Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32284PUBLISHED: 2022-07-04Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.
CVE-2022-33208PUBLISHED: 2022-07-04
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sy...
CVE-2022-33948PUBLISHED: 2022-07-04HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.
CVE-2022-33971PUBLISHED: 2022-07-04
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an ...
CVE-2022-34151PUBLISHED: 2022-07-04
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studi...
User Rank: Ninja
1/24/2018 | 9:48:30 PM
But, of course, for all anyone knows, the vulnerability has already been exploited in the wild (and, if so, very possibly even by nation-state actors, who would probably be the best poised to have known about the vulnerability and have done so -- especially without you finding out about it).
Sure, good coordination has to go into vulnerabilty announcements and patch processes, but because this particular vulnerability is so disastrous and severe, it would be hard for much of the population to not take a Chicken Little approach here. It's a pretty bad vulnerability.