CISA has published an advisory on cross-site request forgery, improper neutralization of HTTP headers for scripting syntax, and use of obsolete function vulnerabilities in Honeywell WIN-PAK. WIN-PAK 4.7.2 and prior versions are affected. Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution. Honeywell recommends users with potentially affected products take steps to protect themselves, which it has provided. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.