Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of February 5 - 11. Sign up to get these updates right to your inbox!

FEBRUARY 10, 2023

Intel Ethernet Diagnostics Driver for Windows

Intel Ethernet Diagnostics Driver for Windows contains an unspecified vulnerability that can lead to a denial-of-service condition.

Sources: NIST, CISA

FEBRUARY 09, 2023

Control by Web X-400, X-600M

Control by Web X-400, X-600M contain cross-site scripting and code injection vulnerabilities that can allow threat actors to inject malicious code remotely.


Sources: CISA, Control by Web

LS ELECTRIC XBC-DN32U

LS ELECTRIC XBC-DN32U contains missing authentication for critical function, improper access control, cleartext transmission of sensitive information and more vulnerabilities that can lead to an attacker stealing programmable logic controller (PLC) information, causing communication issues with a PLC, causing a denial of service condition and more.


Sources: CISA, LS Electric

Johnson Controls System Configuration Tool (SCT)

Johnson Controls System Configuration Tool (SCT) contains sensitive cookie without ‘HttpOnly’ flag and sensitive cookie in HTTPS session without 'secure' attribute vulnerabilities that can allow an attacker access to user cookies and to take control of a session.


Sources: CISA, Johnson Controls

Horner Automation Cscape Envision RV

Horner Automation Cscape Envision RV contains an out of bounds read and out of bounds write vulnerability that can lead to an attacker executing arbitrary code.


Sources: CISA, Horner Automation

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series (Update A) contains cleartext transmission of sensitive information, insufficient verification of data authenticity and plaintext storage of a password vulnerabilities that can lead to a denial-of-service condition and result in remote execution.


Sources: CISA, Omron

ARC Informatique PcVue (Update A)

ARC Informatique PcVue (Update A) contains cleartext storage of sensitive information and insertion of sensitive information into log file vulnerabilities that can lead to unauthorized email access, SIM card access and more to an affected device.


Sources: CISA, PcVue

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES