Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of June 5 - 11. Sign up to get these updates right to your inbox!
Google released security updates for Windows, Mac and Linux due to vulnerabilities that could allow an attacker to gain control of affected systems.
Sources: Google Chrome, CISA
Versions of the Dell SupportAssist Client Consumer and Dell SupportAssist Client Commercial contain a privilege escalation vulnerability an attacker could use to gain admin access to the system.
Sources: Dell Support, NIST
Versions of the IBM Spectrum Copy Data Management are vulnerable to an attacker being able to view product configuration information and could lead to further attacks against systems.
Sources: IBM, NIST, IBM support
Mitsubishi Electric Air Conditioning Systems contain vulnerabilities, such as use of a broken or risky cryptographic algorithm, exposure of sensitive information to an unauthorized actor and channel accessible by non-endpoint.
Sources: Mitsubishi, CISA
CISA added 39 vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Mitsubishi Electric MELSEC and MELIPC Series contain vulnerabilities, such as uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation.
Sources: Mitsubishi, CISA
Owl Labs released security updates for Meeting Owl Pro and Whiteboard Owl due to a vulnerability found that could lead to an attacker gaining sensitive information.
Sources: Meeting Owl Pro, CISA, Whiteboard Owl
CISA updated the criteria and process for their Known Exploited Vulnerabilities Catalog.
CISA, the NSA and the FBI released a joint cybersecurity advisory (CSA) that discusses People's Republic of China (PRC) state-sponsored cyber actors and how they are compromising infrastructure.
Sources: Joint CSA, CISA
