Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of December 31 - January 6. Sign up to get these updates right to your inbox!
Rockwell Automation FactoryTalk Activation contains an out-of-bounds write vulnerability that can result in a buffer overflow and allow the attacker to gain full access to the system.
Sources: CISA, Rockwell Automation
Mitsubishi Electric Factory Automation products contain observable timing discrepancy, double free and access of resource using incompatible type vulnerabilities that can disclose information in the product or cause a denial-of-service (DoS) condition.
Sources: CISA, Mitsubishi Electric
Unitronics Vision and Samba series (Update A) contain an initialization of a resource with an insecure default vulnerability that can allow an unauthenticated attacker to take administrative control of Unitronics Vision and Samba series systems and use a default administrative password.
Sources: CISA, Unitronics
