Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 6 - 12. Sign up to get these updates right to your inbox!
LS ELECTRIC PLC and XG5000 contain an inadequate encryption strength vulnerability that could lead to an attacker decrypting credentials and obtaining full access to affected PLCs.
Sources: LS Electric support, CISA
Omron NJ/NX-series Machine Automation Controllers contain an active debug code vulnerability that could lead to an "out of service" state or execution of a malicious program.
Sources: Omron Support, CISA
Delta Electronics DIAEnergy contains cross-site scripting and SQL injection vulnerabilities that could lead to arbitrary code injection.
Sources: Delta Electronics Support, CISA
CISA released 16 Industrial Control Systems Advisories for Siemens on Nov. 10, 2022, due to vulnerabilities found in those products.
Sources: Siemens Support, CISA
CISA and the Multi-State Information Sharing & Analysis Center updated a joint CSA on the Zimbra Collaboration Suite being exploited and added another malware analysis report.
Sources: CISA, Updated CSA
Microsoft released security updates due to vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.
Sources: Microsoft Security Updates, Microsoft Deployment, CISA
VMware Workspace ONE Assist contains vulnerabilities that could lead to an attacker gaining control of affected systems.
Sources: VMware Advisory, CISA
Citrix ADC and Citrix Gateway contain vulnerabilities that could lead to a remote attacker gaining control of affected systems.
Sources: Citrix Updates, CISA
CISA added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog on Nov. 8, 2022.
