Exemys RME1 contains an improper authentication vulnerability.

Sources: Exemys Support, CISA

Emerson DeltaV Distributed Control System contains multiple vulnerabilities, such as missing authentication for critical function, use of hard-coded credentials, insufficient verification of data authenticity and use of a broken or risky cryptographic algorithm.

Sources: Emerson Guardian Support Portal, CISA

Yokogawa Wide Area Communication Router (WAC Router) contains a use of insufficiently random values vulnerability.

Sources: Yokogawa Support, CISA, Yokogawa security advisory

Distributed Data Systems WebHMI contains vulnerabilities, such as cross-site scripting and OS command injection.

Sources: Distributed Data Systems, CISA

Mitsubishi Electric FA Engineering Software contains an out-of-bounds read vulnerability and an integer underflow vulnerability.

Sources: Mitsubishi Electric, CISA

The CODESYS GmbH CODESYS Gateway Server contains a heap-based buffer overflow vulnerability.

Sources: CODESYS GmbH, CISA

Mozilla released security updates for Firefox, Firefox ESR and Thunderbird due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: Mozilla Firefox, Mozilla Firebird ESR, Mozilla Thunderbird, CISA

ABB e-design contains an incorrect default permissions vulnerability.

Sources: CISA

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series contain vulnerabilities, such as cleartext transmission of sensitive information, insufficient verification of data authenticity and plaintext storage of a password.

Sources: CISA

Advantech iView contains vulnerabilities, such as SQL injection, missing authentication for critical function, relative path traversal and command injection.

Sources: Advantech, CISA

Motorola Solutions MOSCAD IP Gateway and ACE IP Gateway contain a missing authentication for critical function vulnerability.

Sources: Motorola Solutions support, CISA

Motorola Solutions MDLC contains vulnerabilities, such as use of a broken or risky cryptographic algorithm and plaintext storage of a password.

Sources: Motorola Solutions support, CISA

Motorola Solutions ACE1000 contains vulnerabilities, such as use of hard-coded cryptographic key, use of hard-coded credentials and insufficient verification of data authenticity.

Sources: Motorola Solutions, CISA

CISA added eight vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: Known Exploited Vulnerabilities Catalog, CISA