ics vulnerabilities

ABB’s B&R Automation Studio versions earlier than 6.5 and version 6.5 are affected by a critical set of third-party component vulnerabilities, republished by CISA on May 21, 2026, after ABB first issued advisory SA25P007 on February 18, 2026. The awkward part is not that a vendor patched an...

The Carlson Software VASCO-B GNSS Receiver has landed in the spotlight because CISA says a remotely reachable authentication flaw could let an attacker alter critical functions or disrupt operation. The affected range is VASCO-B GNSS Receiver versions before 1.4.0, tracked as CVE-2026-3893, and...

The newly disclosed Silex Technology SD-330AC and AMC Manager vulnerability set is a reminder that device-management software can be just as dangerous as the hardware it controls. CISA says successful exploitation could enable arbitrary code execution, denial of service, and unauthenticated...

The latest CISA industrial control systems advisory puts a sharp spotlight on Contemporary Controls BASC-20T and, more specifically, on an old building automation controller that should probably never have been left to age quietly on live networks. According to the advisory, successful...

Jinan USR IOT Technology’s USR‑W610 serial‑to‑Wi‑Fi/ Ethernet converter is the subject of a high‑severity Industrial Control Systems advisory that names four vulnerabilities (CVE‑2026‑25715, CVE‑2026‑24455, CVE‑2026‑26049, CVE‑2026‑26048) affecting firmware releases up to and including version...

Schneider Electric has published a security notification confirming an Incorrect Default Permissions weakness in EcoStruxure™ Process Expert that could allow a local, low-privileged user to escalate privileges by modifying executable service binaries in the installation directory and waiting for...