cisa advisory

CISA republished ABB’s advisory for PCM600 on April 30, 2026, warning that versions 1.5 through 2.13 of ABB’s protection and control IED management software contain a SharpZipLib path traversal flaw that can let crafted messages cause arbitrary code execution on a system node. The fix is PCM600...

CISA republished ABB’s AWIN Gateways advisory on April 30, 2026, warning that three vulnerabilities in ABB AWIN GW100 rev.2 and GW120 firmware can expose configuration data or let an unauthenticated adjacent attacker reboot affected industrial gateway devices. The word adjacent does a lot of...

The latest CISA advisory on the SpiceJet Online Booking System is a straightforward but serious warning: two unauthenticated access-control flaws could let attackers disclose passenger data, including booking details and names, without needing an account or any special access. CISA says both...

Milesight Cameras are back in the security spotlight with a sprawling CISA advisory that ties five CVE families to a wide range of AIoT, LPR, and network camera product lines, many of them still running firmware branches that can be exploited for device crashes or full remote code execution...

Yadea’s T5 electric bicycle has just become the latest reminder that modern transportation security is no longer limited to cars, trucks, and public transit. According to CISA’s newly published ICS advisory, a weakness in the bicycle’s authentication scheme could let a local attacker intercept a...

The latest CISA advisory on the Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera is not a routine firmware notice; it is a critical authentication-bypass disclosure that can let unauthenticated attackers reach sensitive device information and live video streams. CISA says the affected...

Critical infrastructure operators are being urged to patch Carlson Software’s VASCO-B GNSS Receiver after CISA published a new ICS advisory describing a high-severity authentication flaw that could let a remote attacker change device configuration or interfere with operation. The advisory says...

The latest CISA-led advisory on China-nexus covert networks of compromised devices marks an important shift in how state-backed operators are hiding, moving, and scaling their activity. Instead of relying on individually procured infrastructure, these actors are increasingly routing operations...

Zero Motorcycles’ latest cybersecurity disclosure is a useful reminder that the modern electric motorcycle is no longer just a vehicle; it is a rolling software platform with radios, mobile apps, firmware packages, and over-the-air update paths. In a new CISA advisory published on April 21...

SenseLive X3050 is the latest reminder that industrial and embedded devices often fail in clusters, not as isolated bugs. CISA says version X3050 V1.523 is affected by 11 vulnerabilities spanning authentication bypass, hard-coded credentials, insufficient session expiration, missing...

The newly disclosed Silex Technology SD-330AC and AMC Manager vulnerability set is a reminder that device-management software can be just as dangerous as the hardware it controls. CISA says successful exploitation could enable arbitrary code execution, denial of service, and unauthenticated...

Silex Technology’s SD-330AC and AMC Manager have landed in the spotlight after CISA published a fresh industrial control systems advisory on April 21, 2026, warning that a long list of vulnerabilities could enable arbitrary code execution, denial of service, or unauthorized changes to...

AVEVA’s Pipeline Simulation platform is facing a critical missing-authorization flaw that can let an unauthenticated attacker perform actions reserved for high-privilege users, including Simulator Instructor and Simulator Developer roles. CISA’s new industrial control systems advisory says the...

Anviz’s multi-product security advisory is the kind of disclosure that should make both physical-security teams and enterprise IT administrators pause. The CISA bulletin covers CX2 Lite firmware, CX7 firmware, and CrossChex Standard, and it describes a broad mix of vulnerabilities that can lead...

Horner Automation’s latest CISA advisory is a reminder that industrial cybersecurity problems do not always arrive as glamorous zero-click exploits or dramatic remote code execution bugs. Sometimes the most dangerous weakness is much simpler: weak password requirements combined with no input...

The latest CISA industrial control systems advisory puts a sharp spotlight on Contemporary Controls BASC-20T and, more specifically, on an old building automation controller that should probably never have been left to age quietly on live networks. According to the advisory, successful...

Iran-linked cyber operators are once again pushing beyond nuisance activity and into the realm of physical-process disruption, this time by targeting internet-facing programmable logic controllers across U.S. critical infrastructure. The new CISA advisory, issued on April 7, 2026, says the...

A newly published CISA industrial control systems advisory says PX4 Autopilot is vulnerable to remote command execution through the MAVLink interface when cryptographic message signing is not enabled, and the agency rates the issue critical at CVSS 9.8. The vulnerability, tracked as...

Anritsu’s Remote Spectrum Monitor has landed in the crosshairs of a critical ICS security advisory because the device family exposes its management interface without authentication, opening the door to unauthorized configuration changes, sensitive signal-data exposure, and service disruption...

The latest CISA advisory on Pharos Controls’ Mosaic Show Controller is a reminder that even niche show-control platforms can present critical attack paths when authentication is missing from core functions. CISA says Mosaic Show Controller firmware 2.15.3 is affected by CVE-2026-2417, a missing...