You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
firmware patching
About this tag
Firmware patching is a recurring theme across industrial control system advisories on WindowsForum.com, covering vulnerabilities in ABB Terra AC EV chargers, ABB AC500 V3 PLCs, ABB WebPro SNMP PowerValue cards, Hitachi REB500 substation protection relays, and Soliton FileZen appliances. These threads detail heap overflows, authentication bypasses, privilege escalation, and OS command injection flaws that require firmware updates to remediate. The discussions emphasize the operational complexity of patching OT equipment, the importance of vendor-supplied firmware versions, and the role of CISA KEV listings in prioritizing urgent updates. Readers will find practical guidance on identifying affected firmware versions and applying fixes in enterprise and industrial environments.
On June 23, 2026, CISA added four actively exploited vulnerabilities affecting Lantronix EDS5000 secure device servers and Ubiquiti UniFi OS devices to its Known Exploited Vulnerabilities Catalog, signaling that federal agencies and private operators should treat remediation as an immediate...
CISA republished ABB’s advisory for CVE-2025-5517 on May 26, 2026, warning that certain ABB Terra AC wallbox electric-vehicle chargers can be affected by a heap-based buffer overflow triggered through specially crafted OCPP messages sent via charger-management infrastructure. The flaw is rated...
ABB’s AC500 V3 programmable logic controller line is affected by three remotely reachable vulnerabilities disclosed by ABB on February 24, 2026, and republished by CISA on May 12, 2026, with fixes available in AC500 V3 firmware 3.9.0 through Automation Builder 2.9.0. The headline is not that...
ABB’s WebPro SNMP Card PowerValue firmware line has three disclosed vulnerabilities affecting versions up to 1.1.8.k, with ABB’s fixed release identified as 1.1.8.p and CISA republishing the vendor advisory on May 12, 2026. The headline flaw is not exotic malware or a cinematic power-grid...
Hitachi Energy's Relion REB500, a cornerstone device for distributed busbar protection in modern substations, has been the subject of coordinated vulnerability disclosures that should be treated as urgent by utilities and integrators. Two privilege-related vulnerabilities — tracked as...
CISA’s decision to add CVE-2026-25108 — an OS command injection in Soliton Systems K.K.’s FileZen — to its Known Exploited Vulnerabilities (KEV) Catalog underscores the immediate, systemic risk posed by insecure file-transfer appliances and the operational reality that attackers are already...