Industrial Control Links ScadaFlex II SCADA Controllers contain an external control of file name or path vulnerability that could allow an authenticated attacker to overwrite, delete or create files.

Sources: CISA, Industrial Control Links

JTEKT ELECTRONICS Screen Creator Advance 2 contains out-of-bounds read, out-of-bounds write and use after free vulnerabilities that can allow an attacker to disclose information or execute arbitrary code.

Sources: CISA, Jtekt Electronics

JTEKT ELECTRONICS Kostac PLC Programming Software contains out-of-bounds read and use after free vulnerabilities that can allow an attacker to disclose information or execute arbitrary code.

Sources: CISA, Jtekt Electronics

Korenix Jetwave contains command injection and uncontrolled resource consumption vulnerabilities that can allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition.

Sources: CISA, Korenix

Hitachi Energy MicroSCADA System Data Manager SDM600 contains improper authorization, improper resource shutdown or release, improper privilege management and more vulnerabilities that can allow an attacker to take remote control of the product.

Sources: CISA, Hitachi Energy

mySCADA myPRO contains an OS command injection vulnerability that can allow an authenticated user to inject arbitrary operating system commands.

Sources: CISA, mySCADA

Rockwell Automation FactoryTalk Diagnostics (Update A) contains a deserialization of untrusted data vulnerability that can allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges.

Sources: CISA, Rockwell Automation