Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 8 - 14. Sign up to get these updates right to your inbox!

MAY 12, 2022

Adobe

Adobe released security updates for multiple products due to vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Adobe ColdFusion, CISA, Adobe Framemaker

CISA industrial control systems advisories

CISA released 27 Industrial Control Systems Advisories for multiple companies, such as Mitsubishi Electric, Delta Electronics, Siemens and more.

Sources: CISA

MAY 11, 2022

Google

Google released security updates for Chrome versions for Windows, Mac and Linux due to vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Google Chrome, CISA

Microsoft

Microsoft released security updates due to multiple vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Microsoft, CISA

Cybersecurity Advisory partnership

Cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand and the U.S. released a joint Cybersecurity Advisory (CSA) that advises how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers.

Sources: Partner CSA, CISA

MAY 10, 2022

Eaton

The Eaton Intelligent Power Protector (IPP) contains a cross-site scripting vulnerability.

Sources: Eaton, CISA

Microsoft

Microsoft released a security advisory for Azure Data Factory and Azure Synapse Pipelines due to a remote code execution vulnerability that could lead to an attacker gaining control of affected systems.

Sources: Microsoft Advisory, CISA

Adminer

Adminer contains files or directories accessible to external parties vulnerabilities.

Sources: Advantech, CISA

Eaton

The Eaton Intelligent Power Manager Infrastructure contains cross-site scripting, reflected cross-site scripting and improper neutralization of formula in a CSV file vulnerabilities.

Sources: Eaton, CISA

AVEVA

The AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere contain exposure of resource to wrong sphere vulnerabilities.

Sources: AVEVA, CISA

Mitsubishi Electric

The Mitsubishi Electric MELSOFT GT OPC UA Client contains an out-of-bounds read and an integer overflow or wraparound vulnerability.

Sources: Mitsubishi representative, CISA

Update on joint CSA

CISA and the FBI updated the joint Cybersecurity Advisory (CSA), Strengthening Cybersecurity of SATCOM Network Providers and Customers that was released on March 17, 2022.

Sources: Updated CSA, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES