cisa ics advisory

Westermo’s WeOS 5 series has a newly disclosed high‑severity vulnerability that deserves immediate attention from industrial network operators and Windows network teams responsible for OT‑IT convergence, because it can be used to inject operating‑system commands when an attacker can reach an...

A recently republished U.S. federal advisory warns that Rockwell Automation’s FactoryTalk Activation Manager contains a cryptographic implementation flaw that can be exploited remotely to decrypt or tamper with activation and management traffic — an issue assigned CVE‑2025‑7970 and rated with a...

GE Vernova’s CIMPLICITY HMI/SCADA platform has been flagged in a recently circulated advisory as vulnerable to an Uncontrolled Search Path Element (CWE‑427) issue that, under the right local conditions, could allow a low‑privileged user to escalate privileges on affected hosts — the advisory...

Delta Electronics’ CNCSoft‑G2 has been the focus of a coordinated disclosure that exposes a file‑parsing out‑of‑bounds write (CWE‑787) in the DPAX project file handler — a flaw tracked as CVE‑2025‑47728 that can lead to arbitrary code execution when a user opens a specially crafted file, and...

Siemens has confirmed a widespread denial-of-service (DoS) vulnerability affecting multiple models in the SIPROTEC 4 and SIPROTEC 4 Compact line that can be triggered remotely by an unauthenticated attacker during interrupted file-transfer operations; the issue is tracked as CVE-2024-52504 and...

A high-severity privilege-escalation flaw has been disclosed in Rockwell Automation’s FactoryTalk ViewPoint that allows a local attacker to escalate to SYSTEM privileges by abusing Windows MSI repair behavior; the issue (CVE-2025-7973) carries a CVSS v4 base score of 8.5 and affects FactoryTalk...