Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series contains improper resource shutdown or release vulnerabilities that can lead to a denial-of-service condition in the module’s ethernet communication.

Sources: CISA, Mitsubishi Electric

Fuji Electric Tellus Lite V-Simulator contains out-of-bounds write and stack-based buffer overflow vulnerabilities that could lead to arbitrary code execution.

Sources: CISA, Fuji Electric Support

ARC Informatique PcVue contains the cleartext storage of sensitive information and insertion of sensitive information into log file vulnerabilities that can lead to access of an email account, SIM card and other data sources associated with the affected device.

Sources: CISA, PcVue

Rockwell Automation MicroLogix 1100 and 1400 contains cross-site scripting and improper restriction of rendered UI layers or frames vulnerabilities that can lead to a denial-of-service condition or allow for remote code execution.

Sources: CISA, Rockwell Automation

Delta 4G Router DX-3021 contains a command injection vulnerability that can lead to unauthorized users gaining the ability to add files, delete files or change file permissions.

Sources: CISA, Delta

Prosys OPC UA Simulation Server contains an insufficiently protected credentials vulnerability that can allow unauthorized users to gain credentials and access to system data.

Sources: CISA, Prosys

Rockwell Automation GuardLogix, ControlLogix, Compact Logix and Compact GaurdLogix controllers contain an improper input validation vulnerability that could lead to the degradation in availability of the controller or a possible major nonrecoverable fault.

Sources: CISA, Rockwell Automation