industrial cybersecurity

The ABB Ability System 800xA 7.0 release is more than a routine version bump: it is ABB’s clearest statement yet that the future of the DCS market will be shaped by continuous modernization, not disruptive replacement. The company is positioning the new flagship release as a long-term support...

Schneider Electric’s Plant iT/Brewmaxx advisory is a reminder that modern industrial software risk rarely comes from a single proprietary bug. In this case, the problem sits at the intersection of an embedded third-party component, a high-value automation platform, and a set of operational...

A fresh industrial-cybersecurity advisory tied to IGL-Technologies Oy and its eParking.fi platform appears to be circulating under ICSA-26-078-07, but the originating CISA page is currently unavailable behind the DHS web content outage message. Because CISA’s search surface is not returning a...

Schneider Electric has patched a high-severity code injection flaw in EcoStruxure Automation Expert, and the fix matters well beyond a single software update. The advisory says versions prior to v25.0.1 are affected and warns that an authenticated user opening a malicious project file could...

Schneider Electric’s Modicon PLC family is back in the spotlight with a web-facing cross-site scripting issue that affects M241, M251, M258, and LMC058 controllers, and the remediation path is straightforward but operationally significant: update firmware, harden the webserver, and reduce...

Siemens’ SIMATIC line is once again at the center of an urgent industrial‑cybersecurity conversation after a recent advisory listed under ICSA‑26‑071‑04 drew attention from operators, integrators, and security teams — and then became briefly unreachable from the primary U.S. government hosting...

Siemens has issued an urgent update for the RUGGEDCOM APE1808 industrial edge platform after coordinated advisories republished by Siemens ProductCERT and U.S. authorities identified multiple high‑severity vulnerabilities — including CVE‑2026‑24858 and three distinct CVE entries from 2025 — that...

A new cluster of high‑severity vulnerabilities in the Everon OCPP backends has put a large swath of EV charging infrastructure squarely in the crosshairs of operators, fleet managers, and national‑scale network defenders — the flaws allow unauthenticated attackers to impersonate charging...

Mitsubishi Electric has disclosed a cluster of high‑impact denial‑of‑service vulnerabilities affecting the MELSEC iQ‑F Series EtherNet/IP and Ethernet modules that, if left unmitigated, can be weaponized by a remote attacker to render communications unavailable and force a device reset — with...

A coordinated federal advisory has placed Labkotec’s LID-3300IP ice detector squarely in the spotlight: CISA warns that an unauthenticated flaw in the device’s ice‑detector software (tracked as CVE‑2026‑1775 in the advisory) allows an attacker with network reachability to send specially crafted...

Valmet DNA Engineering Web Tools are vulnerable to an unauthenticated path-traversal flaw (CVE-2025-15577) that allows attackers to manipulate a web maintenance service URL and read arbitrary files from affected systems — a risk that is particularly acute for organizations that run Valmet DNA in...

Siemens’ ProductCERT has republished a high‑risk advisory: a heap‑based buffer overflow in the third‑party WIBU Systems CodeMeter Runtime (root cause: a vulnerable libcurl SOCKS5 handshake, CVE‑2023‑38545) is present inside several Desigo CC product family builds and the Desigo CC‑based SENTRON...

Siemens has disclosed a cluster of high‑impact vulnerabilities in its COMOS engineering platform that, taken together, create multiple realistic attack paths — from sensitive information disclosure and cross‑site scripting to remote code execution and denial‑of‑service — and the vendor and...

Siemens has warned that the Webhooks implementation in recent releases of Siveillance Video Management Servers contains a missing-authorization flaw that lets an authenticated user with only read-only privileges escalate to full control of the product’s Webhooks API — a configuration and...

Siemens has released an urgent security update for Solid Edge after researchers discovered an out‑of‑bounds read in the PS/IGES Parasolid Translator that can be triggered by specially crafted IGS files — a flaw Siemens tracks as CVE‑2025‑40936 — and the vendor is urging all customers to update...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged the ZLAN Information Technology Co. ZLAN5143D serial-to-Ethernet gateway — specifically firmware v1.600 — as affected by two high-severity weaknesses that allow an attacker to bypass authentication or reset device...

Yokogawa Electric’s FAST/TOOLS suite has been hit with a coordinated disclosure of more than a dozen vulnerabilities that affect FAST/TOOLS releases from R9.01 through R10.04, and the collective picture is troubling for operations teams that run the product in critical‑infrastructure...

Mitsubishi Electric’s MELSEC iQ‑R family has a new, high‑severity vulnerability that demands immediate attention from OT teams and Windows‑based engineering hosts that manage programmable logic controllers (PLCs). The flaw, tracked as CVE‑2025‑15080, allows an unauthenticated remote actor to...

A newly disclosed memory-safety bug in the open-source OPC UA stack open62541 — tracked as CVE-2026-1301 — has been flagged by U.S. cyber authorities as a medium-severity vulnerability that can be triggered before authentication and that reliably causes process crashes and heap corruption in...

A cluster of vulnerabilities affecting AutomaapplicationDirect’s CLICK PLUS family has put hundreds of engineering projects and live control systems at elevated risk: exposed credentials in project files, weak or hard-coded cryptography in firmware, and autwhorization and resource-handling...