Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 30 - May 6. Sign up to get these updates right to your inbox!

MAY 05, 2023

Advantech EKI-1524, EKI-1522, EKI-1521

Advantech EKI-1524, EKI-1522, EKI-1521 contains a stack-based buffer overflow vulnerability that can lead to a denial-of-service condition.

Sources: CVE, Advantech

IBM Cognos Command Center

IBM Cognos Command Center contains a vulnerability that could allow a local attacker to obtain sensitive information due to insufficient session expiration.

Sources: CVE, IBM X-Force Exchange

MAY 04, 2023

Mitsubishi Electric Factory Automation Products

Mitsubishi Electric Factory Automation Products contain a dependency on vulnerable third-party component vulnerability that can allow a malicious attacker to escalate privileges, disclose parameter information in the affected products and cause a denial-of-service condition.


Sources: CISA, Mitsubishi Electric

MAY 02, 2023

Dataprobe iBoot-PDU (Update A)

Dataprobe iBoot-PDU (Update A) contains OS command injection, path traversal, improper authorization and more vulnerabilities that can lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device.


Sources: CISA, Dataprobe

MAY 01, 2023

TP-Link Archer AX-21 contains a command injection vulnerability that can allow an unauthenticated attacker to inject commands.

Sources: NIST, CISA

Apache Log4j

Apache Log4j contains a deserialization of untrusted data vulnerability that can allow a threat actor to leak sensitive information and lead to remote code execution.

Sources: NIST, CISA

Oracle WebLogic Server

Oracle WebLogic Server contains an unspecified vulnerability that can allow an unauthenticated attacker network access.

Sources: NIST, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES