Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 17 - 23. Sign up to get these updates right to your inbox!

JULY 22, 2022

Atlassian

Atlassian released a security advisory due to a vulnerability affecting Questions for Confluence App that could allow an attacker steal sensitive information.

Sources: Atlassian, CISA

Cisco

Cisco released a security update for multiple products due to vulnerabilities found that could lead to a remote attacker gaining control of affected systems.

Sources: Cisco, CISA

Apple

Apple released security updates for multiple products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Apple, CISA

JULY 21, 2022

ICONICS, Mitsubishi Electric

The Mitsubishi Electric MC Works64 and the ICONICS Product Suite contain path traversal, deserialization of untrusted data, inclusion of functionality from untrusted control sphere and out-of-bounds read vulnerabilities.

Sources: ICONICS Suite, MC Works64, CISA

AutomationDirect

The AutomationDirect Stride Field I/O contains a cleartext transmission of sensitive information vulnerability.

Sources: AutomationDirect software downloads, CISA

Rockwell Automation

The Rockwell Automation ISaGRAF contains an improper restriction of XML external entity reference vulnerability.


Sources: Rockwell Automation, CISA

Google

Google released security updates for Chrome due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Google Chrome, CISA

Drupal

Drupal released security updates due to vulnerabilities found that could lead to an attacker gaining control of affected systems.


Sources: Drupal, CISA

Oracle

Oracle released its critical patch update due to vulnerabilities found across multiple products that could lead to an attacker gaining control of affected systems.

Sources: Oracle, CISA

ABB

ABB Drive Composer, Automation Builder and Mint Workbench contain improper privilege management vulnerabilities.

Sources: ABB Drive Composer, ABB Automation Builder, ABB Mint Workbench, CISA

Johnson Controls, Inc

The Johnson Controls, Inc Metasys ADS, ADX, OAS with MUI contain missing authentication for critical function vulnerabilities.

Sources: Johnson Controls, CISA

Rockwell

The Rockwell ISaGRAF Workbench contains deserialization of untrusted data and path traversal vulnerabilities.


Sources: Rockwell Automation, CISA

JULY 19, 2022

MiCODUS

The MiCODUS MV720 GPS tracker contains use of hard-coded credentials, improper authentication, cross-site scripting and authorization bypass through user-controlled key.

Sources: CISA

Dahua

The Dahua DHI-ASI7213X-T1 contains unrestricted upload of file with dangerous type, authentication bypass by capture-replay and generation of error message containing sensitive information.

Sources: Dahua, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES