISA

PTC Kepware KEPServerEX

PTC Kepware KEPServerEX contains heap-based buffer overflow and stack-based buffer overflow vulnerabilities that could lead to remote arbitrary code execution.

Sources: PTC Kepware Upgrade, CISA

Baxter Sigma Spectrum Infusion Pump

The Baxter Sigma Spectrum Infusion Pump contains missing encryption of sensitive data, use of externally controlled format string and missing authentication for critical function vulnerabilities that could lead to access to sensitive data and alteration of system configuration.

Sources: Baxter Security Bulletin, CISA

Hillrom Welch Allyn medical device management tools

The Hillrom Welch Allyn medical device management tools contain out-of-bounds write and out-of-bunds read vulnerabilities that could lead to memory corruption and remote arbitrary code execution.

Sources: Hillrom, CISA

Cisco SD-WAN vManage Software

Cisco released security updates for multiple Cisco products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco, CISA

CISA adds 12 vulnerabilities to catalog

CISA added 12 vulnerabilities to its Known Exploited Vulnerabilities catalog.

Sources: Known Exploited Vulnerabilities Catalog, CISA Alert

SEPTEMBER 06, 2022

Triangle Microworks Libraries

Triangle Microworks TMW IEC 61850 Software Library and TMW IEC 60870-6 (ICCP/TASE.2) Software Library contain an access of uninitialized pointer vulnerability that could lead to a denial-of-service condition.

Sources: CISA

AVEVA Edge 2020 R2 SP1

AVEVA Edge 2020 R2 SP1 and all prior versions contain insufficient UI warning of dangerous operations, uncontrolled search path element, deserialization of untrusted data and improper restriction of XML external entity reference vulnerabilities that could lead to arbitrary code execution, information disclosure or a denial-of-service condition.


Sources: AVEVA, CISA

Cognex 3D-A1000 Dimensioning System

Cognex 3D-A1000 Dimensioning System contains missing authentication for critical function, improper output neutralization for logs and client-side enforcement of server-side security vulnerabilities that could lead to unauthorized password changes, escalation of privileges, falsifying of password logs and bypassing of web access controls.

Sources: Cognex Support, CISA

Hitachi Energy TXpert Hub CoreTec 4

The Hitachi Energy TXpert Hub CoreTec 4 contains authentication bypass using an alternate path or channel, improper input validation and download of code without integrity check vulnerabilities.


Sources: Hitachi Energy Security Advisory, CISA

Delta Electronics DOPSoft 2

Delta Electronics DOPSoft 2 contains stack-based buffer overflow, out-of-bounds write and heap-based buffer overflow vulnerabilities that could lead to arbitrary code execution.

Sources: Delta Electronics, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES