Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of January 7 - 13. Sign up to get these updates right to your inbox!
Rapid Software LLC Rapid SCADA contains path traversal, relative path traversal, use of hard-coded credentials and more vulnerabilities that can result in an attacker reading sensitive files from the Rapid SCADA server.
Sources: CISA, Rapid Software
Horner Automation Cscape contains a stack-based buffer overflow vulnerability that can allow an attacker to execute arbitrary code.
Sources: CISA, Horner Automation
Schneider Electric Easergy Studio contains a deserialization of untrusted data vulnerability that can allow an attacker to gain full control of a workstation.
Sources: CISA, Schneider Electric
Siemens Teamcenter Visualization and JT2Go contains out-of-bounds read, NULL pointer dereference, stack-based buffer overflow and more vulnerabilities that can allow an attacker to execute code in the context of the software's current process or crash the application causing a denial of service.
