Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 10 - 16. Sign up to get these updates right to your inbox!

APRIL 15, 2022

VMware

VMware released security updates due to a remote code execution vulnerability found in its Cloud Director that could allow an attacker to gain control of affected systems.

Sources: VMware, CISA

APRIL 14, 2022

Juniper Networks

Juniper Networks released security updates due to vulnerabilities found in multiple products that could lead to an attacker gaining control of affected systems.

Sources: Juniper Networks, CISA

Cisco

Cisco released security updates due to vulnerabilities in multiple products that could lead to an attacker gaining control of affected systems.

Sources: Cisco, CISA

APRIL 13, 2022

CISA

CISA added multiple new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: CISA, CISA, Known Exploited Vulnerabilities to Catalog

Microsoft

Microsoft released an advisory to address a critical remote code execution vulnerability in Remote Procedure Call Runtime Library that could lead to an attacker gaining control of affected systems.


Sources: Microsoft, CISA

ICS and SCADA devices

CISA, the Department of Energy (DOE), the NSA and the FBI released a joint Cybersecurity Advisory warning that advanced persistent threat (APT) actors are capable of gaining full access to multiple ICS and SCADA devices.

Sources: Joint Cybersecurity Advisory, CISA

APRIL 12, 2022

Inductive Automation

The Inductive Automation Ignition is vulnerable to path traversal.

Sources: CISA

Mitsubishi Electric

Versions of the Mitsubishi Electric Wireless LAN communication unit GT25-WLAN contain vulnerabilities, such as improper removal of sensitive information before storage or transfer, inadequate encryption strength, missing authentication for critical function, injection and improper input validation.

Sources: Mitsubishi Electric, CISA

Aethon

The Aethon TUG Home Base Server contains vulnerabilities, such as missing authorization, channel accessible by non-endpoint and cross-site scripting.

Sources: Aethon, CISA

Google

Google released an updated version of Chrome for Windows, Mac and Linux due to vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Google Chrome, CISA

Microsoft

Microsoft released security updates due to multiple vulnerabilities found in Microsoft software that could lead to an attacker gaining control of affected systems.

Sources: Microsoft, CISA

Citrix

Citrix released security updates due to vulnerabilities found in multiple products that could lead to an attacker gaining control of affected systems.

Sources: Citrix, CISA

Apache

The Apache Software Foundation released a security advisory due to a vulnerability in versions of Struts that could lead to an attacker gaining control of affected systems.

Sources: Apache, CISA

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES