Mitsubishi Electric Corporation MELSEC iQ-R Series CPU Module contains a cleartext transmission of sensitive information vulnerability that could lead to a remote attacker logging into the CPU module by obtaining credentials.

Sources: Mitsubishi Electric Advisory, CISA

Hitachi Energy Lumada Asset Performance Management contains allocation of resources without limits or throttling and code injection vulnerabilities that could lead to remote code execution.

Sources: Hitachi Energy Support, CISA

CISA released industrial control systems advisories for 22 Siemens products due to vulnerabilities found that should lead to updates for each product.

Sources: CISA, Siemens Operational Guidelines

Adobe Cold Fusion, Acrobat and Reader, Commerce and Magneto Open Source and Dimension contain vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Adobe Cold Fusion, Adobe Acrobat and Reader, Adobe Commerce and Magneto Open Source, Adobe Dimension, CISA

Microsoft released security updates for multiple Microsoft products due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Microsoft Security Updates, Update Deployment Information, CISA

Sensormatic Electronics C-CURE 9000 contains an observable response discrepancy vulnerability that could lead an unauthorized user to enumerate user accounts.

Sources: Upgrade, Johnson Controls Product Advisory, CISA

Daikin Holdings Singapore Pte Ltd. SVMPC1 and SVMPC2 contain use of hard-coded password and improper access control vulnerabilities that could lead to the disclosure of sensitive information and an attacker gaining full control of affected systems.

Sources: Vulnerability Information, CISA

Altair HyperView Player contains improper restriction of operations within the bounds of a memory buffer, use of uninitialized resource and improper validation of array index vulnerabilities that could lead to a device crashing.

Sources: Latest Version of HyperView Player, CISA