The MZ Automation GmbH libIEC61850 contains buffer overflow, access of resource using incompatible type and NULL pointer dereference vulnerabilities that could lead to remote code execution.

Sources: MZ Automation, CISA

PTC Kepware KEPServerEX contains heap-based buffer overflow and stack-based buffer overflow vulnerabilities that could lead to remote arbitrary code execution.

Sources: PTC Kepware Upgrade, CISA

The Baxter Sigma Spectrum Infusion Pump contains missing encryption of sensitive data, use of externally controlled format string and missing authentication for critical function vulnerabilities that could lead to access to sensitive data and alteration of system configuration.

Sources: Baxter Security Bulletin, CISA

The Hillrom Welch Allyn medical device management tools contain out-of-bounds write and out-of-bunds read vulnerabilities that could lead to memory corruption and remote arbitrary code execution.

Sources: Hillrom, CISA

Cisco released security updates for multiple Cisco products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Cisco, CISA

CISA added 12 vulnerabilities to its Known Exploited Vulnerabilities catalog.

Sources: Known Exploited Vulnerabilities Catalog, CISA Alert

Triangle Microworks TMW IEC 61850 Software Library and TMW IEC 60870-6 (ICCP/TASE.2) Software Library contain an access of uninitialized pointer vulnerability that could lead to a denial-of-service condition.

Sources: CISA

AVEVA Edge 2020 R2 SP1 and all prior versions contain insufficient UI warning of dangerous operations, uncontrolled search path element, deserialization of untrusted data and improper restriction of XML external entity reference vulnerabilities that could lead to arbitrary code execution, information disclosure or a denial-of-service condition.

Sources: AVEVA, CISA

Cognex 3D-A1000 Dimensioning System contains missing authentication for critical function, improper output neutralization for logs and client-side enforcement of server-side security vulnerabilities that could lead to unauthorized password changes, escalation of privileges, falsifying of password logs and bypassing of web access controls.

Sources: Cognex Support, CISA

The Hitachi Energy TXpert Hub CoreTec 4 contains authentication bypass using an alternate path or channel, improper input validation and download of code without integrity check vulnerabilities.

Sources: Hitachi Energy Security Advisory, CISA

Delta Electronics DOPSoft 2 contains stack-based buffer overflow, out-of-bounds write and heap-based buffer overflow vulnerabilities that could lead to arbitrary code execution.

Sources: Delta Electronics, CISA