Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 28 - August 3. Sign up to get these updates right to your inbox!

AUGUST 01, 2024

Johnson Controls exacqVision Client and exacqVision Server

Johnson Controls exacqVision Client and exacqVision Server contain an inadequate encryption strength vulnerability that could allow an attacker to be able to decrypt communications between exacqVision Server and exacqVision Client due to insufficient key length and exchange.


Sources: CISA, Johnson Controls

Johnson Controls exacqVision Web Service

Johnson Controls exacqVision Web Service contains a permissive cross-domain policy with untrusted domains vulnerability that could allow an attacker to send an unauthorized request or access data from an untrusted domain.


Sources: CISA, Johnson Controls

Johnson Controls exacqVision Server

Johnson Controls exacqVision Server contains an improper certificate validation vulnerability that could allow an attacker to perform a man-in-the-middle attack and intercept communications.


Sources: CISA, Johnson Controls

AVTECH IP Camera

AVTECH IP Camera contains a command injection vulnerability that could allow an attacker to inject and execute commands as the owner of the running process.


Sources: CISA, AVTECH

Vonets WiFi Bridges

Vonets WiFi Bridges contain use of hard-coded credentials, improper access control, path traversal, command injection and other vulnerabilities that could allow an attacker to disclose sensitive information, cause a denial-of-service condition or execute arbitrary code on the affected device.


Sources: CISA, Vonets

Rockwell Automation Logix Controllers

Rockwell Automation Logix Controllers contain an unprotected alternate channel vulnerability that could allow an attacker to execute CIP programming and configuration commands.


Sources: CISA, Rockwell Automation

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES