IBM InfoSphere Information Server 11.7 contains a vulnerability that can cause some of the components to be unusable until the process is restarted.

Sources: CVE, IBM Support

Cisco TelePresence CE and RoomOS software contain an improper validation vulnerability that can allow a threat actor to send arbitrary network requests that are sourced from the affected system.

Sources: CVE, Cisco

Hitachi Energy PCU400 contains a reliance on uncontrolled component vulnerability that can lead to a denial-of-service condition on both the logging function of the device and its associated server.

Sources: CISA, Hitachi Energy

GE digital proficy historian contains an authenticated bypass, unrestricted upload, improper access control and weak password encoding vulnerabilities that could lead to a device crash, a buffer overflow condition and allow remote code execution.

Sources: CISA, GE Digital

Mitsubishi Electric MELSEC iQ-F, iQ-R series contains a predictable seed in pseudo-random number generator vulnerability that can lead to a threat actor access to the WEB server function by guessing the random numbers used for authentication.

Sources: CISA, Mitsubishi Electric

Siemens SINEC INS contains an OS command injection, inadequate encryption strength, out-of-bounds write vulnerabilities and more that can lead to an attacker reading and writing arbitrary files from the file system of the affected component.

Sources: CISA, Siemens

Contec CONPROSYS HMI System contains an OS command injection, use of default credentials, cross-site stripping vulnerabilities and more that can allow a threat actor to send specially crafted requests and cause a loss of sensitive information.

Sources: CISA, Contec