hmi security

Weintek’s cMT X Series HMI EasyWeb Service has been flagged in a coordinated advisory for two high-impact web‑interface vulnerabilities — CVE‑2025‑14750 and CVE‑2025‑14751 — that together allow a low‑privileged local or network user to alter assumed‑immutable web parameters, manipulate...

A critical remote-code and information‑exposure risk has been disclosed in the software keyboard (“keypad”) function used by ICONICS GENESIS64, ICONICS Suite, MobileHMI and Mitsubishi Electric’s MC Works64 — a flaw that can allow an attacker to force execution of arbitrary EXE files when a...

Pro‑Russia hacktivist collectives have mounted a wave of opportunistic intrusions against internet‑exposed operational technology (OT) devices worldwide, exploiting unsecured Virtual Network Computing (VNC) connections and weak or default credentials to access human‑machine interfaces (HMIs) in...

Fuji Electric’s Monitouch V‑SFT‑6 HMI configuration tool contains multiple memory‑corruption vulnerabilities — including both heap‑ and stack‑based buffer overflows — that can crash engineering workstations and, under certain conditions, enable arbitrary code execution when specially crafted...

Rockwell Automation has published an urgent security advisory: two high‑severity vulnerabilities in FactoryTalk View Machine Edition (ME) and PanelView Plus 7 can be exploited from the network or by local attackers to access and manipulate panel file systems, bypass authorization controls, and...

Delta Electronics’ DIAScreen, a widely used HMI/visualization component of the DIAStudio engineering suite, contains a set of file‑parsing memory‑corruption bugs that can result in out‑of‑bounds writes and memory corruption when a user opens a specially crafted project file. The vendor and...

CISA’s September 9, 2025 bulletin consolidating fourteen Industrial Control Systems advisories is a blunt reminder that the OT security landscape remains both crowded and volatile — the list spans high‑impact Rockwell Automation products, ABB building‑management gear, Schneider and Mitsubishi...

Delta Electronics’ CNCSoft‑G2 has been the focus of a coordinated disclosure that exposes a file‑parsing out‑of‑bounds write (CWE‑787) in the DPAX project file handler — a flaw tracked as CVE‑2025‑47728 that can lead to arbitrary code execution when a user opens a specially crafted file, and...

A critical local privilege‑escalation flaw has been disclosed in Rockwell Automation’s FactoryTalk ViewPoint (versions 14.00 and prior) that allows an attacker with local access to escalate to SYSTEM by abusing Windows MSI repair behavior — the issue is tracked as CVE‑2025‑7973 and has been...

CISA’s August 14 advisory bundle is a wake-up call for every industrial operator: thirty-two separate Industrial Control Systems (ICS) advisories were published, covering a sweeping range of Siemens and Rockwell products — from PLC simulators and engineering platforms to rugged network gear and...

A high-severity privilege-escalation flaw has been disclosed in Rockwell Automation’s FactoryTalk ViewPoint that allows a local attacker to escalate to SYSTEM privileges by abusing Windows MSI repair behavior; the issue (CVE-2025-7973) carries a CVSS v4 base score of 8.5 and affects FactoryTalk...

On April 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) took significant action by publishing three new advisories targeting vulnerabilities in Industrial Control Systems (ICS)—a sector that forms the backbone of critical national infrastructure. While ICS technologies...

Siemens Industrial Control Systems Under Threat: A Deep Dive Into Critical Vulnerabilities and Protections In the landscape of industrial automation and critical manufacturing, Siemens stands tall as a giant with a myriad of products integral to operations worldwide. Yet, recent advisories flag...