Rockwell Automation PanelView 800 contains an improper input validation vulnerability that can allow an attacker to disclose sensitive information, modify data or cause a denial-of-service.

Sources: CISA, Rockwell Automation

DEXMA DexGate contains cross-site scripting, cross-site request forgery, improper authentication and more vulnerabilities that can result in the attacker impersonating a user, executing arbitrary code and accessing the connected network.

Sources: CISA, DEXMA

Hitachi Energy’s RTU500 Series Product (Update A) contains out-of-bounds read, infinite loop, classic buffer overflow and more vulnerabilities that can allow an attacker to crash the device being accessed or cause a denial-of-service condition.

Sources: CISA, Hitachi Energy

Suprema BioStar 2 contains an SQL injection vulnerability that can allow an attacker to perform an SQL injection to execute arbitrary commands.

Sources: CISA, Suprema

Mitsubishi Electric FA Engineering Software contains an incorrect default permissions vulnerability that can allow a local attacker to execute code, which could result in information disclosure, tampering with and deletion of information or a denial-of-service (DoS) condition.

Sources: CISA, Mitsubishi Electric

Advantech EKI-1524-CE series contains a cross-site scripting vulnerability that can allow an attacker to execute code in the context of the session.

Sources: CISA, Advantech

Baker Hughes Bently Nevada 3500 contains cleartext transmission of sensitive information, authentication bypass by capture-replay and more vulnerabilities that can allow an attacker to steal sensitive information and gain access to the device.

Sources: CISA, Baker Hughes