Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 28 - May 4. Sign up to get these updates right to your inbox!

MAY 02, 2024

CyberPower PowerPanel

CyberPower PowerPanel contains use of hard-coded password, relative path traversal, use of hard-coded credentials and more vulnerabilities that can result in an attacker bypassing authentication and gaining administrator privileges, forging JWT tokens to bypass authentication, writing arbitrary files to the server, achieving code execution and more.


Sources: CISA, CyberPower

Delta Electronics DIAEnergie

Delta Electronics DIAEnergie contains SQL Injection and path traversal vulnerabilities that can allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application and compromise the system on which DIAEnergie is deployed.


Sources: CISA, Delta Electronics

Chirp Systems Chirp Access (Update C)

Chirp Systems Chirp Access (Update C) contains a use of hard-coded password vulnerability that can allow an attacker to adjust the beacon configuration settings and/or disable the bluetooth functionality of doors where non-networked beacons are deployed.


Sources: CISA, Chirp Systems

APRIL 30, 2024

Delta Electronics CNCSoft-G2 DOPSoft

Delta Electronics CNCSoft-G2 DOPSoft contains a stack-based buffer overflow vulnerability that can allow an attacker to execute arbitrary code.


Sources: CISA, Delta Electronics

SEW-EURODRIVE MOVITOOLS MotionStudio (Update A)

SEW-EURODRIVE MOVITOOLS MotionStudio (Update A) contains an improper restriction of XML external entity reference that can result in open access to file information.


Sources: CISA, SEW Eurodrive

Unitronics Vision Legacy Series (Update A)

Unitronics Vision Legacy Series (Update A) contains a storing passwords in a recoverable format vulnerability that can allow an attacker to log in to the Remote HMI feature, where the PLC may be factory reset, stopped and restarted.


Sources: CISA, Unitronics

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES