cisa advisory

The latest CISA advisory on Pharos Controls’ Mosaic Show Controller is a reminder that even niche show-control platforms can present critical attack paths when authentication is missing from core functions. CISA says Mosaic Show Controller firmware 2.15.3 is affected by CVE-2026-2417, a missing...

The latest CISA advisory on Automated Logic’s WebCTRL Premium Server is a reminder that building-automation software is no longer a niche OT concern; it is a live security issue with direct implications for commercial facilities worldwide. CISA says successful exploitation could let an attacker...

Honeywell’s widely deployed IQ4 building-management controllers can ship in a factory-default state that exposes the full web HMI without authentication, creating an immediate, high-severity risk for any installation where the device is reachable from untrusted networks. Background The IQ4...

A newly published advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that ePower’s charging management platform — branded at epower.ie and used by network operators and site hosts worldwide — contains a cluster of high‑severity authentication and...

Johnson Controls’ Frick Controls Quantum HD family has been pushed into the center of a new industrial‑control security storm after a coordinated advisory flagged a cluster of high‑severity remote vulnerabilities that — if chained or exploited at scale — could let unauthenticated attackers run...

CISA has published an industrial-control-systems advisory (ICSA-26-057-08) that calls out a cluster of high‑severity authentication and session‑management flaws in Mobility46’s public-facing charging‑station software (mobility46.se), warning that successful exploitation could let attackers gain...

A new high-severity advisory from the Cybersecurity and Infrastructure Security Agency (CISA) warns that EV charging management software from EV Energy — branded as ev.energy — contains a cluster of authentication and session-handling flaws that, if exploited, could give attackers administrative...

The Cybersecurity and Infrastructure Security Agency (CISA) on February 26, 2026 published an advisory naming a cluster of high‑severity vulnerabilities that affect the Chargemap platform and its public-facing services — a set of failures in authentication and session handling that, if...

CISA today added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog — a move that forces federal agencies to prioritize fixes and should put every security team on high alert. The four CVEs are: CVE-2024-43468 (Microsoft Configuration Manager — unauthenticated SQL...

A newly published CISA advisory warns that Airleader Master — a widely deployed compressed-air control and monitoring platform — contains a critical file‑upload vulnerability that can be exploited to achieve remote code execution on affected installations. The advisory assigns the flaw...

CISA has published an industrial control systems advisory warning that RISS SRL’s MOMA Seismic Station firmware up to and including v2.4.2520 (CVE‑2026‑1632) exposes its web management interface without requiring authentication — a design failing that permits unauthenticated remote actors to...

A high-severity advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that multiple models in the KiloView Encoder Series contain a missing authentication for a critical function vulnerability (tracked as CVE‑2026‑1453 in the advisory) that — if successfully...

EVMAPA’s charging‑station software was publicly flagged in a coordinated CISA advisory that assigns three CVE identifiers — CVE‑2025‑54816, CVE‑2025‑53968 and CVE‑2025‑55705 — and classifies the cluster as a high‑to‑critical risk to EV charging infrastructure because successful exploitation can...

CISA confirmed on January 12, 2026 that it has added a high‑severity Gogs path‑traversal vulnerability, tracked as CVE‑2025‑8110, to its Known Exploited Vulnerabilities (KEV) Catalog — a move that triggers urgent remediation requirements for federal agencies under Binding Operational Directive...