Mitsubishi Electric GOT2000 and GOT SIMPLE contain a predictable exact value from previous values vulnerability that can allow an attacker to hijack data connections or prevent legitimate users from establishing data connections.

Sources: CISA, Mitsubishi Electric

Mitsubishi Electric GT and GOT Series products contain a weak encoding for password vulnerability that can allow an attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords.

Sources: CISA, Mitsubishi Electric

TEL-STER TelWin SCADA WebInterface contains a path traversal vulnerability that can allow an unauthenticated attacker to read files on the system.

Sources: CISA, TEL-STER

Sensormatic Electronics VideoEdge contains an acceptance of extraneous untrusted data with trusted data vulnerability that can allow a local user to edit the VideoEdge configuration file and interfere with VideoEdge operation.

Sources: CISA, Sensormatic

Mitsubishi Electric CNC Series (Update A) contains a classic buffer overflow vulnerability that can allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets.

Sources: Mitsubishi Electric, CISA

APSystems Altenergy Power Control contains an OS command injection vulnerability that can allow remote code execution.

Sources: CISA, APSystems

Ivanti Endpoint Manager Mobile contains a path traversal vulnerability that can allow an authenticated administrator to perform malicious file writes to the EPMM server.

Sources: CISA, NIST