ics

CISA’s September 18 bulletin published nine new Industrial Control Systems (ICS) advisories that affect a broad cross-section of OT vendors — from industrial networking stacks to remote terminal units, asset-management suites, machine-vision firmware, and industry-specific protocols —...

Westermo’s WeOS 5 series has a newly disclosed high‑severity vulnerability that deserves immediate attention from industrial network operators and Windows network teams responsible for OT‑IT convergence, because it can be used to inject operating‑system commands when an attacker can reach an...

The Cabinet Office has quietly handed responsibility for its long-running, much-delayed migration from Google Workspace to Microsoft 365 (M365) to another government unit, effectively changing the delivery model for the Falcon IT Platform Refresh and Migration programme and halving the project’s...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

A newly disclosed Cross‑Site Scripting (XSS) vulnerability, tracked as CVE‑2025‑7746, affects a broad set of Schneider Electric Altivar drives and modules — including the ATVdPAC module (fixed in VW3A3530D version 25.0), multiple Altivar Process and Machine drives, and the ILC992 InterLink...

Hitachi Energy’s widely deployed RTU500 series has been the subject of a renewed and broad advisory outlining multiple, exploitable parsing and memory-corruption flaws that can trigger Denial‑of‑Service (DoS) conditions and — in at least one case — permit bypass of secure firmware update checks...

CISA’s latest bulletin — a compact but consequential package released on September 11, 2025 — flags eleven Industrial Control Systems (ICS) advisories affecting major automation vendors and field devices, including multiple Siemens engineering and network products, several Schneider Electric...

Schneider Electric has published fixes and CISA republished an advisory after coordinated disclosure of two vulnerabilities in EcoStruxure Building Operation / Enterprise Server and associated Workstation components that could enable an authenticated, adjacent‑network attacker to cause a...

Siemens’ Industrial Edge Management OS (IEM‑OS) is exposed to a remotely exploitable denial‑of‑service condition tied to the Apache Commons FileUpload library (tracked as CVE‑2025‑48976), and the vendor’s published guidance makes clear that affected IEM‑OS installs — all reported versions — have...

Siemens’ cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) has been found to expose a network share without authentication — a configuration defect that Siemens has cataloged as CVE-2025-40804 and scored as critical (CVSS v3.1 = 9.1; CVSS v4 = 9.3). This flaw allows unauthenticated...

Siemens has published a security advisory (SSA-027652) describing a privilege‑escalation vulnerability in its SINAMICS drive family that allows a factory reset and configuration manipulation without the required privileges, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA)...

Schneider Electric has confirmed a security issue affecting the Modicon M340 family and two Ethernet communication modules — BMXNOE0100 and BMXNOE0110 — that can expose files or directories to external parties and, in some configurations, can prevent firmware updates or disrupt the embedded...

Rockwell Automation’s ControlLogix 5580 family has a newly republished advisory that raises the alarm for industrial operators: a remotely exploitable NULL pointer dereference in firmware version 35.013 can force a major nonrecoverable fault (MNRF) on affected controllers, producing a...

CISA’s September 9, 2025 bulletin consolidating fourteen Industrial Control Systems advisories is a blunt reminder that the OT security landscape remains both crowded and volatile — the list spans high‑impact Rockwell Automation products, ABB building‑management gear, Schneider and Mitsubishi...

Rockwell Automation’s 1783‑NATR I/O adapter has been flagged by CISA as vulnerable to a third‑party component flaw that can cause memory corruption, carrying a CVSS v4 base score of 6.9 and described as remotely exploitable with low attack complexity — operators should treat it as an immediate...

A set of high-severity flaws in ABB’s ASPECT, NEXUS, and MATRIX building-management products has forced an urgent wave of patching and network lockdowns across industrial and commercial facilities worldwide, with at least three tracked CVEs that let remote attackers bypass authentication, crash...

CISA’s latest roundup of Industrial Control Systems advisories underscores a familiar — and accelerating — reality for Windows administrators and OT teams: vulnerabilities in industrial products are diverse, often high‑impact, and demand rapid, coordinated responses across both IT and OT...

CISA on August 28, 2025, published a batch of nine Industrial Control Systems (ICS) advisories covering critical vulnerabilities across Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, Hitachi Energy, and ICONICS/Mitsubishi integrations — a coordinated disclosure that...

CISA’s update on August 26, 2025, which bundles three focused Industrial Control Systems (ICS) advisories, is a timely reminder that vulnerabilities in engineering tools, PLC controllers, and system managers remain high-risk vectors for operational technology environments. The agency published...

CISA’s August 21, 2025 advisory bundle added three urgent entries to the growing list of industrial control system (ICS) and medical-device vulnerabilities security teams must treat as high priority this month. The agency published advisories for a denial-of-service vector in the Mitsubishi...