Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of December 4 - 10. Sign up to get these updates right to your inbox!
IBM Cloud Transformation Advisor contains a cross-site vulnerability that could lead to arbitrary code injection.
Sources: IBM Support, NIST
Advantech iView contains an SQL injection vulnerability that could lead to an attacker gaining credentials.
Sources: Advantech Support, CISA
AVEVA InTouch Access Anywhere contains a relative path traversal vulnerability that could allow an unauthenticated user to read files on the system.
Sources: AVEVA Support, CISA
Rockwell Automation CompactLogix, Compact GuardLogix, ControlLogix and GuardLogix controllers contain an improper input validation vulnerability that could lead to a denial-of-service condition on a targeted device.
Sources: ControlLogix/GuardLogix 5580, CISA, CompactLogix 5380, CompactLogix 5480
TRENDnet Wireless AC Easy-Upgrader TEW-820AP contains a stack overflow vulnerability that could lead to remote code execution.
Sources: Vulnerability Advisory, NIST, TRENDnet Support
CISA added a new vulnerability to its Known Exploited Vulnerabilities Catalog.
