1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products Vulnerability: Permission Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-212-02 Mitsubishi Electric Multiple Factory Automation Engineering Software Products that was…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerability: Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX. 2. RISK EVALUATION…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson  Equipment: Rosemount X-STREAM Gas Analyzer Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker through a specially crafted URL to download files and obtain sensitive information. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-352-02 PTC Kepware KEPServerEX that was published…

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low skill level to exploit Vendor: PTC Equipment: Kepware LinkMaster Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges.  3….

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Medtronic Equipment: MyCareLink (MCL) Smart Model 25000 Patient Reader Vulnerabilities: Improper Authentication, Heap-based Buffer Overflow, Time-of-check Time-of-use Race Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities together could result in the attacker…

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerability: Improper Check or Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to enter a denial-of-service condition, and a reset of…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Host Engineering Equipment: ECOM100 Module Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service condition, forcing an operator to manually restart the device. 3. TECHNICAL DETAILS 3.1…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Multiple (open source) Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination CISA is aware of a public…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Corporation Equipment: GOT and Tension Controller Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause deterioration of communication performance or cause a denial-of-service condition of the…