us-cert

This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.

This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.

This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.

This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Manager power management platform.

This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere HMI products.

This advisory contains mitigations for Out-of-bounds Read, and Integer Overflow or Wraparound vulnerabilities in Mitsubishi Electric MELSOFT GT OPC UA client connection products.

This advisory contains mitigations for an Unverified Password Change vulnerability in Johnson Controls Metasys ADS, ADX, and OAS servers.

This advisory contains mitigations for a OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors vulnerabilities in Yokogawa CENTUM and ProSafe-RS Distributed Control System and Safety Instrumented System products.

This advisory contains mitigations for an Improper Privilege Management vulnerability in Johnson Controls Metasys ADS/ADX/OAS Servers.

This updated advisory is a follow-up to the advisory update titled ICSA-22-081-01 Delta Electronics DIAEnergie (Update A) that was published March 29, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.