Johnson Controls Metasys ADS/ADX/OAS servers contain an insufficiently protected credentials vulnerability that can lead to exposed credentials to unauthorized users.

Sources: CISA, Johnson Controls

Hitachi Energy Lumada APM contains an improper access control vulnerability that can lead to unauthorized access for attackers to manipulate assets.

Sources: CISA, Hitachi Energy Advisory

Siemens S7-1500 CPU devices contain a missing immutable root of trust vulnerability that can lead to an attacker with physical access to a device to replace the boot image of the device and execute arbitrary code.

Sources: CISA, Siemens

Siemens Mendix SAML Module contains an improper neutralization of inputing vulnerability that can lead to an attacker getting sensitive information by tricking users with a malicious link.

Sources: CISA, Siemens

Panasonic Sanyo CCTV Network Camera contains a cross-site request forgery vulnerability that can lead to an attacker performing actions without validity checks.

Sources: CISA, Panasonic

Philips Patient Information Center iX and Efficia CM Series (Update A) contain an improper input validation, use of hard-code cryptographic key and use of broken or risky cryptographic algorithm vulnerabilities that can lead to unauthorized user access and denial-of-service conditions.

Sources: CISA, NIST

Delta Electronics InfraSuite Device Master (Update A) contains deserialization of untrusted data, path traversal and missing authentication for critical function vulnerabilities that can lead to an unauthenticated attacker to remotely execute code, cause a denial-of-service condition by remotely deleting files or changing group privileges.

Sources: CISA, Delta Electronics