You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ics security
About this tag
The ics security tag on WindowsForum covers industrial control system vulnerabilities and advisories from CISA and vendors like Siemens, ABB, Delta, and KMW. Discussions focus on Modbus TCP flaws in PLCs, authenticated file upload risks in protection relays, unauthenticated password-reset bugs in CCTV cameras, denial-of-service attacks on industrial networking gear, and XXE vulnerabilities in NSA GRASSMARLIN. Recurring themes include the gap between IT and OT security practices, the operational impact of patching industrial devices, and the importance of network segmentation. The tag is relevant for professionals managing critical infrastructure, substations, manufacturing, or energy environments.
CISA published an industrial control systems advisory on June 30, 2026, warning that all Delta Electronics DVP12SE PLC versions are affected by two critical Modbus TCP vulnerabilities that can be exploited remotely without authentication. The headline is not merely another pair of high CVSS...
Siemens’ June 23, 2026 CISA-republished advisory warns that authenticated users can upload arbitrary files to many SIPROTEC 5 protection devices through the DIGSI 5 protocol, with Siemens assigning CVE-2025-40808 a medium CVSS 3.1 score of 6.1. That score undersells the operational headache for...
CISA published ICS advisory ICSA-26-148-06 on May 28, 2026, warning that KMW CCTV security cameras are vulnerable to a critical unauthenticated password-reset flaw that can let a remote attacker set the administrator password to a known value and take over camera feeds and settings. The bug is...
Siemens and CISA warned on May 14, 2026, that CVE-2025-40833 affects a broad range of Siemens industrial networking, controller, drive, power, and automation devices worldwide, allowing unauthenticated network attackers to crash affected systems with specially crafted IPv4 requests. The advisory...
Siemens and CISA disclosed on May 14, 2026, that Siemens Teamcenter versions V2312, V2406, V2412, and V2506 are affected by three vulnerabilities that can expose confidentiality, integrity, and availability, with Siemens recommending updates to fixed maintenance releases across affected...
CISA on May 12, 2026 published an industrial control systems advisory for Subnet Solutions PowerSYSTEM Center, warning that multiple authenticated-user flaws affect PSC 2020, PSC 2024, and PSC 2026 deployments used in critical manufacturing and energy environments worldwide. The vulnerabilities...
CISA republished ABB’s AWIN Gateways advisory on April 30, 2026, warning that three vulnerabilities in ABB AWIN GW100 rev.2 and GW120 firmware can expose configuration data or let an unauthenticated adjacent attacker reboot affected industrial gateway devices. The word adjacent does a lot of...
NSA GRASSMARLIN Vulnerability Brief — CVE-2026-6807
Executive summary
CISA has published ICS Advisory ICSA-26-118-01 for NSA GRASSMARLIN, identifying CVE-2026-6807, a medium-severity information-disclosure vulnerability tied to improper handling of XML input. The vulnerability is classified as...
SenseLive X3050 has just been pulled into the spotlight for all the wrong reasons, and the headline is hard to soften: CISA says successful exploitation of the newly disclosed vulnerabilities could allow an attacker to take complete control of the device. The advisory covers SenseLive X3050...
SenseLive X3050 is the latest reminder that industrial and embedded devices often fail in clusters, not as isolated bugs. CISA says version X3050 V1.523 is affected by 11 vulnerabilities spanning authentication bypass, hard-coded credentials, insufficient session expiration, missing...
The industrial security world has a new reminder that even engineering software can become an attack path: Delta Electronics’ ASDA-Soft is affected by a stack-based buffer overflow that can let an attacker execute arbitrary code under the right conditions. The advisory ties the issue to...
The release of ICSA-26-099-02 turns a niche industrial product into a straightforward reminder of how dangerous missing authentication can be in operational technology. CISA says a low-privileged remote attacker could send Modbus packets to manipulate register values in GPL Odorizers GPL750...
Anritsu’s Remote Spectrum Monitor has landed in the crosshairs of a critical ICS security advisory because the device family exposes its management interface without authentication, opening the door to unauthorized configuration changes, sensitive signal-data exposure, and service disruption...
The latest CISA advisory on Automated Logic’s WebCTRL Premium Server is a reminder that building-automation software is no longer a niche OT concern; it is a live security issue with direct implications for commercial facilities worldwide. CISA says successful exploitation could let an attacker...
A high‑severity memory‑safety flaw in Portwell Engineering Toolkits (version 4.8.2) — tracked as CVE‑2026‑3437 — lets a local, authenticated user read and write arbitrary kernel memory through the product’s driver, creating a realistic path to local privilege escalation and denial‑of‑service on...
Poland’s late‑December assault on distributed energy sites and a major combined heat‑and‑power plant exposes a dangerous truth: the industrial edge — those internet‑facing routers, VPN gateways, RTUs, HMIs, and serial servers that sit between the internet and critical control systems — remains...
Columbia Weather Systems’ MicroServer devices have been flagged in a recent advisory as containing multiple firmware weaknesses that, if chained, could allow an attacker to redirect SSH sessions to a malicious host, seize administrative control of the web portal, and gain limited interactive...
Inductive Automation’s Ignition platform is the subject of a fresh, high‑impact advisory that warns an authenticated administrator can upload a malicious project containing Python scripts (Jython) which the Ignition Gateway executes with the Gateway service account privileges — and on Windows...
Mitsubishi Electric’s GT Designer3 — the engineering suite used to build and transfer HMIs for GOT series panels — remains in the crosshairs of ICS security teams after coordinated disclosures and multiple CISA advisories identified serious weaknesses in GT Designer3, the associated GT SoftGOT...
MAXHUB Pivot’s password‑reset weakness is a serious, actionable vulnerability that demands immediate attention from administrators who manage MAXHUB fleet services or integrate Pivot-managed displays into corporate and operational networks. The vendor and coordinating agency recommend an urgent...