Juniper Juno OS contains a remote execution vulnerability that can allow a threat actor to cause a denial-of-service condition.

Sources: CISA, Juniper

​ICONICS and Mitsubishi Electric Products contain buffer overflow, out-of-bounds read, observable timing discrepancy and more vulnerabilities that can result in information disclosure, denial-of-service or remote code execution.

Sources: CISA, ICONICS

Schneider Electric PowerLogic ION7400/PM8000/ION8650/ION8800/ION9000 Power Meters contain a cleartext transmission of sensitive information vulnerability that can allow an attacker to cause a disclosure of sensitive information, a denial of service or modification of data if an attacker is able to intercept network traffic.

Sources: Schneider Electric, CISA

Walchem Intuition 9 contains missing authentication for critical function and improper authentication vulnerabilities that can allow an attacker to download and export sensitive data or grant an attacker direct login to a device.

Sources: CISA, Walchem

Citrix Content Collaboration contains an improper access control vulnerability that can allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

Sources: CISA, NIST

Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU contain an authentication bypass by capture-replay vulnerability that can allow an attacker to execute unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session.

Sources: CISA, Schneider Electric

Rockwell Automation Armor PowerFlex contains an incorrect calculation vulnerability that can allow an attacker to send an influx of network commands, causing the product to generate an influx of event log traffic at a high rate, resulting in the stop of normal operations.

Sources: CISA, Rockwell Automation