cisa advisory

CISA published advisory ICSA-26-162-03 on June 11, 2026, warning that Brickcom Cube, Dome, Bullet, and Box cameras running firmware 3.2.3.5.6 are affected by authentication weaknesses that can expose live feeds and administrative control. The advisory is small, but the implications are not. A...

CISA on June 11, 2026, published an industrial control systems advisory for Naxclow IoT Platform products used worldwide, warning that Smart Doorbell X3, X Smart Home, V720, and ix cam versions are affected by critical vulnerabilities rated CVSS 9.8. The headline is not merely that another...

CISA published an industrial-control security advisory on June 11, 2026, warning that Yarbo’s Android and iOS mobile apps and cloud MQTT infrastructure exposed hard-coded credentials and weak authorization that could let attackers view fleet telemetry and potentially send robot commands. The...

Schneider Electric and CISA disclosed on June 9, 2026, that EcoStruxure Panel Server devices used in commercial facilities, critical manufacturing, and energy environments are affected by CVE-2026-6866, a high-severity authentication weakness fixed in firmware version 002.006.000 for supported...

CISA on June 9, 2026, republished Siemens ProductCERT advisory SSA-545643 for multiple vulnerabilities in KACO blueplanet inverters, warning that affected devices may allow attackers to derive service credentials from serial numbers and use them for unauthorized access. The advisory is not just...

CISA on June 4, 2026 republished Hitachi Energy’s May 26 advisory for ITT600 SA Explorer, warning that two high-severity libexpat-related vulnerabilities can let an attacker trigger denial of service when IEC 61850 server simulation is used in affected versions. That sentence is the operational...

CISA, the FBI, NSA, DOE, EPA, TSA, DOT, USDA, and partner agencies have warned U.S. operators that malicious actors are targeting internet-exposed automatic tank gauge systems used to monitor fuel and liquid storage tanks across critical infrastructure sectors. The practical message is blunt: if...

CISA published advisory ICSA-26-148-01 on May 28, 2026, warning that MacGregor’s Voyage Data Recorder G4e is affected by multiple credential and access-control weaknesses that could let an attacker gain administrator access to the maritime device. The advisory is narrow in product scope but...

CISA published ICS advisory ICSA-26-148-06 on May 28, 2026, warning that KMW CCTV security cameras are vulnerable to a critical unauthenticated password-reset flaw that can let a remote attacker set the administrator password to a known value and take over camera feeds and settings. The bug is...

CISA warned on May 28, 2026, that XCharge’s C6 electric-vehicle charging equipment contains three critical vulnerabilities that could let attackers gain administrator rights or execute code on affected devices deployed in transportation environments worldwide, with no public exploitation yet...

CISA on May 28, 2026 published a medical advisory for Fourth Frontier’s Frontier X mobile applications and Frontier X2 wearable, warning that missing Bluetooth authentication could let a nearby attacker alter device functions and inject fabricated health readings. The advisory is not just...

CISA on May 28, 2026, warned that Jinan USR IOT Technology Limited’s PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet converter firmware version 7.03T.07 contains hard-coded plaintext administrator credentials that can be extracted from the firmware and used to access device services. The advisory is...

CISA republished ABB’s October 7, 2025 EIBPORT security advisory on May 28, 2026, warning that EIBPORT V3 KNX and EIBPORT V3 KNX GSM firmware before version 3.9.2 contains a high-severity web vulnerability that can expose sensitive device data and allow configuration changes. The advisory is not...

CISA on May 26, 2026 republished ABB’s advisory for CVE-2025-7745, a medium-severity buffer over-read flaw in ABB AC500 V2 PLC firmware that can expose fragments of earlier Modbus responses when unsupported function codes are sent to the device’s Modbus server. The bug is not a headline-grabbing...

On May 26, 2026, CISA published a medical industrial-control advisory warning that all versions of Eppendorf’s BioFlo 320 bioreactor are affected by a hard-coded VNC password vulnerability that can give a remote attacker full control of the device interface when remote access is enabled. The...

CISA republished ABB’s advisory for B&R industrial PCs on May 21, 2026, warning that multiple xPC firmware versions remain exposed to nine PixieFail UEFI network-stack vulnerabilities that can let a network attacker trigger code execution, denial of service, DNS cache poisoning, or data...

ABB’s B&R Automation Studio versions earlier than 6.5 and version 6.5 are affected by a critical set of third-party component vulnerabilities, republished by CISA on May 21, 2026, after ABB first issued advisory SA25P007 on February 18, 2026. The awkward part is not that a vendor patched an...

ABB’s Terra AC Wallbox advisory republished by CISA on May 21, 2026, warns that three medium-severity memory-corruption flaws affect Terra AC wallbox JP firmware up to version 1.8.33 and are fixed in version 1.8.36. The flaws are not the kind of internet-scale emergency that sends defenders...

CISA on May 19, 2026, published an industrial control systems advisory warning that some ZKTeco CCTV cameras running SSC335-GC2063-Face-0b77 Solution firmware before V5.0.1.2.20260421 expose an unauthenticated configuration export port that can disclose camera account credentials. The advisory...

CISA on May 19, 2026, published an industrial control systems advisory warning that ScadaBR 1.2.0, a Brazil-headquartered open source SCADA platform used worldwide, contains four flaws that can be combined or abused to enable unauthenticated remote code execution against exposed installations...