cisa advisory

A newly published U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory warns that an authentication‑bypass flaw in two LG Innotek CCTV models can be exploited remotely to attain administrative access — and that the affected products are end‑of‑life and will not be patched...

National Instruments has confirmed a cluster of high‑severity memory‑corruption vulnerabilities in its Circuit Design Suite that let a crafted .sym symbol file crash, disclose data from, or — in the worst case — run arbitrary code on affected engineering workstations; the vendor issued a patch...

Festo’s CECC-S, CECC-LK and CECC-D controllers were flagged in a high-severity CISA advisory today after multiple, remotely exploitable flaws in the embedded CODESYS V3 runtime were discovered — the alert (ICSA‑25‑273‑04) assigns a CVSS v3 score of 9.8 and warns operators that unpatched devices...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory on a critical remote code execution vulnerability in MegaSys’s Telenium Online web application, a network‑management platform widely used in telecommunications, energy and government environments; the flaw...

CISA has published a new Industrial Control Systems advisory highlighting two high-impact credential-exposure vulnerabilities in the Dingtian DT‑R002 relay board, warning that all firmware versions are affected and urging immediate defensive actions while noting the vendor has not engaged with...

Schneider Electric has published a coordinated security update after a high‑impact local flaw in its Software Update component (SESU) was assigned CVE‑2025‑5296 — a CWE‑59: Improper Link Resolution Before File Access (‘link following’) issue that affects SESU versions prior to 3.0.12 and...

Dover Fueling Solutions’ ProGauge MagLink family is at the center of a critical industrial‑control security alert that should be on every fuel‑site operator’s incident response checklist today: the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a high‑severity advisory...

Schneider Electric has published coordinated advisories describing two OS command injection flaws in the BLMon monitoring console used by Saitel DR and Saitel DP Remote Terminal Units (RTUs), vulnerabilities that allow authenticated console users to inject and execute arbitrary shell commands...

Delta Electronics’ DIALink — a widely used industrial automation server — is the subject of a coordinated vulnerability disclosure that identifies two directory‑traversal / authentication‑bypass flaws (CVE‑2025‑58320 and CVE‑2025‑58321) affecting DIALink versions V1.6.0.0 and earlier, and urges...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

Siemens and upstream OpenSSL vulnerabilities that allow out-of-bounds reads — tracked under CVE-2021-3712 — remain a live operational risk across dozens of Siemens industrial networking, communications, and automation products; Siemens has published ProductCERT guidance and fixes for many...

A newly disclosed Cross‑Site Scripting (XSS) vulnerability, tracked as CVE‑2025‑7746, affects a broad set of Schneider Electric Altivar drives and modules — including the ATVdPAC module (fixed in VW3A3530D version 25.0), multiple Altivar Process and Machine drives, and the ILC992 InterLink...

Schneider Electric has published fixes and CISA republished an advisory after coordinated disclosure of two vulnerabilities in EcoStruxure Building Operation / Enterprise Server and associated Workstation components that could enable an authenticated, adjacent‑network attacker to cause a...

Siemens’ cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) has been found to expose a network share without authentication — a configuration defect that Siemens has cataloged as CVE-2025-40804 and scored as critical (CVSS v3.1 = 9.1; CVSS v4 = 9.3). This flaw allows unauthenticated...

CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability Summary What it is: CVE-2025-54109 is an elevation-of-privilege (EoP) vulnerability described by Microsoft as "Access of resource using incompatible type ('type confusion')" in the Windows Defender Firewall...

Rockwell Automation’s 1783‑NATR I/O adapter has been flagged by CISA as vulnerable to a third‑party component flaw that can cause memory corruption, carrying a CVSS v4 base score of 6.9 and described as remotely exploitable with low attack complexity — operators should treat it as an immediate...

A newly republished advisory from CISA and Rockwell Automation raises urgent operational and security flags for organizations using the CompactLogix® 5480 controller family: the devices running specific Windows packages are affected by a Missing Authentication for Critical Function vulnerability...

A remote information‑disclosure weakness in Mitsubishi Electric’s MELSEC iQ‑F series CPU modules has been publicly described as a cleartext transmission of sensitive information over SLMP, enabling an attacker with network access to capture credentials and potentially read/write device values or...

Mitsubishi Electric’s MELSEC iQ‑F family of CPU modules has been formally flagged with a network‑accessible vulnerability that allows unauthenticated remote actors to read and write device values — and in some deployments to halt program execution — because the affected product’s Modbus/TCP...

CISA has added a critical Citrix NetScaler vulnerability — CVE-2025-7775 — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, prompting an urgent patch-and-verify cycle for NetScaler ADC and NetScaler Gateway operators worldwide. Background CVE-2025-7775...