Siemens Mendix SAML module contains an incorrect implementation of authentication algorithm vulnerability that can allow unauthenticated remote attackers to bypass authentication and gain access to the application.

Sources: CISA, Siemens

Honeywell OneWireless Wireless Device Manager contains a command injection, use of insufficiently random values and missing authentication for critical function vulnerabilities that could disclose sensitive information, allow privilege escalation or allow remote code execution.

Sources: CISA, Honeywell

Rockwell Automation Modbus TCP AOI Server contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow an unauthorized user to read the connected device’s Modbus TCP Server AOI information.

Sources: CISA, Rockwell Automation

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A) contains relative path traversal, classic buffer overflow and cross-site scripting vulnerabilities that could allow a user to read files on the system, execute arbitrary code or create a denial-of-service condition.

Sources: CISA, Aveva

Siemens SCALANCE W1750D Devices contain double free, use after free, improper input validation and more vulnerabilities that can allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial-of-service condition.

Sources: CISA, Siemens

Omron CJ1M PLC contains an improper access control vulnerability that can allow an attacker to bypass user memory protections by writing to a specific memory address.

Sources: CISA, Omron

Autodesk FBX SDK contains out-of-bounds read, use after free and out-of-bounds write vulnerabilities that could lead to code execution or a denial-of-service condition.

Sources: CISA, Autodesk

GE iFIX contains a code injection vulnerability that could allow for privilege escalation and full control of the system.

Sources: CISA, GE