IBM CICS TX Standard and Advanced 11.1 are vulnerable to HTTP header injections that could lead to cross-site scripting, cache poisoning or session hijacking.

Sources: IBM, NIST

Mitsubishi Electric MELSEC iQ-R Series C Controller Module R12CCPU-V contains an uncontrolled resource consumption vulnerability.

Sources: Mitsubishi Electric, CISA

Rockwell Automation MicroLogix 1100/1400 contains an improper restriction of rendered UI layers or frames vulnerability.

Sources: Rockwell Automation, CISA

Versions of Apache Druid are vulnerable to reflected XSS attacks.

Sources: Apache Druid, NIST

Cisco released security updates due to vulnerabilities found in multiple Cisco products that could lead to an attacker gaining control of affected systems.

Sources: Cisco, CISA

Bently Nevada 3701/4X series and 60M100 (3701/60) Condition Monitoring System contain vulnerabilities, such as use of hard-coded credentials and missing authentication for critical function.

Sources: Bently Nevada support, CISA

CISA, the FBI and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) that provides information on Maui ransomware, which has been targeting health care and public health sector organizations.

Sources: Joint CSA, CISA

OpenSSL released a security update due to a vulnerability affecting OpenSSL 3.0.4 that could lead to an attacker gaining control of affected systems.

Sources: OpenSSL advisory, CISA

Google released a security update for Chrome due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Google Chrome, CISA

NIST stated that a new post-quantum cryptographic standard is replacing the public-key cryptography that is vulnerable to quantum-based attacks.

Sources: National Security Memorandum, CISA