Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of March 3 - 9. Sign up to get these updates right to your inbox!

MARCH 07, 2024

Chirp Systems Chirp Access

Chirp Systems Chirp Access contains a use of hard-coded credentials vulnerability that can allow an attacker to take control and gain unrestricted physical access to systems using the affected product.


Sources: CISA, Chirp Systems

Nice Linear eMerge E3-Series

Nice Linear eMerge E3-Series contains path traversal, cross-site scripting, OS command injection and more vulnerabilities that can allow a remote attacker to gain full system access.


Sources: CISA, Nice/Nortek

MARCH 06, 2024

Apple iOS, iPadOS, macOS, tvOS and watchOS RTKit

Apple iOS, iPadOS, macOS, tvOS and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Sources: CISA, NIST

JetBrains TeamCity

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

Sources: CISA, NIST

MARCH 05, 2024

Santesoft Sante FFT Imaging

Santesoft Sante FFT Imaging contains an out-of-bounds write vulnerability that can allow a local attacker to execute arbitrary code once a user opens a malicious DCM file on affected FFT Imaging installations.


Sources: CISA, Santesoft

Integration Objects OPC UA Server Toolkit (Update A)

Integration Objects OPC UA Server Toolkit (Update A) contains an improper output neutralization for logs vulnerability that can allow a remote attacker to add content to the log file.


Sources: CISA, Integration Objects

Sunhillo SureLine

Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in/cgi/networkDiag.cgi.

Sources: CISA, NIST

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES