Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 9 - 15. Sign up to get these updates right to your inbox!

JUNE 13, 2024

Siemens SCALANCE XM-400, XR-500

Siemens SCALANCE XM-400, XR-500 contains inadequate encryption strength, double free, use-after-free and more vulnerabilities that can allow an attacker to cause a memory leak or execute arbitrary code.


Sources: CISA, Siemens

Mitsubishi Electric Multiple Products (Update G)

Mitsubishi Electric Multiple Products (Update G) contains a predictable exact value from previous values vulnerability that can be used to hijack TCP sessions and allow remote command execution.


Sources: CISA, Mitsubishi Electric

Mitsubishi Electric MELSEC-Q/L Series (Update B)

Mitsubishi Electric MELSEC-Q/L Series (Update B) contains incorrect pointer scaling and integer overflow or wraparound vulnerabilities that can allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.


Sources: CISA, Mitsubishi Electric

Motorola Solutions Vigilant License Plate Readers

Motorola Solutions Vigilant License Plate Readers contains authentication bypass using an alternate path or channel, cleartext storage in a file or on disk, use of hard-coded credentials vulnerabilities that can allow an attacker to tamper with the device, access sensitive information and credentials or perform a replay attack.


Sources: CISA, Motorola Solutions

Rockwell Automation FactoryTalk View SE

Rockwell Automation FactoryTalk View SE contains an improper authentication vulnerability that can allow a user from a remote system with FTView to view an HMI project.


Sources: CISA, Rockwell Automation

Rockwell Automation FactoryTalk View SE

Rockwell Automation FactoryTalk View SE contains an incorrect permission assignment for critical resource vulnerability that can allow low-privilege users to edit scripts, bypassing access control lists and potentially gain further access within the system.


Sources: CISA, Rockwell Automation

Rockwell Automation FactoryTalk View SE

Rockwell Automation FactoryTalk View SE contains an improper authentication vulnerability that can allow an outside attacker to view an HMI project.


Sources: CISA, Rockwell Automation

Fuji Electric Tellus Lite V-Simulator

Fuji Electric Tellus Lite V-Simulator contains out-of-bounds write and stack-based buffer overflow vulnerabilities that can allow a local attacker to perform code execution.


Sources: CISA, Fuji Electric

Siemens SINEC Traffic Analyzer

Siemens SINEC Traffic Analyzer contains out-of-bounds write, insufficient session expiration, cross-site request forgery and more vulnerabilities that can allow an attacker to cause a denial-of-service condition, disclose sensitive information or modify files.


Sources: CISA, Siemens

Siemens SCALANCE W700

Siemens SCALANCE W700 contains use of hard-coded cryptographic key, use of weak hash, injection and more vulnerabilities that can allow an authenticated attacker to execute arbitrary code, extract configuration information or execute system-level commands.


Sources: CISA, Siemens

Siemens Mendix Applications

Siemens Mendix Applications contains an improper privilege management vulnerability that can allow a threat actor to guess the identification of a target role which contains the elevated access rights.


Sources: CISA, Siemens

Siemens SIMATIC and SIPLUS

Siemens SIMATIC and SIPLUS contains race condition, injection, double free and more vulnerabilities that can allow an attacker to leak memory, create a denial-of-service condition, or execute arbitrary code.


Sources: CISA, Siemens

Siemens SICAM AK3/BC/TM

Siemens SICAM AK3/BC/TM contains an improper null termination vulnerability that can allow an attacker to execute arbitrary code or create a denial-of-service condition.


Sources: CISA, Siemens

Siemens Teamcenter Visualization and JT2Go

Siemens Teamcenter Visualization and JT2Go contains out-of-bounds read, allocation of resources without limits or throttling and NULL pointer dereference vulnerabilities that can allow an attacker to create a denial-of-service condition or execute code within the context of the current process.


Sources: CISA, Siemens

Siemens PowerSys

Siemens PowerSys contains an improper authentication vulnerability that can allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices.


Sources: CISA, Siemens

Siemens TIM 1531 IRC

Siemens TIM 1531 IRC contains improper input validation, out-of-bounds write, inadequate encryption strength and more vulnerabilities that can result in leaked information, improper input validation, a denial-of-service condition, an out-of-bounds read on heap memory, privilege escalation, memory exhaustion blocking the server, system crash and arbitrary code execution.


Sources: CISA, Siemens

Siemens SITOP UPS1600

Siemens SITOP UPS1600 contains an out-of-bounds write vulnerability that can allow an attacker to cause limited impact in the affected systems.


Sources: CISA, Siemens

Siemens ST7 ScadaConnect

Siemens ST7 ScadaConnect contains integer overflow or wraparound, double free, improper certificate validation and more vulnerabilities that can allow an attacker to disclose information, cause a denial-of-service (DoS) condition or execute arbitrary code.


Sources: CISA, Siemens

Siemens TIA Administrator

Siemens TIA Administrator contains a creation of temporary file in directory with insecure permissions vulnerability that can allow an attacker to disrupt the update process.


Sources: CISA, Siemens

Siemens SIMATIC S7-200 SMART Devices

Siemens SIMATIC S7-200 SMART Devices contain a use of insufficiently random values that can allow an attacker to create a denial-of-service condition.


Sources: CISA, Siemens

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES