Hitachi Energy’s RTU500 Series Product (Update B) contains out-of-bounds read, infinite loop, classic buffer overflow and more vulnerabilities that can allow an attacker to crash the device being accessed or cause a denial-of-service condition.

Sources: CISA, Hitachi Energy

Cisco IOS XE Web UI contains a privilege escalation vulnerability that can allow a remote, unauthenticated attacker to create an account with privilege level 15 access.

Sources: CISA, NIST

Citrix NetScaler ADC and NetScaler contain gateway duffer overflow vulnerabilities that can allow for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Sources: CISA, NIST

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation products contain a deserialization of untrusted data vulnerability that can allow an attacker to achieve remote code execution.

Sources: CISA, Schneider Electric

Rockwell Automation FactoryTalk Linx contains an improper input validation vulnerability that can lead to information disclosure or a denial-of-service condition.

Sources: CISA, Rockwell Automation