Siemens SIMATIC, SIPLUS Products contain an integer overflow or wraparound vulnerability that can allow an unauthenticated remote attacker to create a denial-of-service condition by sending a specially crafted certificate.

Sources: CISA, Siemens

Siemens Parasolid contains an out-of-bounds write vulnerability that can allow an attacker to execute code in the context of the current process.

Sources: CISA, Siemens

Siemens QMS Automotive contains improper access control, unrestricted upload of file with dangerous type, insufficient session expiration and more vulnerabilities that can allow an attacker to perform malicious code injection, information disclosure or lead to a denial-of-service condition.

Sources: CISA, Siemens

Rockwell Automation Pavilion8 contains an improper authentication vulnerability that can allow an attacker to retrieve other users' sessions data.

Sources: CISA, Rockwell Automation

Hitachi Energy Lumada APM Edge contains use after free, double free, type confusion and more vulnerabilities that can allow an attacker to cause a denial-of-service condition or disclosure of sensitive information.

Sources: CISA, Hitachi Energy

Fujitsu Software Infrastructure Manager contains a cleartext storage of sensitive information vulnerability that can result in an attacker retrieving the password for the proxy server that is configured in ISM from the maintenance data.

Sources: CISA, Fujitsu

Mitsubishi Electric MELSEC Series CPU module (Update) contains a classic buffer overflow vulnerability that can allow a remote attacker to cause a denial-of-service condition or execute malicious code on a target product by sending specially crafted packets.

Sources: CISA, Mitsubishi Electric