AVEVA Edge contains uncontrolled search path element, exposure of sensitive information to an unauthorized actor, uncontrolled resource consumption, improper access control and Windows UNC share vulnerabilities that could lead to the insertion of malicious DLL files or code execution.

Sources: AVEVA Update, CISA

Digital Alert Systems DASDEC contains a cross-site scripting vulnerability that could lead to false alerts being issued to broadcast or cable sites that are connected to the compromised system.

Sources: Digital Alert Systems Support, CISA

Phoenix Contact Automation Worx Software Suite contains improper restriction of operations within the bounds of a memory buffer and out-of-bounds read vulnerabilities that could lead to a heap buffer overflow, release of unallocated memory or a read access violation.

Sources: Phoenix Contact Update, CISA

GE CIMPLICITY contains access of uninitialized pointer, heap-based buffer overflow, untrusted pointer dereference and out-of-bounds write vulnerabilities that could lead to the execution of arbitrary code.

Sources: GE Digital Product Advisory, CISA

Moxa ARM-Based Computers contain a privilege escalation vulnerability that could give an attacker root privileges and total control of the system.

Sources: Moxa Advisory, CISA

Hillrom Welch Allyn medical device management tools contain an out-of-bounds write and an out-of-bounds read vulnerability that could lead to memory corruption and remote arbitrary code execution.

Sources: Hillrom Disclosure Page, CISA

Mitsubishi Electric Factory Automation Engineering products contain an unquoted search path or element vulnerability that could lead to an attacker gaining unauthorized information, modify information and cause a denial-of-service condition.

Sources: Mitsubishi Electric Patches, CISA