Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of April 17 - 23. Sign up to get these updates right to your inbox!

APRIL 22, 2022

BlackCat/ALPHV ransomware

The FBI released a flash report stating indicators of compromise (IOCs) linked with BlackCat/ALPHV, which is a ransomware-as-a-service that has compromised at least 60 entities worldwide.

Sources: FBI flash report, CISA

APRIL 21, 2022

Cisco

Cisco released security updates for multiple products due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: Cisco, CISA

Drupal

Drupal released security updates due to vulnerabilities found in certain versions that could allow an attacker to gain control of affected systems.

Sources: Drupal, CISA, Drupal

Hitachi Energy

There are multiple vulnerabilities that have been found in Hitachi Energy's MicroSCADA Pro/X SYS600, such as observable discrepancy, HTTP request smuggling, classic buffer overflow and more.

Sources: Hitachi, CISA

Johnson Controls

Johnson Controls' Metasys contains a server-side request forgery vulnerability.

Sources: Johnson Controls, CISA

Delta Electronics

Delta Electronics' ASDA-Soft contains out-of-bounds write and out-of-bounds read vulnerabilities.

Sources: Delta Electronics, CISA

APRIL 20, 2022

Threats to critical infrastructure

Cybersecurity authorities of the U.S., Australia, Canada, New Zealand and the U.K. released a joint cybersecurity advisory to caution organizations that Russia's invasion of Ukraine could increase malicious cyber activity.

Sources: CISA alert (AA22-110A), CISA

APRIL 19, 2022

CISA

CISA added three vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: CISA

Oracle

Oracle released a Critical Patch update for multiple products that addresses 520 vulnerabilities.

Sources: Oracle, CISA

Elcomplus

Elcomplus' SmartPPT SCADA server contains multiple vulnerabilities, such as cross-site scripting, unauthorized exposure to sensitive information, path traversal and more.

Sources: Elcomplus support, CISA

FANUC

The FANUC ROBOGUIDE contains multiple vulnerabilities, such as incorrect permission assignment for critical resource, improper access control, path traversal and more.


Sources: FANUC, CISA

Automated Logic

The Automated Logic WebCtrl server contains an open redirect vulnerability.

Sources: Automated Logic, CISA

Interlogix

The Interlogix Hills ComNav contains improper restriction of excessive authentication attempts and inadequate encryption strength vulnerabilties.


Sources: Carrier Global Corporation, CISA

APRIL 18, 2022

North Korean state-sponsored APT

CISA, the FBI and the U.S. Treasury Department released a joint cybersecurity advisory (CSA) reporting on the North Korean state-sponsored APT actor, the Lazarus Group.

Sources: CISA CSA, CISA

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES