Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of January 22 - 28. Sign up to get these updates right to your inbox!
Delta Electronics CNCSoft ScreenEditor contains a stack-based buffer overflow vulnerability that could lead to a buffer overflow condition, allowing remote code execution.
Sources: CISA, Delta Electronics
Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers contain an active debug code vulnerability that could lead to an attacker gaining unauthorized access to a robot controller.
Sources: CISA, Mitsubishi Electric
Rockwell Automation products using GoAhead Web Server contain infinite loop and use after free vulnerabilities that can lead to a high impact on confidentiality, integrity and availability of the vulnerable devices.
Sources: CISA, Rockewell Automation
Mitsubishi Electric MELSEC iQ-F and iQ-R Series contain a predictable seed in pseudo-random number generator vulnerability that can lead to web server function access by guessing random numbers for authentication.
Sources: CISA, Mitsubishi Electric
Sierra Wireless AirLink Router with ALEOS Software contains improper neutralization of argument delimiters in a command and exposure of sensitive information to an unauthorized actor vulnerabilities that can lead to a loss of sensitive information and remote code execution.
Sources: CISA, Sierra Wireless
Landis+Gyr E850 contains a reliance on cookies without validation and integrity vulnerability that could cause a denial-of-service condition for the end user that the cookie was modified for.
Sources: CISA, Landis+Gyr
