Real Time Automation 460 Series contains a cross-site scripting vulnerability that can allow an attacker to run malicious JavaScript content.

Sources: CISA, Real Time Automation

Siemens Spectrum Power 7 contains an incorrect permission assignment for critical resource vulnerability that can allow a local attacker to inject arbitrary code to the update script and escalate privileges.

Sources: CISA, Siemens

Delta Electronics DIAScreen contains an out-of-bounds write vulnerability that can allow remote code execution.

Sources: CISA, Delta Electronics

Rockwell Automation Select Logix Communication Modules contain stack-based buffer overflow vulnerabilities that can allow an attacker to achieve remote code execution.

Sources: CISA, Rockwell Automation

Siemens SIMATIC PCS neo Administration Console contains an insertion of sensitive information into externally accessible file or directory vulnerability that can allow a threat actor to get the credentials and impersonate the admin user, thereby gaining admin access to other Windows systems.

Sources: CISA, Siemens

Omron Engineering Software Zip-Slip contains a path traversal vulnerability that can allow an attacker to overwrite files on a system.

Sources: CISA, Omron

Omron Engineering Software contains an improper authorization vulnerability that can allow an attacker to execute arbitrary code.

Sources: CISA, Omron