Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of October 29 - November 4. Sign up to get these updates right to your inbox!

NOVEMBER 02, 2023

Red Lion Crimson

Red Lion Crimson contains an improper neutralization of null byte or NUL character vulnerability that can allow an attacker to truncate passwords configured by the Crimson configuration tool, which could create weaker than intended credentials.

Sources: CISA, Red Lion

Mitsubishi Electric MELSEC iQ-F Series CPU Module

Mitsubishi Electric MELSEC iQ-F Series CPU Module contains an improper restriction of excessive authentication attempts vulnerability that can allow a remote attacker to prevent legitimate users from logging into the web server function for a certain period, resulting in a denial-of-service condition.


Sources: CISA, Mitsubishi Electric

Mitsubishi Electric MELSEC Series

Mitsubishi Electric MELSEC Series contains an insufficient verification of data authenticity vulnerability that can allow a remote attacker to reset the memory of the products to factory default state and cause a denial-of-service condition.


Sources: CISA, Mitsubishi Electric

Franklin Fueling System TS-550

Franklin Fueling System TS-550 contains a use of password hash with insufficient computational effort vulnerability that can allow an attacker to access the device and gain unauthenticated access.


Sources: CISA, Franklin Fueling Systems

Weintek EasyBuilder Pro

Weintek EasyBuilder Pro contains a use of hard-coded credentials vulnerability that can allow an attacker to obtain remote control of a victim's computer as a privileged user.


Sources: CISA, Weintek

Schneider Electric SpaceLogic C-Bus Toolkit

Schneider Electric SpaceLogic C-Bus Toolkit contains improper privilege management and path traversal vulnerabilities that can allow an attacker to perform remote code execution, which could result in tampering of the SpaceLogic C-Bus home automation system.


Sources: CISA, Schneider Electric

OCTOBER 31, 2023

INEA ME RTU

INEA ME RTU contains OS command injection and improper authentication vulnerabilities that can allow remote code execution.


Sources: CISA, INEA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES