Security researchers at Claroty [published details](https://www.claroty.com/2020/07/28/vpn-security-flaws/) on multiple pre-auth remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. The vulnerabilities could allow unauthenticated attackers to execute arbitrary code. Individual CVEs referenced in Claroty's research include CVE-2020-14500, CVE-2020-14508, CVE-2020-14510, CVE-2020-14512, CVE-2020-14511, and CVE-2020-14498. Affected products include Secomea GateManager, Moxa EDR-G902/3 industrial VPN servers, and eWon by HMS Networks.

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.