SUBSCRIBE

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 10 - 16. Sign up to get these updates right to your inbox!

April 15, 2022

VMware

VMware released security updates due to a remote code execution vulnerability found in its Cloud Director that could allow an attacker to gain control of affected systems.

Sources:

VMware,

CISA
April 14, 2022

Juniper Networks

Juniper Networks released security updates due to vulnerabilities found in multiple products that could lead to an attacker gaining control of affected systems.

Sources:

Juniper Networks,

CISA

Cisco

Cisco released security updates due to vulnerabilities in multiple products that could lead to an attacker gaining control of affected systems.

Sources:

Cisco,

CISA
April 13, 2022

Microsoft

Microsoft released an advisory to address a critical remote code execution vulnerability in Remote Procedure Call Runtime Library that could lead to an attacker gaining control of affected systems.

Sources:

Microsoft,

CISA

ICS and SCADA devices

CISA, the Department of Energy (DOE), the NSA and the FBI released a joint Cybersecurity Advisory warning that advanced persistent threat (APT) actors are capable of gaining full access to multiple ICS and SCADA devices.

Sources:

Joint Cybersecurity Advisory,

CISA

CISA

CISA added multiple new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources:

CISA,

CISA,

Known Exploited Vulnerabilities to Catalog
April 12, 2022

Apache

The Apache Software Foundation released a security advisory due to a vulnerability in versions of Struts that could lead to an attacker gaining control of affected systems.

Sources:

Apache,

CISA

Citrix

Citrix released security updates due to vulnerabilities found in multiple products that could lead to an attacker gaining control of affected systems.

Sources:

Citrix,

CISA

Microsoft

Microsoft released security updates due to multiple vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.

Sources:

Microsoft,

CISA

Google

Google released an updated version of Chrome for Windows, Mac and Linux due to vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources:

Google Chrome,

CISA

Aethon

The Aethon TUG Home Base Server contains vulnerabilities, such as missing authorization, channel accessible by non-endpoint and cross-site scripting.

Sources:

Aethon,

CISA

Mitsubishi Electric

Versions of the Mitsubishi Electric Wireless LAN communication unit GT25-WLAN contain vulnerabilities, such as improper removal of sensitive information before storage or transfer, inadequate encryption strength, missing authentication for critical function, injection and improper input…

Sources:

Mitsubishi Electric,

CISA

Inductive Automation

The Inductive Automation Ignition is vulnerable to path traversal.

Sources:

CISA