ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

Sources: CISA, NIST

Delta Electronics CNCSoft-B DOPSoft contains an uncontrolled search path element vulnerability that can allow an attacker to achieve remote code execution.

Sources: CISA, Delta Electronics

Commend WS203VICM contains argument injection, improper access control and weak encoding for password vulnerabilities that can allow an attacker to obtain sensitive information or force the system to restart.

Sources: CISA, Commend

Ethercat Zeek Plugin contains out-of-bounds write and out-of-bounds read vulnerabilities that can allow remote code execution.

Sources: CISA, Ethercat

Mitsubishi Electric Electrical Discharge Machines contain an improper input validation vulnerability that can allow an attacker to disclose, tamper with, destroy or delete information, or cause a denial-of-service condition on the products.

Sources: CISA, Mitsubishi Electric

Microsoft Exchange Server contains a privilege escalation vulnerability that allows for privilege escalation.

Sources: CISA, NIST

Cisco ASA and FTD contain an information disclosure vulnerability that can allow an attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface.

Sources: CISA, NIST