Cambium ePMP 5GHz Force 300-25 Radio contains a code injection vulnerability that can allow an attacker to perform remote code execution on the affected product.

Sources: CISA, Cambium

Johnson Controls Kantech Gen1 ioSmart contains a missing release of memory after effective lifetime vulnerability that can lead to an attacker recovering the reader's communication memory between the card and reader.

Sources: CISA, Johnson Controls

Siemens LOGO! and SIPLUS LOGO! contain an improper protection against electromagnetic fault injection (EM-FI) vulnerability that can cause an electromagnetic fault injection, which would allow an attacker to dump and debug the firmware including memory manipulation.

Sources: CISA, Siemens

Unitronics Vision Series contains an initialization of a resource with an insecure default vulnerability that can allow an attacker to take administrative control of the affected device.

Sources: CISA, Unitronics

Philips Patient Monitoring Devices (Update C) contains cross-site scripting, improper authentication, improper input validation and more vulnerabilities that can lead to unauthorized access, interrupted monitoring and collection of access information and/or patient data.

Sources: CISA, Philips

Schneider Electric Easy UPS Online Monitoring Software contains a path traversal vulnerability that can allow elevation of privileges, which could result in arbitrary file deletion with system privileges.

Sources: Schneider Electric, CISA

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update B) contains an improper resource shutdown or release vulnerability that can allow a remote attacker to cause a denial-of-service condition in the module's ethernet communication.

Sources: CISA, Mitsubishi Electric