Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of February 25 - March 2. Sign up to get these updates right to your inbox!

MARCH 01, 2024

Microsoft Windows Kernel

Microsoft Windows Kernel contains an exposed IOCTL (input and output control) with insufficient access control vulnerability within the IOCTL dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Sources: CISA, NIST

FEBRUARY 29, 2024

Delta Electronics CNCSoft-B

Delta Electronics CNCSoft-B contains a stack-based buffer overflow vulnerability that can allow an attacker to execute arbitrary code.


Sources: CISA, Delta Electronics

MicroDicom DICOM Viewer

MicroDicom DICOM Viewer contains heap-based buffer overflow and out-of-bounds write vulnerabilities that can allow an attacker to cause memory corruption issues leading to execution of arbitrary code.


Sources: CISA, MicroDicom

Microsoft Streaming Service

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain system privileges.

Sources: CISA, NIST

FEBRUARY 27, 2024

Mitsubishi Electric Multiple Factory Automation Products

Mitsubishi Electric Multiple Factory Automation Products contains an insufficient resource pool vulnerability that can allow a remote attacker to cause a temporary denial-of-service (DoS) condition for a certain period of time in the product's ethernet communication by performing a TCP SYN Flood attack.


Sources: CISA, Mitsubishi Electric

Santesoft Sante DICOM Viewer Pro

Santesoft Sante DICOM Viewer Pro contains an out-of-bounds read vulnerability that can allow an attacker to disclose information and execute arbitrary code on affected installations of the product.


Sources: CISA, Santesoft

FEBRUARY 26, 2024

GitLab

GitLab contains an improper access control vulnerability that can allow group members with sub-maintainer roles to change the title of privately accessible deploy keys associated with projects in the group.

Sources: NIST, GitLab Support

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES