Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of January 28 - February 3. Sign up to get these updates right to your inbox!

FEBRUARY 01, 2024

Gessler GmbH WEB-MASTER

Gessler GmbH WEB-MASTER contains use of weak credentials and use of weak hash vulnerabilities that can allow a user to take control of the web management of the device. An attacker with access to the device could also extract and break the password hashes for all users stored on the device.


Sources: CISA, Gessler

JANUARY 30, 2024

Emerson Rosemount GC370XA, GC700XA, GC1500XA

Emerson Rosemount GC370XA, GC700XA and GC1500XA contain command injection, improper authentication and improper authorization vulnerabilities that can allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition and bypass authentication to acquire admin capabilities.


Sources: CISA, Emerson

Mitsubishi Electric FA Engineering Software Products

Mitsubishi Electric FA Engineering Software Products contain missing authentication for critical function and unsafe reflection vulnerabilities that can allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service (DoS) condition on the products.


Sources: CISA, Mitsubishi Electric

Mitsubishi Electric MELSEC WS Series Ethernet Interface Module

Mitsubishi Electric MELSEC WS Series Ethernet Interface Module contains an authentication bypass by capture-replay vulnerability that can allow an unauthorized attacker to log in to the modules and disclose or tamper with the programs and parameters in the modules.


Sources: CISA, Mitsubishi Electric

Hitron Systems Security Camera DVR

Hitron Systems Security Camera DVR contains an improper input validation vulnerability that can allow an attacker to affect the availability of the product through exploitation of an improper input validation vulnerability and default credentials.


Sources: CISA, Hitron Systems

Rockwell Automation ControlLogix and GuardLogix

Rockwell Automation ControlLogix and GuardLogix contain an improper restriction of operations within the bounds of a memory buffer vulnerability that can allow an attacker to crash the device by exploiting a denial-of-service (DoS) vulnerability.


Sources: CISA, Rockwell Automation

Rockwell Automation FactoryTalk Service Platform

Rockwell Automation FactoryTalk Service Platform contains an improper verification of cryptographic signature vulnerability that can allow an attacker to retrieve user information and modify settings without any authentication.


Sources: CISA, Rockwell Automation

Rockwell Automation LP30/40/50 and BM40 Operator Interface

Rockwell Automation LP30/40/50 and BM40 Operator Interface contains out-of-bounds write, stack-based buffer overflow, untrusted pointer dereference and more vulnerabilities that can allow an authenticated attacker to use specifically crafted communication requests to perform a denial-of-service condition, memory overwriting or remote code execution.


Sources: CISA, Rockwell Automation

Mitsubishi Electric CNC Series (Update E)

Mitsubishi Electric CNC Series (Update E) contains a classic buffer overflow that can allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets. System reset is required for recovery.


Sources: CISA, Mitsubishi Electrice

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES