Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 16 - 22. Sign up to get these updates right to your inbox!
Cisco released security updates for Cisco Identity Services Engine (ISE) due to vulnerabilities found that could lead to an attacker gaining control of affected systems.
Sources: Cisco Advisories, CISA
Bentley Systems MicroStation Connect contains stack-based buffer overflow and out-of-bounds read vulnerabilities that could lead to the device crashing or allow remote arbitrary code execution.
Sources: Bentley Support, CISA
B. Braun Infusomat Space Large Volume Pump contains unrestricted upload of file with dangerous type, cleartext transmission of sensitive information, missing authentication for critical function, insufficient verification of data authenticity and improper input validation vulnerabilities.
Sources: B. Braun Advisory, CISA
B. Braun SpaceCom, Battery Pack SP with Wi-Fi and Data module compactplus contains cross-site scripting, open redirect, XPath injection, session fixation, use of a one-way hash without a salt, relative path traversal, improper verification of cryptographic signature, improper privilege management, use of hard-coded credentials, and active debug code and improper access control vulnerabilities.
Sources: B. Braun Advisory, CISA
Mozilla released updates due to vulnerabilities found in Firefox ESR and Firefox that could lead to a denial-of-service condition.
Sources: Firefox ESR, Firefox, CISA
Oracle released its critical patch update for October that addresses 366 vulnerabilities that could lead to an attacker gaining control of affected systems.
Sources: Oracle Patch Update, CISA
Advantech R-SeeNet contains path traversal and stack-based buffer overflow vulnerabilities that could lead to an attacker remotely deleting files or remote code execution.
Sources: CISA
Hitachi Energy Transformer Asset Performance Management (APM) Edge contains a reliance on uncontrolled component vulnerability that could lead to the product becoming inaccessible.
Sources: Hitachi Energy Advisory, CISA
Advantech R-SeeNet contains path traversal and stack-based overflow vulnerabilities that could lead to an attacker remotely deleting files or remote code execution.
Sources: CISA
