April 28, 2022

Delta Electronics

The Delta Electronics DIAEnergie contains vulnerabilities, such as path traversal, incorrect default permissions, SQL injection and uncontrolled search path element.

Sources:

Delta,

CISA

Johnson Controls

The Johnson Controls Metasys ADS/ADX/OAS servers contain an improper privilege management vulnerability.

Sources:

Johnson Controls,

CISA

Malware targeting Ukrainian organizations

CISA and the FBI updated the joint cybersecurity advisory on destructive malware targeting organizations in Ukraine that was released in February 2022.

Sources:

CISA,

CISA

Cisco

Cisco released security updates for multiple products that contained vulnerabilities that an attacker could use to gain control of affected systems.

Sources:

Cisco,

CISA

Google

Google released security updates for Chrome to address vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources:

Google Chrome,

CISA

April 27, 2022

Top exploited vulnerabilities in 2021

CISA, the NSA, the FBI, the Australian Cybersecurity Center, the Canadian Center for Cybersecurity, the New Zealand National Cybersecurity Center and the United Kingdom’s National Cybersecurity Center released a joint cybersecurity advisory explaining the top…

Sources:

Joint cybersecurity advisory,

CISA

April 26, 2022

Hitachi Energy

The Hitachi Energy System Data Manager – SDM600 contains vulnerabilities, such as integer overflow or wraparound, reachable assertion, type confusion, uncontrolled recursion and observable discrepancy.

Sources:

Hitachi Energy,

CISA

Mitsubishi Electric

The Mitsubishi Electric MELSEC and MELIPC Series contain vulnerabilities, such as uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation.

Sources:

Mitsubishi Electric advisory,

CISA

April 25, 2022

CISA

CISA added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources:

Known Exploited Vulnerabilities Catalog,

CISA