Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 14 - 20. Sign up to get these updates right to your inbox!

MAY 18, 2023

Carlo Gavazzi Powersoft

Carlo Gavazzi Powersoft contains a path traversal vulnerability that can allow an attacker to access and retrieve any file from the server.


Sources: CISA, Gavazzi Automation

Mitsubishi Electric MELSEC WS Series

Mitsubishi Electric MELSEC WS Series contains an active debug code vulnerability that can allow an attacker to bypass authentication and log in by connecting to the module via telnet to reset the module.


Sources: CISA, Mitsubishi Electric

Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

Hitachi Energy’s MicroSCADA Pro/X SYS600 Products contains permissions, privileges and access controls vulnerabilities that can allow an attacker to execute arbitrary code on the affected product.


Sources: CISA, Hitachi Energy

Johnson Controls OpenBlue Enterprise Manager Data Collector

Johnson Controls OpenBlue Enterprise Manager Data Collector contains improper authentication and exposure of sensitive information vulnerabilities that can allow an attacker, under certain circumstances, to make application programming interface (API) calls.


Sources: CISA, Johnson Controls

Rockwell Automation FactoryTalk Diagnostics (Update A)

Rockwell Automation FactoryTalk Diagnostics (Update A) contains a deserialization of untrusted data vulnerability that can allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges.


Sources: CISA, Rockwell Automation

MAY 16, 2023

Snap One OvrC Cloud

Snap One OvrC Cloud contains open direct, hidden functionality, improper access control and more vulnerabilities that can allow an attacker to impersonate and claim devices, execute arbitrary code and disclose information about the affected device.


Sources: CISA, Snap One

Rockwell ArmorStart

Rockwell ArmorStart contains an improper input validation vulnerability that can allow a malicious user to view and modify sensitive data or make the web page unavailable.


Sources: CISA, Rockwell Automation

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES