Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of February 26 - March 4. Sign up to get these updates right to your inbox!

MARCH 02, 2023

Mitsubishi Electric MELSEC iQ-F Series

Mitsubishi Electric MELSEC iQ-F Series contains a plaintext storage of a password vulnerability that can allow an unauthenticated malicious actor to login to a file transfer protocol (FTP) server.


Sources: CISA, Mitsubishi Electric

Baicells Nova

Baicells Nova contains a command injection vulnerability that can allow commands performed using pre-login execution and with root permissions.


Sources: CISA, Baicells

Rittal CMC III Access systems

Rittal CMC III Access systems contain an improper access control vulnerability that can allow an attacker to open control cabinets secured with Rittal locks.


Sources: CISA, Rittal

Medtronic Micro Clinician and InterStim Apps

Medtronic Micro Clinician and InterStim Apps contain an unverified password change vulnerability that can cause a password to be reset to default, resulting in unauthorized control of the clinician therapy application.


Sources: CISA, Medtronic

Mitsubishi Electric Factory Automation Engineering Products (Update J)

Mitsubishi Electric Factory Automation Engineering Products contain an unquoted search path or element vulnerability that can allow an attacker to obtain unauthorized information, modify information and cause a denial-of-service condition.


Sources: CISA, Mitsubishi Electric

FEBRUARY 28, 2023

Hitachi Energy Gateway Station

Hitachi Energy Gateway Station contains NULL pointer dereference and infinite loop vulnerabilities that can cause affected modules to stop working.


Sources: CISA, Hitachi Energy

Mitsubishi Electric MELSEC iQ-F Series (Update A)

Mitsubishi Electric MELSEC iQ-F Series (Update A) contains an improper input validation vulnerability that could cause a denial-of-service condition by sending specially crafted packets.


Sources: CISA, Mitsubishi Electric

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES