Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 5 - 11. Sign up to get these updates right to your inbox!

NOVEMBER 09, 2023

Johnson Controls Quantum HD Unity

Johnson Controls Quantum HD Unity contains an active debug code vulnerability that can allow an unauthorized user to access debug features that were accidentally exposed.

Sources: CISA, Johnson Controls

Hitachi Energy eSOMS

Hitachi Energy eSOMS contains generation of error message containing sensitive information and exposure of sensitive system information to an unauthorized control sphere vulnerabilities that can allow an attacker to disclose sensitive information related to eSOMS application configuration.


Sources: CISA, Hitachi Energy

NOVEMBER 08, 2023

IETF Service Location Protocol (SLP)

IETF Service Location Protocol (SLP) contains a denial-of-service vulnerability that can allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

Sources: CISA, NIST

NOVEMBER 07, 2023

GE MiCOM S1 Agile

GE MiCOM S1 Agile contains an uncontrolled search path element vulnerability that can allow an attacker to upload malicious files and achieve code execution.


Sources: CISA

Apache ActiveMQ 

Apache ActiveMQ  contains a deserialization of untrusted data vulnerability that can allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Sources: CISA, NIST

Atlassian Confluence Data Center and Server 

Atlassian Confluence Data Center and Server contains an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker.

Sources: CISA, NIST

Mitsubishi Electric MELSEC and MELIPC Series (Update G)

Mitsubishi Electric MELSEC and MELIPC Series (Update G) contains uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation vulnerabilities that can allow a remote attacker to cause a denial-of-service condition.


Sources: CISA, Mitsubishi Electric

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES