Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of January 21 - 27. Sign up to get these updates right to your inbox!

JANUARY 25, 2024

MachineSense FeverWarn

MachineSense FeverWarn contains use of hard-coded credentials, improper access control, OS command injection and more vulnerabilities that can allow an attacker to obtain user data from devices, execute remote code on devices or gain control over devices to perform malicious actions.


Sources: CISA, MachineSense

JANUARY 23, 2024

APsystems Energy Communication Unit (ECU-C) Power Control Software

APsystems Energy Communication Unit (ECU-C) Power Control Software contains an improper access control vulnerability that can allow an attacker to access sensitive data and execute specific commands and functions with full admin rights without authenticating.


Sources: CISA, APsystems

Voltronic Power ViewPower Pro

Voltronic Power ViewPower Pro contains deserialization of untrusted data, missing authentication for critical function, exposed dangerous method or function and more vulnerabilities that can allow an attacker to create a denial-of-service condition, obtain administrator credentials or achieve remote code execution.


Sources: Voltronic, CISA

Westermo Lynx 206-F2G

Westermo Lynx 206-F2G contains cross-site scripting, code injection, cross-origin resource sharing and more vulnerabilities that can allow an attacker to access the web application, inject arbitrary code, execute malicious code, obtain sensitive information or execute a malicious request.


Sources: CISA, Westermo

Lantronix XPort

Lantronix XPort contains a weak encoding for password vulnerability that can allow an attacker to obtain credentials.


Sources: CISA, Lantronix

Orthanc Osimis DICOM Web Viewer

Orthanc Osimis DICOM Web Viewer contains a cross-site scripting vulnerability that can allow an attacker to execute arbitrary JavaScript code inside the victim's browser.


Sources: CISA, Orthanc

Crestron AM-300

Crestron AM-300 contains an OS command injection vulnerability that can allow an attacker to escalate their privileges to root-level access.


Sources: CISA, Crestron

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES