Sources: CISA, Johnson Controls

Hitachi Energy eSOMS contains generation of error message containing sensitive information and exposure of sensitive system information to an unauthorized control sphere vulnerabilities that can allow an attacker to disclose sensitive information related to eSOMS application configuration.

Sources: CISA, Hitachi Energy

IETF Service Location Protocol (SLP) contains a denial-of-service vulnerability that can allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

Sources: CISA, NIST

GE MiCOM S1 Agile contains an uncontrolled search path element vulnerability that can allow an attacker to upload malicious files and achieve code execution.

Sources: CISA

Apache ActiveMQ  contains a deserialization of untrusted data vulnerability that can allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Sources: CISA, NIST

Atlassian Confluence Data Center and Server contains an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker.

Sources: CISA, NIST

Mitsubishi Electric MELSEC and MELIPC Series (Update G) contains uncontrolled resource consumption, improper handling of length parameter inconsistency and improper input validation vulnerabilities that can allow a remote attacker to cause a denial-of-service condition.

Sources: CISA, Mitsubishi Electric