WAGO PFC200 Series contains an externally controlled reference to a resource in another sphere vulnerability that can allow an attacker with administrative privileges to access sensitive files in an unintended, undocumented way.

Sources: CISA, WAGO

Fuji Electric Tellus Lite V-Simulator contains stack-based buffer overflow, out-of-bounds write and improper access control vulnerabilities that can crash the device being accessed, allow remote code execution or overwrite files.

Sources: CISA, Fuji Electric

Mitsubishi Electric CNC Series (Update C) contains a classic buffer overflow vulnerability that can allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets.

Sources: CISA, Mitsubishi Electric

Keysight N8844A Data Analytics Web Service (Update A) contains a deserialization of untrusted data vulnerability that can lead to remote code execution.

Sources: CISA, Keysight

Rockwell Automation Stratix 5800 and Stratix 5200 (Update A) contain unprotected alternate channel and OS command injection vulnerabilities that can allow an unauthenticated attacker to take control of the affected system.

Sources: CISA, Rockwell Automation