industrial control systems

Rockwell Automation’s CompactLogix 5370 line has been flagged in a coordinated advisory as vulnerable to a denial-of-service condition when sent a malformed Common Industrial Protocol (CIP) forward open message, an issue tracked as CVE‑2025‑11743 and rated with a CVSS v3.1 base score of 6.5. The...

Two newly disclosed vulnerabilities in Rockwell Automation’s Verve Asset Manager expose plaintext secrets in retired, optional components — a wake-up call for OT teams that still run legacy modules and for Windows‑centric engineering workstations that serve as gateways into industrial networks...

AVEVA Process Optimization has been placed on high alert after a coordinated advisory warned that multiple, high‑severity vulnerabilities in the product could allow remote code execution, SQL injection, privilege escalation, and disclosure of sensitive information — a set of conditions that...

CISA’s latest consolidated bulletin parcels out nine Industrial Control Systems (ICS) advisories that expose a familiar — and escalating — set of risks: remotely exploitable firmware and protocol flaws, weak authentication and hard-coded credentials, and insecure management interfaces that...

CISA's release of seven Industrial Control Systems (ICS) advisories on March 18, 2025, spotlights a concentrated wave of high‑severity flaws across multiple widely deployed operational technology (OT) products — most notably several Schneider Electric components, a Rockwell Automation...

OpenPLC_V3 users and ICS operators should treat a recently reported web‑interface flaw with urgency: the project’s web UI was disclosed to contain a Cross‑Site Request Forgery (CSRF) weakness that can be abused to change PLC configuration and upload programs when an administrator’s browser is...

CISA’s January 16, 2025 bulletin that released twelve new Industrial Control Systems (ICS) advisories is a blunt reminder that attackers continue to find and weaponize weaknesses in the hardware and software that run critical infrastructure, and that operators must prioritize patching...

Siemens’ latest SINEMA Remote Connect Server advisory is a reminder that operational security in industrial networks is never static: ProductCERT has published SSA‑626856 (SINEMA Remote Connect Server, all versions prior to V3.2 SP4), addressing two distinct vulnerabilities — one that exposes...

CISA has again pushed a fresh set of Industrial Control Systems (ICS) advisories into the wild, emphasizing the continuing frequency and severity of vulnerabilities found in operational-technology products used across power, manufacturing, building automation, and transportation...

CISA’s consolidated bulletin announcing nine new Industrial Control Systems (ICS) advisories is a blunt reminder that the operational-technology (OT) landscape — and the Windows systems that often bridge to it — remain under persistent attack and demand coordinated, prioritized remediation. The...

CISA on March 20, 2025 published five new Industrial Control Systems (ICS) advisories that flag high‑risk flaws across multiple vendors — Schneider Electric (two advisories), Siemens, SMA Solar Technology, and Santesoft — and urge operators to apply patches and mitigations immediately...

CISA has quietly added CVE-2021-26829 — a stored Cross‑Site Scripting (XSS) vulnerability in OpenPLC’s ScadaBR HMI — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate operational urgency for federal agencies and a practical priority marker for organizations that operate...

CISA’s latest consolidated advisory package is a stark reminder that industrial control systems (ICS) remain a high‑value target for attackers and a bridge between operational technology (OT) and enterprise IT — the agency published a bundle of seven ICS advisories that name multiple widely...

SiRcom’s SMART Alert (SiSA) central control software contains a remote, high‑impact authentication bypass that — if left unmitigated — could let unauthenticated actors trigger or manipulate outdoor sirens and other emergency alerting actions from the network, with direct safety and public‑trust...

CISA’s latest consolidated package of Industrial Control Systems advisories puts a fresh set of products — notably several Schneider Electric components and a Yokogawa recorder family — in the spotlight, urging operators to apply mitigations, review configurations, and treat OT exposure as an...

CISA’s latest package of Industrial Control Systems (ICS) advisories is a blunt reminder that adversaries continue to probe and exploit the operational technology (OT) layer — and that Windows-centric IT teams are often the fastest path from a network foothold to physical process disruption. The...

Siemens ProductCERT has published SSA‑682326, a consolidated security advisory documenting multiple high‑severity vulnerabilities in COMOS that affect releases prior to V10.4.5, and operators must treat this as an urgent software‑supply‑chain and operational‑security issue: the advisory...

CISA published four new Industrial Control Systems advisories on June 10, 2025, flagging high‑severity flaws in four widely used products — SinoTrack GPS receiver devices, Hitachi Energy Relion protection relays and SAM600‑IO I/O modules, MicroDicom DICOM Viewer, and the Assured Telematics (ATI)...

Delta Electronics’ CNCSoft‑G2 HMI has an urgent file‑parsing vulnerability — tracked as CVE‑2025‑58317 — that allows arbitrary code execution when a user opens a specially crafted file; the flaw is rated high severity (CVSS v3.1 ≈ 7.8, CVSS v4 ≈ 8.5) and affects builds prior to the vendor’s...

Veeder‑Root’s TLS4B automatic tank gauge (ATG) family is at the centre of a high‑risk industrial security advisory: the consoles expose a SOAP/web‑services surface that can be abused for remote command execution, and a separate time‑handling defect tied to the Unix 2038 epoch rollover can crash...