Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 10 - 16. Sign up to get these updates right to your inbox!
April 15, 2022
April 14, 2022
Juniper Networks
Juniper Networks released security updates due to vulnerabilities found in multiple products that could lead to an attacker gaining control of affected systems.
Sources:Juniper Networks,
CISA
Cisco
Cisco released security updates due to vulnerabilities in multiple products that could lead to an attacker gaining control of affected systems.
Sources:Cisco,
CISA
April 13, 2022
Microsoft
Microsoft released an advisory to address a critical remote code execution vulnerability in Remote Procedure Call Runtime Library that could lead to an attacker gaining control of affected systems.
Sources:Microsoft,
CISA
ICS and SCADA devices
CISA, the Department of Energy (DOE), the NSA and the FBI released a joint Cybersecurity Advisory warning that advanced persistent threat (APT) actors are capable of gaining full access to multiple ICS and SCADA devices.
Sources:Joint Cybersecurity Advisory,
CISA
CISA
CISA added multiple new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Sources:CISA,
CISA,
Known Exploited Vulnerabilities to Catalog
April 12, 2022
Apache
The Apache Software Foundation released a security advisory due to a vulnerability in versions of Struts that could lead to an attacker gaining control of affected systems.
Sources:Apache,
CISA
Citrix
Citrix released security updates due to vulnerabilities found in multiple products that could lead to an attacker gaining control of affected systems.
Sources:Citrix,
CISA
Microsoft
Microsoft released security updates due to multiple vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.
Sources:Microsoft,
CISA
Google released an updated version of Chrome for Windows, Mac and Linux due to vulnerabilities that could lead to an attacker gaining control of affected systems.
Sources:Google Chrome,
CISA
Aethon
The Aethon TUG Home Base Server contains vulnerabilities, such as missing authorization, channel accessible by non-endpoint and cross-site scripting.
Sources:Aethon,
CISA
Mitsubishi Electric
Versions of the Mitsubishi Electric Wireless LAN communication unit GT25-WLAN contain vulnerabilities, such as improper removal of sensitive information before storage or transfer, inadequate encryption strength, missing authentication for critical function, injection and improper input…
Sources:Mitsubishi Electric,
CISA
Inductive Automation
The Inductive Automation Ignition is vulnerable to path traversal.
Sources: