You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cisa advisory
About this tag
CISA advisories on WindowsForum.com cover industrial control systems (ICS), medical devices, and critical infrastructure vulnerabilities published by the U.S. Cybersecurity and Infrastructure Security Agency. Recent threads discuss flaws in satellite terminals, IoT hubs, reaction wheels, SCADA/HMI systems, storage concentrators, DICOM toolkits, and medical imaging libraries. Common themes include unauthenticated access, authentication bypass, path traversal, and firmware verification gaps. These advisories highlight security risks in operational technology (OT), healthcare, and satellite sectors, emphasizing the need for patching and secure configuration. The tag aggregates community discussion and analysis of CISA alerts, helping IT and security professionals stay informed about emerging threats and mitigation steps.
On July 2, 2026, CISA published an industrial-control advisory warning that ST Engineering iDirect iQ-Series satellite terminals running software version 4.5.2.1 or earlier contain two high-severity flaws affecting device information exposure and remote reboot behavior. The affected products sit...
On July 2, 2026, CISA published an industrial control systems advisory for Gardyn IoT Hub vulnerabilities that could let unauthenticated attackers access and control Gardyn-managed devices in the United States food and agriculture sector. The advisory assigns the issue a maximum CVSS v3 severity...
CISA on July 2, 2026, published an industrial control systems advisory for CubeSpace’s CW0057 Reaction Wheel, warning that firmware before version 5.0.20 can accept malicious replacement firmware because it does not cryptographically verify update authenticity. The affected device is not a...
On June 30, 2026, CISA published an industrial control systems advisory for Frangoteam FUXA SCADA/HMI, warning that versions 1.3.1 and earlier can expose user accounts and role assignments to unauthenticated remote attackers through a REST API authentication bypass. The bug is not a plant-floor...
CISA on June 30, 2026, published an industrial-control-system advisory warning that multiple vulnerabilities in StoneFly Storage Concentrator and Storage Concentrator Virtual Machine before fixed 8.0.4.x releases could enable unauthorized access, root-level command execution, sensitive-data...
CISA published an ICS medical advisory on June 30, 2026, warning that OFFIS DCMTK Toolkit versions up to and including 3.7.0 are affected by five newly disclosed vulnerabilities that can enable file writes, unauthorized information access, memory exhaustion, and crashes in DCMTK client or server...
CISA published ICS Medical Advisory ICSMA-26-176-01 on June 25, 2026, warning that pydicom’s pynetdicom library versions 1.0.0 through before 3.0.4 contain a path traversal flaw that can let an unauthenticated attacker write files to arbitrary locations. That is a deceptively plain sentence for...
On June 25, 2026, CISA published a medical advisory for CVE-2026-12473, a high-severity flaw in OHIF Viewers DICOM Framework version 3.12.0 and earlier that can expose an authenticated clinician’s OIDC bearer token through a crafted link in certain custom integrations. The bug is not a cinematic...
CISA’s June 25, 2026 industrial-control advisory says EVoke Systems’ Charging Station Management System can accept WebSocket connections from charging stations without sufficiently authenticating them, allowing an attacker to impersonate EV chargers and potentially issue or receive backend...
On June 25, 2026, CISA published a medical advisory warning that pydicom’s pynetdicom library versions 1.0.0 through earlier than 3.0.4 contain a path traversal flaw that could let an unauthenticated attacker write files to arbitrary locations on affected systems. The advisory lands in the...
CISA published advisory ICSA-26-176-05 on June 25, 2026, warning that H.VIEW’s HV-500S6 IP Camera running firmware IPCAM_V4.06.88.251229 is affected by command-injection and dangerous-file-upload flaws that could let attackers execute arbitrary code or upload malicious files to the device. The...
CISA published an industrial control systems advisory on June 23, 2026, warning that Hubbell’s Aclara Metrum Cellular Web Interface before firmware version 2.1.0.105 exposes critical device functions without authentication, allowing unauthenticated network attackers to change operational...
On June 18, 2026, CISA warned Fortinet customers worldwide to harden internet-facing FortiGate firewalls and SSL VPN gateways after reports that attackers used compromised credentials tied to roughly 74,000 devices across government and private-sector networks. The alert is not framed as a new...
On June 18, 2026, CISA published ICS advisory ICSA-26-169-02 warning that AzeoTech DAQFactory 21.1 and earlier contains a type-confusion flaw, CVE-2026-12390, that can let a malicious .ctl project file trigger arbitrary code execution when opened by a user. The advisory is narrow in technical...
On June 18, 2026, CISA republished Rockwell Automation’s SD1773 advisory warning that FactoryTalk Historian Site Edition 11 and earlier releases contain three vulnerabilities that can let attackers obtain valid authentication tokens, trigger denial-of-service conditions, or crash affected...
CISA on June 18, 2026, published a medical device advisory for Apollo Pharmacy’s Blood Glucose Monitoring System APG-01 BT, warning that two vulnerabilities in version 0x0110_v1.1.0 could expose sensitive health information and block legitimate Bluetooth connections. The advisory is narrow...
CISA on June 16, 2026 republished Rockwell Automation Security Advisory SD1776 as ICSA-26-167-04, warning that CompactLogix 5370 L1, L2, and L3 controllers used worldwide in critical manufacturing are affected by vulnerabilities that could let an attacker trigger a denial-of-service condition...
On June 16, 2026, CISA republished Rockwell Automation Advisory SD1774 for RSLinx Classic, warning that versions 4.50.00 and earlier are affected by CVE-2020-13573, a remotely reachable vulnerability that can leave the application unresponsive until operators intervene. The headline sounds...
CISA published advisory ICSA-26-162-03 on June 11, 2026, warning that Brickcom Cube, Dome, Bullet, and Box cameras running firmware 3.2.3.5.6 are affected by authentication weaknesses that can expose live feeds and administrative control. The advisory is small, but the implications are not. A...
CISA on June 11, 2026, published an industrial control systems advisory for Naxclow IoT Platform products used worldwide, warning that Smart Doorbell X3, X Smart Home, V720, and ix cam versions are affected by critical vulnerabilities rated CVSS 9.8. The headline is not merely that another...