A malicious actor could exploit these flaws to escalate privilege on a vulnerable machine
Israeli firm Candiru, Russian security vendor Positive Technologies and Computer Security Initiative Consultancy also sanctioned
Named firms are Positive Technologies, ERA Technopolis, Neobit, Advanced System Technology (AST), Pasit and SVA
A patch addressing the bug was released last month
The bug is unpatchable, according to researchers, but doesn't affect Intel's latest generation of CPUs
Researchers have described the findings as "significant" and called on banks to improve contactless payment card security