PTC ThingWorx Edge contains improper validation of array index and integer overflow or wraparound vulnerabilities that could allow an attacker to crash the device or could allow remote code execution.

Sources: CISA, PTC

Moxa UC Series contains an improper physical access control vulnerability that could allow an attacker with physical access to take full control of the device using the console port.

Sources: CISA, Moxa

Mitsubishi Electric MELSOFT iQ AppPortal contains a HTTP request smuggling and insufficient verification of data authenticity vulnerability that can allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service and more.

Sources: CISA, Mitsubishi Electric

Philips Vue PACS (Update C) contains cleartext transmission of sensitive information, improper restriction of operations within the bounds of a memory buffer and other vulnerabilities that could allow an unauthorized person or process to eavesdrop and perform code execution.

Sources: CISA, Philips

Cisco Application Policy Infrastructure Controller contains a cross-site request forgery vulnerability that can allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

Sources: CISA, Cisco

VMware Carbon Black App Control contains an injection vulnerability that can allow a threat actor access to the underlying server operating system.

Sources: CISA, VMware

Fortinet FortiADC contains an OS command injection vulnerability that can allow an authenticated attacker to execute arbitrary shell code as "root" via CLI commands.

Sources: CISA, Fortinet