1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-147-01 Inductive Automation Ignition that was published…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could potentially allow an authorized low-privileged user to gain full system-level privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED…

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Software House C•CURE 9000 and American Dynamics victor Video Management System Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may…

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerabilities: SQL Injection, Path Traversal, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Rockwell Automation Equipment: EDS Subsystem Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a denial-of-service condition….

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Opto 22 Equipment: SoftPAC Project Vulnerabilities: External Control of File Name or Path, Improper Verification of Cryptographic Signature, Improper Access Control, Uncontrolled Search Path Element, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Eaton Equipment: Intelligent Power Manager Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users…