Siemens SCALANCE W1750D contains classic buffer overflow, improper input validation and command injection vulnerabilities that can allow an attacker to inject commands or exploit buffer overflow vulnerabilities, which could lead to sensitive information disclosure, unauthenticated denial-of-service or unauthenticated remote code execution.

Sources: CISA, Siemens

Siemens Unicam FX contains an incorrect use of privileged APIs vulnerability that can allow an attacker to gain SYSTEM privileges.

Sources: CISA, Siemens

Rockwell Automation FactoryTalk Service Platform contains an incorrect execution-assigned permissions vulnerability that can allow malicious users with basic user group privileges to receive administrator group privileges.

Sources: CISA, Rockwell Automation

Siemens SINEC NMS contains out-of-bounds read, inadequate encryption strength, double free and more vulnerabilities that can result in a information dislosure, authentication bypass, unauthorized modification, arbitrary code execution or denial of service.

Sources: CISA, Siemens

Siemens Polarion ALM contains incorrect default permissions and improper authentication vulnerabilities that can allow unauthenticated access or privilege escalation.

Sources: CISA, Siemens

Siemens SCALANCE XCM-/XRM-300 contains incorrect comparison, out-of-bounds read, incorrect default permissions and more vulnerabilities that can affect confidentiality, integrity or system availability.

Sources: CISA, Siemens

Mitsubishi Electric MELSEC iQ-R Series Safety CPU contains an incorrect privilege assignment vulnerability that can allow a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than themselves.

Sources: CISA, Mitsubishi Electric