Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of March 10 - 16. Sign up to get these updates right to your inbox!

MARCH 14, 2024

Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems

Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems contain classic buffer overflow, out-of-bounds read and improper restriction of operations within the bounds of a memory buffer vulnerabilities that can allow an unauthenticated attacker who gained access to the fire protection system network to execute arbitrary code on the affected products or create a denial-of-service (DoS) condition.


Sources: CISA, Siemens

Siemens Siveillance Control

Siemens Siveillance Control contains an incorrect authorization vulnerability that can allow a local attacker to gain write privileges for objects where they only have read privileges.


Sources: CISA, Siemens

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices contain improper access control, infinite loop, NULL pointer dereference and more vulnerabilities that can allow an attacker to impact confidentiality, integrity or availability of the affected products.


Sources: CISA, Siemens

Delta Electronics DIAEnergie

Delta Electronics DIAEnergie contains improper authorization, SQL injection, path traversal and more vulnerabilities that can allow an attacker to escalate privileges, disclose sensitive information or disrupt system availability.


Sources: CISA, Delta Electronics

Softing edgeConnector

Softing edgeConnector contains cleartext transmission of sensitive information and path traversal vulnerabilities that can create conditions that may allow remote code execution.


Sources: CISA, Softing

Mitsubishi Electric MELSEC-Q/L Series

Mitsubishi Electric MELSEC-Q/L Series contains incorrect pointer scaling and integer overflow or wraparound vulnerabilities that can allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.


Sources: CISA, Mitsubishi Electric

Mitsubishi Electric MELSEC Series CPU Module (Update C)

Mitsubishi Electric MELSEC Series CPU Module (Update C) contains a classic buffer overflow vulnerability that can allow a remote attacker to cause a denial-of-service condition or execute malicious programs on a target product by sending specially crafted packets.


Sources: CISA, Mitsubishi Electric

MARCH 12, 2024

Schneider Electric EcoStruxure Power Design

Schneider Electric EcoStruxure Power Design contains a deserialization of untrusted data vulnerability that can allow for arbitrary code execution.


Sources: CISA, Schneider Electric

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES