Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of February 18 - 24. Sign up to get these updates right to your inbox!

FEBRUARY 23, 2024

ConnectWise ScreenConnect

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

Sources: CISA, NIST

FEBRUARY 22, 2024

Delta Electronics CNCSoft-B DOPSoft

Delta Electronics CNCSoft-B DOPSoft contains an uncontrolled search path element vulnerability that can allow an attacker to achieve remote code execution.


Sources: CISA, Delta Electronics

FEBRUARY 20, 2024

Commend WS203VICM

Commend WS203VICM contains argument injection, improper access control and weak encoding for password vulnerabilities that can allow an attacker to obtain sensitive information or force the system to restart.


Sources: CISA, Commend

Ethercat Zeek Plugin

Ethercat Zeek Plugin contains out-of-bounds write and out-of-bounds read vulnerabilities that can allow remote code execution.


Sources: CISA, Ethercat

Mitsubishi Electric Electrical Discharge Machines

Mitsubishi Electric Electrical Discharge Machines contain an improper input validation vulnerability that can allow an attacker to disclose, tamper with, destroy or delete information, or cause a denial-of-service condition on the products.


Sources: CISA, Mitsubishi Electric

FEBRUARY 19, 2024

Microsoft Exchange Server

Microsoft Exchange Server contains a privilege escalation vulnerability that allows for privilege escalation.

Sources: CISA, NIST

Cisco ASA and FTD

Cisco ASA and FTD contain an information disclosure vulnerability that can allow an attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface.


Sources: CISA, NIST

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES