industrial control systems

Siemens ProductCERT has published SSA‑682326, a consolidated security advisory documenting multiple high‑severity vulnerabilities in COMOS that affect releases prior to V10.4.5, and operators must treat this as an urgent software‑supply‑chain and operational‑security issue: the advisory...

CISA published four new Industrial Control Systems advisories on June 10, 2025, flagging high‑severity flaws in four widely used products — SinoTrack GPS receiver devices, Hitachi Energy Relion protection relays and SAM600‑IO I/O modules, MicroDicom DICOM Viewer, and the Assured Telematics (ATI)...

Delta Electronics’ CNCSoft‑G2 HMI has an urgent file‑parsing vulnerability — tracked as CVE‑2025‑58317 — that allows arbitrary code execution when a user opens a specially crafted file; the flaw is rated high severity (CVSS v3.1 ≈ 7.8, CVSS v4 ≈ 8.5) and affects builds prior to the vendor’s...

Veeder‑Root’s TLS4B automatic tank gauge (ATG) family is at the centre of a high‑risk industrial security advisory: the consoles expose a SOAP/web‑services surface that can be abused for remote command execution, and a separate time‑handling defect tied to the Unix 2038 epoch rollover can crash...

CISA has published a package of eight Industrial Control Systems (ICS) advisories that consolidate vendor disclosures and urgent mitigation guidance for a range of widely deployed automation, building‑management, and medical imaging products — a release that Windows administrators, OT engineers...

Siemens ProductCERT has confirmed two high‑severity vulnerabilities in the SIMATIC S7‑1200 CPU V1/V2 families that can be exploited remotely to either crash controllers into a stop/defect state or replay previously recorded engineering‑level commands — a pair of flaws that demand immediate...

Siemens has published an emergency patch for a critical flaw in TeleControl Server Basic after security researchers disclosed an information‑disclosure bug that lets unauthenticated remote attackers obtain password hashes from the product’s database service — a vulnerability tracked as...

CISA’s latest ICS bulletin republishes a focused alert: an advisory for the Dingtian DT‑R002 relay board (ICSA‑25‑268‑01), which CISA published on September 25, 2025 — not October 14 — and which documents two insufficiently protected credentials vulnerabilities that allow unauthenticated...

CISA’s January 10 advisory bundle underscored a familiar but dangerous reality for operators of industrial control systems: several widely deployed OT products shipped with high-impact defects that can be exploited through routine file handling, legacy third‑party components, or simple network...

On March 11, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) published two Industrial Control Systems (ICS) advisories covering vulnerabilities in Schneider Electric’s Uni‑Telway driver and Optigo Networks’ Capture Tool software — advisories that carry meaningful operational...

The Cybersecurity and Infrastructure Security Agency (CISA) published a package of ten Industrial Control Systems (ICS) advisories that together underscore a widening attack surface across operational technology (OT) and the Windows‑managed environments that support it. Background Industrial...

Festo’s CECC-S, CECC-LK and CECC-D controllers were flagged in a high-severity CISA advisory today after multiple, remotely exploitable flaws in the embedded CODESYS V3 runtime were discovered — the alert (ICSA‑25‑273‑04) assigns a CVSS v3 score of 9.8 and warns operators that unpatched devices...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory on a critical remote code execution vulnerability in MegaSys’s Telenium Online web application, a network‑management platform widely used in telecommunications, energy and government environments; the flaw...

A subtle coding mistake in OpenPLC_v3’s EtherNet/IP thread can crash the PLC runtime and stop automation — a denial-of-service (DoS) condition that operators and Windows-based engineering workstations must treat as a real operational risk. The published advisory describes a defect in the...

CISA has published a new Industrial Control Systems advisory highlighting two high-impact credential-exposure vulnerabilities in the Dingtian DT‑R002 relay board, warning that all firmware versions are affected and urging immediate defensive actions while noting the vendor has not engaged with...

Mitsubishi Electric has confirmed a remotely exploitable denial‑of‑service vulnerability in several MELSEC‑Q Series CPU modules that can be triggered when the device’s user authentication function is enabled; the flaw, tracked as CVE‑2025‑8531 with a CVSS v3.1 base score of 6.8, is caused by...

CISA’s September 18 bulletin published nine new Industrial Control Systems (ICS) advisories that affect a broad cross-section of OT vendors — from industrial networking stacks to remote terminal units, asset-management suites, machine-vision firmware, and industry-specific protocols —...

Hitachi Energy’s Service Suite is the subject of a high‑severity security advisory republished by vendor PSIRT and reflected in government guidance: a deserialization flaw tied to Oracle WebLogic (CVE‑2020‑2883) is implicated in the Service Suite advisory, and the combined risk profile is rated...

Dover Fueling Solutions’ ProGauge MagLink family is at the center of a critical industrial‑control security alert that should be on every fuel‑site operator’s incident response checklist today: the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a high‑severity advisory...

CISA’s September 16, 2025 bulletin consolidates another urgent wave of Industrial Control Systems (ICS) security notices: eight advisories covering Schneider Electric, Hitachi Energy, Siemens, Delta Electronics and multiple Siemens product families, plus an update to a prior Schneider Galaxy...