Siemens SIMATIC CP products contain improper access control and uncontrolled resource consumption vulnerabilities that can allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service attacks.

Sources: CISA, Siemens

Weintek cMT3000 HMI Web CGI contains stack-based buffer overflow and OS command injection vulnerabilities that can allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.

Sources: CISA, Weintek

Mitsubishi Electric MELSEC-F Series contains an improper authentication vulnerability that can allow a remote attacker to obtain sequence programs from the product, write malicious sequence programs and more.

Sources: CISA, Mitsubishi Electric

Hikvision Access Control and Intercom Products contain session fixation and improper access control vulnerabilities that can result in an attacker hijacking a session and gaining device operation permissions or an attacker modifying device network configuration by sending specific data packets to a vulnerable interface within the same local network.

Sources: CISA, Hikvision

Advantech WebAccess contains an exposure of sensitive information to an unauthorized actor vulnerability that can leak user credentials.

Sources: CISA, Advantech

Schneider Electric IGSS contains a missing authentication for critical function vulnerability that can allow arbitrary code execution or loss of control of the SCADA system.

Sources: CISA, Schneider Electric

Siemens SCALANCE W1750D contains classic buffer overflow, command injection and exposure of sensitive information to an unauthorized actor vulnerabilities that can allow an attacker to inject commands or exploit buffer overflow vulnerabilities.

Sources: CISA, Siemens