Philips Vue PACS contains out-of-bounds write, deserialization of untrusted data, uncontrolled resource consumption and more vulnerabilities that could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software or affect system data integrity to negatively impact system confidentiality, integrity or availability.

Sources: CISA, Philips

Subnet Solutions PowerSYSTEM Center contains a prototype pollution vulnerability that could allow an authenticated attacker to elevate permissions.

Sources: CISA, Subnet

Mitsubishi Electric MELSOFT MaiLab contains an improper verification of cryptographic signature vulnerability that could allow a remote attacker to cause a denial-of-service condition in the target product.

Sources: CISA, Mitsubishi

The Cisco Webex App  contains multiple vulnerabilities that could allow an unauthenticated attacker to gain access to sensitive credential information.

Sources: Cisco, CISA

Rockwell Automation Pavilion 8 products contain a privilege escalation vulnerability that could allow a malicious user with basic privileges to access functions that should only be available to users with administrative level privileges. Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data.

Sources: CISA