Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 23 - 29. Sign up to get these updates right to your inbox!

OCTOBER 28, 2022

VMware Cloud Foundation

VMware released security updates due to vulnerabilities found in VMware Cloud Foundation that could lead to an attacker gaining control of affected systems.

Sources: VMware Advisory, CISA

OCTOBER 27, 2022

Rockwell Automation FactoryTalk Alarm and Events Server

Rockwell Automation FactoryTalk Alarm and Events Server contains an improper access control vulnerability that could lead to a denial-of-service condition.

Sources: Rockwell Automation Advisory, CISA

SAUTER Controls moduWeb

SAUTER Controls moduWeb contains a cross-site scripting vulnerability that could lead to sensitive information being stolen.

Sources: SAUTER Support, CISA

Rockwell Automation Stratix Devices

Rockwell Automation Stratix Devices contain multiple vulnerabilities that could lead to a denial-of-service condition and remote code execution.

Sources: Stratix 5800, CISA

Trihedral VTScada

Trihedral VTScada contains an improper input validation vulnerability that could lead to a denial-of-service condition.

Sources: Trihedral Support, CISA

OCTOBER 26, 2022

Apple Safari, iOS, iPadOS and more

Apple released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Apple Security Updates, CISA

Versions of Samba

Versions of Samba contain vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: CISA

OCTOBER 25, 2022

AliveCor KardiaMobile

AliveCor KardiaMobile contains authentication bypass by assumed-immutable data and missing encryption of sensitive data vulnerabilities that could lead to a denial-of-service attack.

Sources: CISA

Haas Automation Inc. Haas Controller

Haas Automation Inc. Haas Controller contains missing authentication for critical function, insufficient granularity of access control and cleartext transmission of sensitive information vulnerabilities that could lead to a denial-of-service of the production line, damage the tools used in the production line and a remote code execution.

Sources: CISA

HEIDENHAIN TNC 640 controlling a HARTFORD 5A-65E CNC machine

HEIDENHAIN TNC 640 controlling a HARTFORD 5A-65E CNC machine contains an improper authentication vulnerability that could lead to loss of sensitive data, manipulation of information and denial-of-service.

Sources: CISA

Siemens Siveillance Video 2022 R2

Siemens Siveillance Video 2022 R2 contains a weak authentication vulnerability that could lead to an unauthenticated remote attacker accessing the application without a valid account.

Sources: Siemens Update, CISA

Hitachi Energy DMS600

Hitachi Energy DMS600 contains a reliance on uncontrolled component vulnerability that could lead to an attacker obtaining unauthorized access to information.

Sources: Hitachi Energy Advisory, CISA

Johnson Controls CKS CEVAS

Johnson Controls CKS CEVAS contains a cross-site scripting vulnerability that could allow a user to bypass authentication and obtain data with specially crafted SQL queries.

Sources: Johnson Controls Product Advisory, CISA

Delta Electronics DIAEnergie

Delta Electronics DIAEnergie contains cross-site scripting and SQL injection vulnerabilities that could lead to arbitrary code injection that allows an attacker to obtain and edit database contents and execute system commands.

Sources: CISA

Delta Electronics InfraSuite Device Master

Delta Electronics InfraSuite Device Master contains deserialization of untrusted data, path traversal and missing authentication for critical function vulnerabilities that could lead to remote code execution, denial-of-service condition or remote read and write, all with local administrator privileges.

Sources: CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES