Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 26 - July 2. Sign up to get these updates right to your inbox!

JUNE 30, 2022

Exemys

Exemys RME1 contains an improper authentication vulnerability.

Sources: Exemys Support, CISA

Emerson

Emerson DeltaV Distributed Control System contains multiple vulnerabilities, such as missing authentication for critical function, use of hard-coded credentials, insufficient verification of data authenticity and use of a broken or risky cryptographic algorithm.

Sources: Emerson Guardian Support Portal, CISA

Yokogawa

Yokogawa Wide Area Communication Router (WAC Router) contains a use of insufficiently random values vulnerability.

Sources: Yokogawa Support, CISA, Yokogawa security advisory

Distributed Data Systems

Distributed Data Systems WebHMI contains vulnerabilities, such as cross-site scripting and OS command injection.


Sources: Distributed Data Systems, CISA

Mitsubishi Electric

Mitsubishi Electric FA Engineering Software contains an out-of-bounds read vulnerability and an integer underflow vulnerability.

Sources: Mitsubishi Electric, CISA

CODESYS GmbH

The CODESYS GmbH CODESYS Gateway Server contains a heap-based buffer overflow vulnerability.

Sources: CODESYS GmbH, CISA

JUNE 29, 2022

Mozilla

Mozilla released security updates for Firefox, Firefox ESR and Thunderbird due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: Mozilla Firefox, Mozilla Firebird ESR, Mozilla Thunderbird, CISA

JUNE 28, 2022

ABB

ABB e-design contains an incorrect default permissions vulnerability.

Sources: CISA

Omron

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series contain vulnerabilities, such as cleartext transmission of sensitive information, insufficient verification of data authenticity and plaintext storage of a password.

Sources: CISA

Advantech

Advantech iView contains vulnerabilities, such as SQL injection, missing authentication for critical function, relative path traversal and command injection.

Sources: Advantech, CISA

Motorola Solutions

Motorola Solutions MOSCAD IP Gateway and ACE IP Gateway contain a missing authentication for critical function vulnerability.

Sources: Motorola Solutions support, CISA

Motorola Solutions

Motorola Solutions MDLC contains vulnerabilities, such as use of a broken or risky cryptographic algorithm and plaintext storage of a password.

Sources: Motorola Solutions support, CISA

Motorola Solutions

Motorola Solutions ACE1000 contains vulnerabilities, such as use of hard-coded cryptographic key, use of hard-coded credentials and insufficient verification of data authenticity.

Sources: Motorola Solutions, CISA

JUNE 27, 2022

CISA

CISA added eight vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: Known Exploited Vulnerabilities Catalog, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES