Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Mitsubishi Electric Air Conditioning Systems

This advisory contains mitigations for Use of a Broken or Risky Cryptographic Algorithm, Exposure of Sensitive Information to an Unauthorized Actor, and Channel Accessible by Non-Endpoint vulnerabilities in Mitsubishi Electric Air Conditioning Systems.

us-cert
Open in Source
#vulnerability#auth
Vulnerabilities Affecting Dominion Voting Systems ImageCast X

This advisory contains mitigations for Improper Verification of Cryptographic Signature, Mutable Attestation of Measurement Reporting Data, Hidden Functionality, Improper Protection of Alternate Path, Path Traversal: ''../filedir', Execution with Unnecessary Privileges, Authentication Bypass Spoofing, Incorrect Privilege Assignment, and Origin Validation Error vulnerabilities in versions of Dominion Voting Systems Democracy Suite ImageCast X software.

Carrier LenelS2 HID Mercury access panels

This advisory contains mitigations for Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, and OS Command Injection vulnerabilities in Carrier HID Mercury access panels sold by LenlS2.

Illumina Local Run Manager

This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Cleartext Transmission of Sensitive Information vulnerabilities in Illumina devices using Local Run Manager software.

BD Pyxis

This advisory contains mitigations for a Not Using Password Aging vulnerability in the BD Pyxis automated medication dispensing system.

BD Synapsys

This advisory contains mitigations for an Insufficient Session Expiration vulnerability in the BD Synapsys microbiology informatics software platform.

Fuji Electric Alpha7 PC Loader

This advisory contains mitigations for a ack-based Buffer Overflow vulnerability in the Fuji Electric Alpha7 PC Loader servo drive system.

Mitsubishi Electric FA Products (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22-090-04 Mitsubishi Electric FA Products that was published March 31, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, and Authentication Bypass by Capture-replay vulnerabilities in Mitsubishi Electric FA CPU module products.

Mitsubishi Electric Multiple Products (Update D)

This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update C) that was published September 9, 2021, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.

Mitsubishi Electric Factory Automation Engineering Software (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update A) that was published January 5, 2021, to the ICS webpage on ucisa.gov/ics. This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.