Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 13 - 19. Sign up to get these updates right to your inbox!

NOVEMBER 17, 2022

Red Lion Controls Crimson

Red Lion Controls Crimson contains a path traversal vulnerability that could lead to an attacker obtaining user credential hashes.

Sources: Red Lion Security Updates, CISA

Cradlepoint IBR600

Cradlepoint IBR600 contains a command injection vulnerability that could lead to code execution and native system commands.

Sources: Cradlepoint Release Notes, CISA

CSA about Hive ransomware

CISA, the FBI and the Department of Health and Human Services (HHS) released a joint CSA that explains network defenders tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants.

Sources: CSA Hive Ransomware, CISA

NOVEMBER 16, 2022

CSA compromised federal network

CISA and the FBI published a Joint Cybersecurity Advisory (CSA) that explains how Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in the unpatched VMware Horizon server.

Sources: Joint CSA, CISA

Mozilla Thunderbird 102.5, Firefox ESR 102.5 and Firefox 107

Mozilla Thunderbird 102.5, Firefox ESR 102.5 and Firefox 107 contain vulnerabilities that could lead to user confusion or spoofing attacks.

Sources: Thunderbird, Firefox ESR, Firefox, CISA

Cisco Identity Services Engine

Cisco released security updates for Cisco Identity Services Engine (ISE) due to vulnerabilities found that could lead to private files being accessed.

Sources: Cisco Advisory, CISA

Multiple versions of Samba

Multiple versions of Samba contain vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Samba Security Releases, CISA

NOVEMBER 15, 2022

Mitsubishi Electric GT SoftGOT2000

Mitsubishi Electric GT SoftGOT2000 contains an operating system (OS) command injection that could lead to the execution of malicious OS commands.

Sources: Mitsubishi Electric Advisory, CISA

NOVEMBER 14, 2022

CISA added one vulnerability to its known vulnerability catalog

CISA added one vulnerability to its known vulnerability catalog, a listing of vulnerabilities that are actively being exploited in the wild.

Sources: Known Exploited Vulnerabilities Catalog, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES