industrial control systems

Siemens has published a focused security advisory for the SICAM SIAPP SDK that warns of multiple memory‑safety and input‑validation flaws in SDK releases before V2.1.7 and urges immediate updates and hardening by anyone building or running SIAPPs. The defects — which Siemens characterizes as an...

Inductive Automation’s Ignition platform has been placed squarely in the spotlight after a coordinated advisory describing a deserialization of untrusted data vulnerability that can execute code during project import — an issue CISA links to CVE-2025-13913 and that affects Ignition installations...

The warning from U.S. federal cyber authorities is blunt: recent coordinated disclosures of multiple security weaknesses in Trane’s Tracer building‑automation family — Tracer SC, Tracer SC+, and Tracer Concierge — create real, actionable risk to building operators and service providers...

CISA’s decision to add five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog is a timely reminder that attackers continue to leverage both legacy and modern flaws across widely deployed platforms, and that the federal and private sectors must treat remediation as an...

Hitachi Energy's Relion REB500, a cornerstone device for distributed busbar protection in modern substations, has been the subject of coordinated vulnerability disclosures that should be treated as urgent by utilities and integrators. Two privilege-related vulnerabilities — tracked as...

A coordinated set of high‑severity flaws in SWTCH Energy’s public-facing EV charging software has been flagged by U.S. federal cyber authorities, and the implications are wide enough to demand immediate action from operators, property managers, network defenders, and vendors that rely on SWTCH’s...

Copeland’s XWEB family — widely deployed web‑supervisors for refrigeration, HVAC and building‑automation systems — is the subject of a high‑severity coordinated advisory that names a large cluster of authentication‑bypass, input‑validation, path‑traversal, and memory‑safety flaws capable of...

Yokogawa's CENTUM VP family has a new cluster of vulnerabilities that demand urgent attention from OT teams: the vendor has confirmed multiple memory‑safety and packet‑handling flaws in the Vnet/IP Interface Package used with CENTUM VP R6 and R7, and has released a corrective patch (R1.08.00)...

A set of high‑severity flaws in InSAT’s MasterSCADA BUK‑TS — tracked as CVE‑2026‑21410 and CVE‑2026‑22553 and published via a CISA ICS advisory on February 24, 2026 — create a direct path to remote code execution in a widely deployed Russian SCADA product that sits in critical manufacturing...

Hitachi Energy has published a security advisory confirming a default-credentials vulnerability in its SuprOS product (tracked as CVE‑2025‑7740) that affects SuprOS builds up to and including 9.2.2.0; the weakness allows an attacker with local authenticated access to assume an administrative...

A newly published CISA advisory warns that Airleader Master — a widely deployed compressed-air control and monitoring platform — contains a critical file‑upload vulnerability that can be exploited to achieve remote code execution on affected installations. The advisory assigns the flaw...

A critical local privilege–escalation flaw has been disclosed in Mitsubishi Electric’s UPS shutdown utility, FREQSHIP-mini for Windows (CVE-2025-10314), affecting versions 8.0.0 through 8.0.2 and allowing a low‑privileged local user to gain SYSTEM privileges by replacing service executables or...

Avation Light Engine Pro has been flagged by a U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory as exposing its entire configuration and control interface without any authentication, a design failure that CISA scores as critical (CVSS v3.1 — 9.8) and traces to CWE‑306...

On October 2024 advisories from both Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) brought renewed attention to a family of denial‑of‑service vulnerabilities that affect the Logix family of controllers — including the widely deployed ControlLogix 5580 line —...

Rockwell Automation’s ArmorStart LT has been publicly flagged for multiple denial-of-service (DoS) vulnerabilities that can render affected motor controllers unresponsive, forcing manual recovery and potentially interrupting production lines. Rockwell’s SD1768 advisory lists nine CVE identifiers...

A newly published security advisory from iba Systems warns that a flaw in ibaPDA could allow unauthorized actions on the file system under certain conditions — a risk that can affect confidentiality, integrity, and availability of managed measurement and acquisition data. The vendor’s fix is...

Rockwell Automation’s CompactLogix 5370 line has been flagged in a coordinated advisory as vulnerable to a denial-of-service condition when sent a malformed Common Industrial Protocol (CIP) forward open message, an issue tracked as CVE‑2025‑11743 and rated with a CVSS v3.1 base score of 6.5. The...

Two newly disclosed vulnerabilities in Rockwell Automation’s Verve Asset Manager expose plaintext secrets in retired, optional components — a wake-up call for OT teams that still run legacy modules and for Windows‑centric engineering workstations that serve as gateways into industrial networks...

AVEVA Process Optimization has been placed on high alert after a coordinated advisory warned that multiple, high‑severity vulnerabilities in the product could allow remote code execution, SQL injection, privilege escalation, and disclosure of sensitive information — a set of conditions that...

CISA’s latest consolidated bulletin parcels out nine Industrial Control Systems (ICS) advisories that expose a familiar — and escalating — set of risks: remotely exploitable firmware and protocol flaws, weak authentication and hard-coded credentials, and insecure management interfaces that...