Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 7 - 13. Sign up to get these updates right to your inbox!

NOVEMBER 12, 2021

Palo Alto Networks

Palo Alto Networks released security updates due to a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces that could lead to an attacker taking control of an affected system.

Sources: Palo Alto Networks


VMware released a security update due to a vulnerability in Tanzu application service for VMs that would allow an attacker to cause a denial-of-service condition.

Sources: VMware, CISA

NOVEMBER 11, 2021


Apple released a security update for iCloud for Windows 13 due to multiple vulnerabilities that could lead to an attacker gaining control of an affected system.

Sources: Apple

Data distribution service implementations

CISA released an industrial control systems advisory on vulnerabilities in multiple open-source and proprietary object management group data distribution service implementations that could lead to denial-of-service or buffer-overflow conditions.

Sources: CISA

NOVEMBER 09, 2021

ManageEngine ADSelfService Plus

CISA released a joint alert with the help of the FBI and the U.S. Coast Guard Cyber Command about a vulnerability, CVE-2021-40539, in ManageEngine ADSelfService Plus that is being targeted. Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) also released their own reports on targeted attacks.

Sources: CISA, Palo Alto Networks, MSTIC


Adobe released security updates for multiple Adobe products, such as RoboHelp, InCopy and Creative Cloud Desktop Application, that have vulnerabilities that could allow an attacker to take control of affected systems.

Sources: Adobe RoboHelp, Adobe InCopy, Adobe Creative Cloud Desktop Application


Citrix released security updates addressing vulnerabilities affecting multiple versions of Citrix Application Delivery Controller, Gateway and SD-WAN WANOP that could lead to a denial-of-service condition.

Sources: Citrix


Microsoft released security updates addressing multiple vulnerabilities that an attacker could use to take control of affected systems.

Sources: Microsoft November update list, Microsoft update guide


Samba released security updates due to vulnerabilities in multiple versions of Samba that an attacker could use to take control of affected systems.

Sources: Samba, CISA


CISA released an ICS advisory explaining multiple vulnerabilities in Siemens Nucleus Real-Time Operating Systems (RTOS) and supporting libraries that could lead an attacker to gain control of an affected system.

Sources: CISA




Keep your finger on the pulse of top industry news