Facebook Twitter Instagram Linkedin Youtube
Subscribe

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of February 12 - 18. Sign up to get these updates right to your inbox!

FEBRUARY 17, 2023

Cisco ClamAV HFS+

Cisco ClamAV HFS+ contains a buffer overflow vulnerability that can allow an unauthenticated remote attacker to execute arbitrary code.


Sources: CISA, CISCO

FEBRUARY 16, 2023

Delta Electronics DIAEnergie (Update B)

Delta Electronics DIAEnergie (Update B) contains cross-site scripting, SQL injection and authorization bypass vulnerabilities that can allow an attacker to inject arbitrary code to retrieve and modify database contents and execute system commands.


Sources: CISA, Delta Electronics

BD Alaris Infusion Central

BD Alaris Infusion Central contains a credentials management errors vulnerability that can lead to gained access to the Alaris Infusion Central database, resulting in disclosure of resident personal data.


Sources: CISA, BD

Sub-IoT DASH 7 Alliance Protocol stack implementation

Sub-IoT DASH 7 Alliance Protocol stack implementation contains an out-of-bounds write vulnerability that can allow an attacker to create an out-of-bounds write condition.


Sources: CISA, Sub-IoT

Siemens SCALANCE X200 IRT

Siemens SCALANCE X200 IRT contains an improper input validation vulnerability that can allow remote attackers to cause a denial-of-service condition.


Sources: CISA, Siemens

Siemens SIMATIC industrial products

Siemens SIMATIC industrial products contain a T=time-of-check time-of-use (TOCTOU) race condition vulnerability that could allow a privileged user to potentially enable escalation of privilege via local access.


Sources: CISA, Siemens

Siemens JT Open, JT Utilities and Parasolid

Siemens JT Open, JT Utilities and Parasolid contain stack-based buffer overflow, improper restriction of operations within the bounds of a memory buffer and out-of-bounds read vulnerabilities that can allow a threat actor to open a JT file with any of the affected products, leading to arbitrary code execution.

Sources: CISA, Siemens

Siemens TIA Project-Server

Siemens TIA Project-server contains an untrusted search path vulnerability that can allow an attacker to escalate privileges when tricking a legitimate user to start the service from an attacker-controlled path.


Sources: CISA, Siemens

Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP

Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP contain an improper input validation vulnerability that could allow an authenticated user to escalate privileges by injecting arbitrary commands executed with root privileges.


Sources: CISA, Siemens CERT

FEBRUARY 14, 2023

Microsoft Office Publisher

Microsoft Office Publisher contains a bypass vulnerability that allows for a local, authenticated attack on a targeted system.

Sources: NIST, Microsoft

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

SUBSCRIBE
VULNERABILITY PULSE
PRODUCTS
RECENT NEWS
HACKS & ATTACKS
RESOURCES

EBOOKS

EXPERT VIDEO SERIES

ONLINE COURSES

WEBCASTS

PODCASTS

Visit our podcast page

HELPFUL LINKS
Copyright 2023 CFE Media and Technology.
All rights reserved.
Facebook Twitter Instagram Linkedin Youtube
Subscribe
Facebook Twitter Instagram Linkedin Youtube