Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 30 - July 6. Sign up to get these updates right to your inbox!

JULY 02, 2024

Johnson Controls Kantech Door Controllers

Johnson Controls Kantech Door Controllers contain an exposure of sensitive information to an unauthorized actor vulnerability that can allow an attacker to gain access to sensitive information.


Sources: CISA, Johnson Controls

mySCADA myPRO

mySCADA myPRO contains a use of hard-coded password vulnerability that can allow an attacker to remotely execute code on the affected device.


Sources: CISA, mySCADA

ICONICS and Mitsubishi Electric Products

ICONICS and Mitsubishi Electric products contains uncontrolled search path element, improper authentication, unsafe reflection and more vulnerabilities that can result in denial of service, improper privilege management or potentially remote code execution.


Sources: CISA, ICONICS

Johnson Controls Illustra Essentials Gen 4 (Update A)

Johnson Controls Illustra Essentials Gen 4 (Update A) contains an improper input validation vulnerability that can allow an attacker to inject commands.


Sources: CISA, Johnson Controls

Johnson Controls Illustra Essentials Gen 4 (Update A)

Johnson Controls Illustra Essentials Gen 4 (Update A) contains a storing passwords in a recoverable format vulnerability that can allow an authenticated user to recover credentials for other Linux users.


Sources: CISA , Johnson Controls

Johnson Controls Illustra Essentials Gen 4 (Update A)

Johnson Controls Illustra Essentials Gen 4 (Update A) contains an insertion of sensitive information into log file vulnerability that can allow an attacker to gain access to Linux user credentials.


Sources: CISA, Johnson Controls

Johnson Controls Illustra Essentials Gen 4 (Update A)

Johnson Controls Illustra Essentials Gen 4 (Update A) contains a storing passwords in a recoverable format vulnerability that can allow a web interface user's credentials to be recovered by an authenticated user.


Sources: CISA, Johnson Controls

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES