Citrix released security updates for Hypervisor due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: Citrix, CISA

CISA released its Cloud Security (CS) Technical Architecture (TRA) to guide people on how to securely migrate to the cloud.

Sources: CS TRA, CISA

Elcomplus LLC SmartICS contains vulnerabilities, such as improper access control, relative path traversal and cross-site scripting.

Sources: SmartICS, CISA

Pyramid Solutions, Inc. Ethernet/IP adapter development kit contains an out-of-bounds vulnerability that could result in a denial-of-service.

Sources: Pyramid Solutions, CISA

Secheron SEPCOS Control and Protection Relay contains multiple vulnerabilities, such as improper enforcement of behavioral workflow, lack of administrator control over security, improper privilege management, insufficiently protected credentials and improper access control.

Sources: Secheron, CISA

Yokogawa Consolidation Alarm Management Software for Human Interface Station (CAMS for HIS) contains a violation of secure design principles vulnerability.

Sources: Yokogawa, CISA

OFFIS DCMTK contains path traversal, relative path traversal and NULL pointer dereference vulnerabilities.

Sources: OFFIS, CISA

Yokogawa STARDOM contains vulnerabilities, such as cleartext transmission of sensitive information and use of hard-coded credentials that could lead to an attacker altering device configuration settings or tampering with device firmware.

Sources: Yokogawa, CISA

CISA and the U.S. Coast Guard Cyber Command (CGCYBER) released a joint CSA about the continued exploitation of Log4Shell in VMware Horizon and Unified Access Gateway (UAG) servers.

Sources: VMware, CISA, Joint CSA

Google released security updates for Chrome in Windows, Mac and Linux due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: Google Chrome, CISA