Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 10 - 16. Sign up to get these updates right to your inbox!

SEPTEMBER 14, 2023

Siemens SIMATIC, SIPLUS Products

Siemens SIMATIC, SIPLUS Products contain an integer overflow or wraparound vulnerability that can allow an unauthenticated remote attacker to create a denial-of-service condition by sending a specially crafted certificate.


Sources: CISA, Siemens

Siemens Parasolid

Siemens Parasolid contains an out-of-bounds write vulnerability that can allow an attacker to execute code in the context of the current process.


Sources: CISA, Siemens

Siemens QMS Automotive

Siemens QMS Automotive contains improper access control, unrestricted upload of file with dangerous type, insufficient session expiration and more vulnerabilities that can allow an attacker to perform malicious code injection, information disclosure or lead to a denial-of-service condition.


Sources: CISA, Siemens

Rockwell Automation Pavilion8

Rockwell Automation Pavilion8 contains an improper authentication vulnerability that can allow an attacker to retrieve other users' sessions data.


Sources: CISA, Rockwell Automation

SEPTEMBER 12, 2023

Hitachi Energy Lumada APM Edge

Hitachi Energy Lumada APM Edge contains use after free, double free, type confusion and more vulnerabilities that can allow an attacker to cause a denial-of-service condition or disclosure of sensitive information.


Sources: CISA, Hitachi Energy

Fujitsu Software Infrastructure Manager

Fujitsu Software Infrastructure Manager contains a cleartext storage of sensitive information vulnerability that can result in an attacker retrieving the password for the proxy server that is configured in ISM from the maintenance data.


Sources: CISA, Fujitsu

Mitsubishi Electric MELSEC Series CPU module (Update)

Mitsubishi Electric MELSEC Series CPU module (Update) contains a classic buffer overflow vulnerability that can allow a remote attacker to cause a denial-of-service condition or execute malicious code on a target product by sending specially crafted packets.


Sources: CISA, Mitsubishi Electric

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES