ics security

CISA republished ABB’s AWIN Gateways advisory on April 30, 2026, warning that three vulnerabilities in ABB AWIN GW100 rev.2 and GW120 firmware can expose configuration data or let an unauthenticated adjacent attacker reboot affected industrial gateway devices. The word adjacent does a lot of...

NSA GRASSMARLIN Vulnerability Brief — CVE-2026-6807 Executive summary CISA has published ICS Advisory ICSA-26-118-01 for NSA GRASSMARLIN, identifying CVE-2026-6807, a medium-severity information-disclosure vulnerability tied to improper handling of XML input. The vulnerability is classified as...

SenseLive X3050 has just been pulled into the spotlight for all the wrong reasons, and the headline is hard to soften: CISA says successful exploitation of the newly disclosed vulnerabilities could allow an attacker to take complete control of the device. The advisory covers SenseLive X3050...

SenseLive X3050 is the latest reminder that industrial and embedded devices often fail in clusters, not as isolated bugs. CISA says version X3050 V1.523 is affected by 11 vulnerabilities spanning authentication bypass, hard-coded credentials, insufficient session expiration, missing...

The industrial security world has a new reminder that even engineering software can become an attack path: Delta Electronics’ ASDA-Soft is affected by a stack-based buffer overflow that can let an attacker execute arbitrary code under the right conditions. The advisory ties the issue to...

The release of ICSA-26-099-02 turns a niche industrial product into a straightforward reminder of how dangerous missing authentication can be in operational technology. CISA says a low-privileged remote attacker could send Modbus packets to manipulate register values in GPL Odorizers GPL750...

Anritsu’s Remote Spectrum Monitor has landed in the crosshairs of a critical ICS security advisory because the device family exposes its management interface without authentication, opening the door to unauthorized configuration changes, sensitive signal-data exposure, and service disruption...

The latest CISA advisory on Automated Logic’s WebCTRL Premium Server is a reminder that building-automation software is no longer a niche OT concern; it is a live security issue with direct implications for commercial facilities worldwide. CISA says successful exploitation could let an attacker...

A high‑severity memory‑safety flaw in Portwell Engineering Toolkits (version 4.8.2) — tracked as CVE‑2026‑3437 — lets a local, authenticated user read and write arbitrary kernel memory through the product’s driver, creating a realistic path to local privilege escalation and denial‑of‑service on...

Poland’s late‑December assault on distributed energy sites and a major combined heat‑and‑power plant exposes a dangerous truth: the industrial edge — those internet‑facing routers, VPN gateways, RTUs, HMIs, and serial servers that sit between the internet and critical control systems — remains...

Columbia Weather Systems’ MicroServer devices have been flagged in a recent advisory as containing multiple firmware weaknesses that, if chained, could allow an attacker to redirect SSH sessions to a malicious host, seize administrative control of the web portal, and gain limited interactive...

Inductive Automation’s Ignition platform is the subject of a fresh, high‑impact advisory that warns an authenticated administrator can upload a malicious project containing Python scripts (Jython) which the Ignition Gateway executes with the Gateway service account privileges — and on Windows...

Mitsubishi Electric’s GT Designer3 — the engineering suite used to build and transfer HMIs for GOT series panels — remains in the crosshairs of ICS security teams after coordinated disclosures and multiple CISA advisories identified serious weaknesses in GT Designer3, the associated GT SoftGOT...

MAXHUB Pivot’s password‑reset weakness is a serious, actionable vulnerability that demands immediate attention from administrators who manage MAXHUB fleet services or integrate Pivot-managed displays into corporate and operational networks. The vendor and coordinating agency recommend an urgent...

A severe, unauthenticated remote code‑execution vulnerability in Industrial Video & Control’s Longwatch video surveillance and monitoring platform has been disclosed by CISA: an exposed HTTP endpoint in Longwatch versions 6.309 through 6.334 allows specially crafted HTTP GET requests to execute...

The newly disclosed advisory for Iskra’s iHUB and iHUB Lite smart‑metering gateways warns of a severe, remotely exploitable weakness: the devices’ web management interface can be accessed and used to change critical settings without any authentication, allowing an unauthenticated attacker to...

A coordinated advisory published for the Zenitel TCIV-3+ intercom — attributed to Claroty Team82 researchers Nir Tepper and Noam Moshe and distributed via government channels — warns of multiple critical, remotely exploitable vulnerabilities including several OS command‑injection flaws, an...

Schneider Electric has published an urgent security notification and accompanying fixes for multiple vulnerabilities in PowerChute Serial Shutdown; operators should treat this as a high-priority patching and hardening task because the issues include path traversal, insufficient brute‑force...

Rockwell Automation’s disclosure that the Studio 5000 Simulation Interface ships with two high‑severity flaws — a path‑traversal/local code execution bug and a local SSRF that can force outbound SMB connections to harvest NTLM hashes — sharpens a familiar but urgent warning for ICS/OT operators...

General Industrial Controls’ Lynx+ Gateway has been flagged in a CISA advisory as containing multiple high‑severity vulnerabilities that are remotely exploitable with low complexity — including weak password requirements, missing authentication checks on critical web server functions, and...