Red Lion Sixnet RTUs contains authentication bypass using an alternative path or channel and exposed dangerous method or function vulnerabilities that can allow an unauthenticated attacker to execute commands with high privileges.

Sources: CISA, Red Lion

Hitachi Energy MACH System Software contains path traversal and exposure of resource to wrong sphere vulnerabilities that can allow an attacker to read/write arbitrary files without the proper authorization.

Sources: CISA, Hitachi Energy

Siemens Desigo CC product family contains buffer over-read and heap-based buffer overflow vulnerabilities that can allow remote attackers to execute arbitrary code on the Desigo CC server or create a denial-of-service condition.

Sources: CISA, Siemens

Siemens Mendix Runtime contains an authentication bypass by capture-replay vulnerability that can allow authenticated attackers to access or modify objects without proper authorization or escalate privileges in the context of the vulnerable app.

Sources: CISA, Siemens

Siemens SCALANCE W700 contains an improper input validation vulnerability that can allow an attacker to disclose sensitive information or steal the victim's session.

Sources: CISA, Siemens

AVEVA Operations Control Logger contains execution with unnecessary privileges and external control of file name or path vulnerabilities that can allow privilege escalation or denial of service.

Sources: CISA, AVEVA

Rockwell Automation SIS Workstation and ISaGRAF Workbench contain an improper input validation vulnerability that can allow unprivileged local users to overwrite files, replacing them with malicious programs.

Sources: CISA, Rockwell Automation