cisa advisory

CISA republished ABB’s advisory for B&R industrial PCs on May 21, 2026, warning that multiple xPC firmware versions remain exposed to nine PixieFail UEFI network-stack vulnerabilities that can let a network attacker trigger code execution, denial of service, DNS cache poisoning, or data...

ABB’s B&R Automation Studio versions earlier than 6.5 and version 6.5 are affected by a critical set of third-party component vulnerabilities, republished by CISA on May 21, 2026, after ABB first issued advisory SA25P007 on February 18, 2026. The awkward part is not that a vendor patched an...

ABB’s Terra AC Wallbox advisory republished by CISA on May 21, 2026, warns that three medium-severity memory-corruption flaws affect Terra AC wallbox JP firmware up to version 1.8.33 and are fixed in version 1.8.36. The flaws are not the kind of internet-scale emergency that sends defenders...

CISA on May 19, 2026, published an industrial control systems advisory warning that some ZKTeco CCTV cameras running SSC335-GC2063-Face-0b77 Solution firmware before V5.0.1.2.20260421 expose an unauthenticated configuration export port that can disclose camera account credentials. The advisory...

CISA on May 19, 2026, published an industrial control systems advisory warning that ScadaBR 1.2.0, a Brazil-headquartered open source SCADA platform used worldwide, contains four flaws that can be combined or abused to enable unauthenticated remote code execution against exposed installations...

CISA on May 12, 2026 published an industrial control systems advisory for Subnet Solutions PowerSYSTEM Center, warning that multiple authenticated-user flaws affect PSC 2020, PSC 2024, and PSC 2026 deployments used in critical manufacturing and energy environments worldwide. The vulnerabilities...

CISA on May 5, 2026 republished a Johnson Controls advisory warning that CEM AC2000 versions 10.6, 11.0, and 12.0 contain a high-severity DLL hijacking flaw, CVE-2026-21661, that can let a standard local user escalate privileges on the host machine. That sentence sounds narrow, almost...

CISA on May 5, 2026 republished Hitachi Energy’s advisory for a path-traversal flaw in PCM600, warning that affected legacy and 3.x versions can mishandle malicious ZIP archives and allow an attacker to write files outside the intended extraction path. The uncomfortable part is not the CVSS...

CISA republished ABB’s advisory for PCM600 on April 30, 2026, warning that versions 1.5 through 2.13 of ABB’s protection and control IED management software contain a SharpZipLib path traversal flaw that can let crafted messages cause arbitrary code execution on a system node. The fix is PCM600...

CISA republished ABB’s AWIN Gateways advisory on April 30, 2026, warning that three vulnerabilities in ABB AWIN GW100 rev.2 and GW120 firmware can expose configuration data or let an unauthenticated adjacent attacker reboot affected industrial gateway devices. The word adjacent does a lot of...

The latest CISA advisory on the SpiceJet Online Booking System is a straightforward but serious warning: two unauthenticated access-control flaws could let attackers disclose passenger data, including booking details and names, without needing an account or any special access. CISA says both...

Milesight Cameras are back in the security spotlight with a sprawling CISA advisory that ties five CVE families to a wide range of AIoT, LPR, and network camera product lines, many of them still running firmware branches that can be exploited for device crashes or full remote code execution...

Yadea’s T5 electric bicycle has just become the latest reminder that modern transportation security is no longer limited to cars, trucks, and public transit. According to CISA’s newly published ICS advisory, a weakness in the bicycle’s authentication scheme could let a local attacker intercept a...

The latest CISA advisory on the Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera is not a routine firmware notice; it is a critical authentication-bypass disclosure that can let unauthenticated attackers reach sensitive device information and live video streams. CISA says the affected...

Critical infrastructure operators are being urged to patch Carlson Software’s VASCO-B GNSS Receiver after CISA published a new ICS advisory describing a high-severity authentication flaw that could let a remote attacker change device configuration or interfere with operation. The advisory says...

The latest CISA-led advisory on China-nexus covert networks of compromised devices marks an important shift in how state-backed operators are hiding, moving, and scaling their activity. Instead of relying on individually procured infrastructure, these actors are increasingly routing operations...

Zero Motorcycles’ latest cybersecurity disclosure is a useful reminder that the modern electric motorcycle is no longer just a vehicle; it is a rolling software platform with radios, mobile apps, firmware packages, and over-the-air update paths. In a new CISA advisory published on April 21...

SenseLive X3050 is the latest reminder that industrial and embedded devices often fail in clusters, not as isolated bugs. CISA says version X3050 V1.523 is affected by 11 vulnerabilities spanning authentication bypass, hard-coded credentials, insufficient session expiration, missing...

The newly disclosed Silex Technology SD-330AC and AMC Manager vulnerability set is a reminder that device-management software can be just as dangerous as the hardware it controls. CISA says successful exploitation could enable arbitrary code execution, denial of service, and unauthenticated...

Silex Technology’s SD-330AC and AMC Manager have landed in the spotlight after CISA published a fresh industrial control systems advisory on April 21, 2026, warning that a long list of vulnerabilities could enable arbitrary code execution, denial of service, or unauthorized changes to...