CISA has published an advisory on missing authentication for critical function, improper ownership management, and inadequate encryption strength vulnerabilities in Emerson OpenEnterprise. All versions through 3.3.4 are affected. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.