Due to an error in a third-party dependency, the SSL flags used for setting up a TLS connection to a server are overwritten with the wrong settings. This results in a missing validation of the server certificate and thus results in a possible TLS MITM scenario.
The affected software contains a buffer overflow vulnerability while handling certain files that may allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.
An attacker could change the content of certain metafiles and subsequently manipulate parameters or the behavior of devices that would be later configured by the affected software.
A remote attacker can send specially crafted packets, which may cause a denial-of-service condition and arbitrary code execution.
A remote attacker sending specially crafted LLDP packets can cause memory to be lost when allocating data, which may cause a denial-of-service condition.
Refer to the vendor website for more information on affected products, patches, and upgrades https://us-cert.cisa.gov/ics/advisories