Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 12 - 18. Sign up to get these updates right to your inbox!

MAY 16, 2024

Siemens Parasolid

Siemens Parasolid contains out-of-bounds read and NULL pointer dereference vulnerabilities that can allow an attacker to execute code in the context of the current process and crash the application causing a denial-of-service condition.


Sources: CISA, Siemens

Siemens SICAM Products

Siemens SICAM Products contains an improper null termination, command injection and cleartext storage of sensitive information vulnerabilities that can allow an attacker to execute code in the context of the current process, allow an authenticated privileged remote attacker to execute arbitrary code with root privileges or lead to a denial-of-service condition.


Sources: CISA, Siemens

Rockwell Automation FactoryTalk View SE

Rockwell Automation FactoryTalk View SE contains an improper input validation vulnerability that can allow an attacker to inject a malicious SQL statement in the SQL database, resulting in expose sensitive information.


Sources: CISA, Rockwell Automation

Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)

Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A) contains an incorrect privilege assignment vulnerability that can allow a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than themselves.


Sources: CISA, Mitsubishi Electric

Mitsubishi Electric MELSEC-Q/L Series (Update A)

Mitsubishi Electric MELSEC-Q/L Series (Update A) contains incorrect pointer scaling and integer overflow or wraparound vulnerabilities that can allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.


Sources: CISA, Mitsubishi Electric

GE Healthcare Ultrasound Products (Update A)

GE Healthcare Ultrasound Products (Update A) contains protection mechanism failure and incorrect user management vulnerabilities that can allow an attacker with physical access to gain access to the operating system of affected devices.


Sources: CISA, GE

MAY 14, 2024

Johnson Controls Software House C-CURE 9000

Johnson Controls Software House C-CURE 9000 contains insertion of sensitive information into log file vulnerabilities that can allow an attacker to access credentials used for access to the application.


Sources: CISA, Johnson Controls

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES