Delta Electronics InfraSuite Device Master contains improper access control and deserialization of untrusted data vulnerabilities that can allow an attacker to escalate privileges or remotely execute arbitrary code.

Sources: CISA, Delta Electronics

Schneider Electric EcoStruxure Operator Terminal Expert contains an improper control of generation of code vulnerability that can allow an attacker to execute arbitrary code and gain access to sensitive information on the machine.

Sources: CISA, Schneider Electric

Ovarro TBox RTUs contains missing authorization, use of broken or risky cryptographic algorithm and more vulnerabilities that can result in sensitive system information being exposed and privilege escalation.

Sources: CISA, Ovarro

​Mitsubishi Electric MELSEC-F Series contains an authentication bypass by capture-replay vulnerability that can allow an attacker to login to the product by sending specially crafted packets.

Sources: CISA, Mitsubishi Electric

Medtronic Paceart Optima System contains a deserialization of untrusted data vulnerability that can result in remote code execution or a denial-of-service condition impacting a healthcare delivery organization’s Paceart Optima system.

Sources: CISA, Medtronic

Rockwell Automation CompactLogix 5370 contains uncontrolled resource consumption and stack-based buffer overflow vulnerabilities that can allow a remote attacker to render the web server unavailable and/or place the controller in a major non-recoverable faulted state (MNRF).

Sources: CISA, Rockwell Automation

Enphase Installer Toolkit android app contains a use of hard-coded credentials vulnerability that can allow sensitive information to be obtained by an attacker using hard-coded credentials.

Sources: CISA, Enphase Energy