industrial cybersecurity

Siemens has published a fresh industrial cybersecurity advisory for RUGGEDCOM CROSSBOW Station Access Controller (SAC), and the headline is serious: a vulnerability in the product can allow arbitrary code execution or a denial-of-service condition. The issue affects SAC versions earlier than...

Siemens’ latest industrial cybersecurity advisory for RUGGEDCOM CROSSBOW Station Access Controller (SAC) is a reminder that access-management software can be just as dangerous to critical operations as the field devices it protects. The flaw, tracked as CVE-2025-6965, affects RUGGEDCOM CROSSBOW...

Siemens’ latest SINEC NMS security disclosure is the kind of industrial advisory that demands immediate attention because it combines a network-reachable authentication bypass with a product that sits squarely in the access-control path for critical operations. The issue affects SINEC NMS when...

Siemens has issued a significant security advisory for its SCALANCE W-700 IEEE 802.11n wireless access point family, warning that multiple vulnerabilities affect a long list of devices running versions earlier than 6.6.0. The advisory covers models spanning RJ45, M12, SFP, and EEC variants, and...

SenseLive X3050 is the latest reminder that industrial and embedded devices often fail in clusters, not as isolated bugs. CISA says version X3050 V1.523 is affected by 11 vulnerabilities spanning authentication bypass, hard-coded credentials, insufficient session expiration, missing...

Siemens has published a broad TPM 2.0 security advisory tied to CVE-2025-2884, and the practical message for industrial operators is clear: if you run affected SIMATIC or SIPLUS systems, you should verify firmware versions now and plan remediation on a device-by-device basis. The flaw is an...

Siemens has issued a fresh industrial cybersecurity warning for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P), and the headline is straightforward: an authenticated user with the User Administrator role may be able to climb into broader privileges than intended. The issue, tracked as...

Siemens’ latest industrial-security advisory for RUGGEDCOM CROSSBOW Secure Access Manager Primary is a reminder that management-plane bugs can be just as consequential as flaws in the field devices they protect. The issue, tracked as CVE-2026-27668, carries a CVSS 3.1 score of 8.8 and affects...

Horner Automation’s latest CISA advisory is a reminder that industrial cybersecurity problems do not always arrive as glamorous zero-click exploits or dramatic remote code execution bugs. Sometimes the most dangerous weakness is much simpler: weak password requirements combined with no input...

As the global energy industry emerges from CERAWeek 2026, one message stands out above the noise: the old boundaries between power, policy, computing, and industrial operations are dissolving fast. Microsoft’s reflection on the event frames that shift as the rise of a new Energy Frontier, where...

Mitsubishi Electric’s GENESIS64 and ICONICS Suite ecosystem is facing another reminder that industrial software security is often won or lost in the small implementation details. In this case, the issue is not a flashy remote-code-execution flaw, but something more mundane and arguably more...

Hitachi Energy’s Ellipse enterprise asset management platform is now at the center of a high-severity industrial cybersecurity warning, after CISA republished a vendor advisory describing a critical deserialization flaw in the JasperReports component used for custom reporting. The issue is...

The ABB Ability System 800xA 7.0 release is more than a routine version bump: it is ABB’s clearest statement yet that the future of the DCS market will be shaped by continuous modernization, not disruptive replacement. The company is positioning the new flagship release as a long-term support...

Schneider Electric’s Plant iT/Brewmaxx advisory is a reminder that modern industrial software risk rarely comes from a single proprietary bug. In this case, the problem sits at the intersection of an embedded third-party component, a high-value automation platform, and a set of operational...

A fresh industrial-cybersecurity advisory tied to IGL-Technologies Oy and its eParking.fi platform appears to be circulating under ICSA-26-078-07, but the originating CISA page is currently unavailable behind the DHS web content outage message. Because CISA’s search surface is not returning a...

Schneider Electric has patched a high-severity code injection flaw in EcoStruxure Automation Expert, and the fix matters well beyond a single software update. The advisory says versions prior to v25.0.1 are affected and warns that an authenticated user opening a malicious project file could...

Schneider Electric’s Modicon PLC family is back in the spotlight with a web-facing cross-site scripting issue that affects M241, M251, M258, and LMC058 controllers, and the remediation path is straightforward but operationally significant: update firmware, harden the webserver, and reduce...

Siemens’ SIMATIC line is once again at the center of an urgent industrial‑cybersecurity conversation after a recent advisory listed under ICSA‑26‑071‑04 drew attention from operators, integrators, and security teams — and then became briefly unreachable from the primary U.S. government hosting...

Siemens has issued an urgent update for the RUGGEDCOM APE1808 industrial edge platform after coordinated advisories republished by Siemens ProductCERT and U.S. authorities identified multiple high‑severity vulnerabilities — including CVE‑2026‑24858 and three distinct CVE entries from 2025 — that...

A new cluster of high‑severity vulnerabilities in the Everon OCPP backends has put a large swath of EV charging infrastructure squarely in the crosshairs of operators, fleet managers, and national‑scale network defenders — the flaws allow unauthenticated attackers to impersonate charging...