TELSAT marKoni FM Transmitter contains command injection, use of hard-coded credentials, use of client-side authentication and other vulnerabilities that can allow an attacker to tamper with the product to bypass authentication or perform remote code execution.

Sources: CISA, Markoni

SDG Technologies PnPSCADA contains a missing authorization vulnerability that can allow an attacker to attach various entities without requiring system authentication.

Sources: CISA, SDG Technologies

Yokogawa FAST/TOOLS and CI Server contain cross-site scripting and empty password in configuration file vulnerabilities that can allow an attacker to launch a malicious script and take control of affected products.

Sources: CISA, Yokohama

Johnson Controls Illustra Essentials Gen 4 contains an improper input validation vulnerability that can allow an attacker to inject commands.

Sources: CISA, Johnson Controls

ABB Ability System 800xA contains an improper input validation vulnerability that can cause services to crash and restart.

Sources: CISA, ABB

PTC Creo Elements/Direct License Server contains a missing authorization vulnerability that can allow unauthenticated remote attackers to execute arbitrary OS commands.

Sources: CISA, PTC