Red Lion Crimson contains an improper neutralization of null byte or NUL character vulnerability that can allow an attacker to truncate passwords configured by the Crimson configuration tool, which could create weaker than intended credentials.

Sources: CISA, Red Lion

Mitsubishi Electric MELSEC iQ-F Series CPU Module contains an improper restriction of excessive authentication attempts vulnerability that can allow a remote attacker to prevent legitimate users from logging into the web server function for a certain period, resulting in a denial-of-service condition.

Sources: CISA, Mitsubishi Electric

Mitsubishi Electric MELSEC Series contains an insufficient verification of data authenticity vulnerability that can allow a remote attacker to reset the memory of the products to factory default state and cause a denial-of-service condition.

Sources: CISA, Mitsubishi Electric

Franklin Fueling System TS-550 contains a use of password hash with insufficient computational effort vulnerability that can allow an attacker to access the device and gain unauthenticated access.

Sources: CISA, Franklin Fueling Systems

Weintek EasyBuilder Pro contains a use of hard-coded credentials vulnerability that can allow an attacker to obtain remote control of a victim's computer as a privileged user.

Sources: CISA, Weintek

Schneider Electric SpaceLogic C-Bus Toolkit contains improper privilege management and path traversal vulnerabilities that can allow an attacker to perform remote code execution, which could result in tampering of the SpaceLogic C-Bus home automation system.

Sources: CISA, Schneider Electric

INEA ME RTU contains OS command injection and improper authentication vulnerabilities that can allow remote code execution.

Sources: CISA, INEA