industrial cybersecurity

Schneider Electric has confirmed that its EcoStruxure Foxboro DCS Advisor service is affected by a critical Microsoft Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — and operators must prioritize out‑of‑band WSUS patches and layered mitigations to avoid a...

AzeoTech’s DAQFactory has been the subject of a high‑severity industrial control systems (ICS) advisory: multiple memory‑safety and parsing flaws in DAQFactory Release 20.7 (Build 2555) and earlier can be triggered by specially crafted project files (.ctl), and the vendor has released a...

A high‑severity Man‑in‑the‑Middle (MitM) weakness in Siemens’ IAM client has been publicly disclosed and tracked as CVE‑2025‑40800: the client omits proper server certificate validation when establishing TLS connections to Siemens’ authorization servers, creating an exploitable channel for...

Siemens has confirmed a firmware-integrity weakness that affects several access-controller families and could let an attacker install modified firmware on door controllers — a scenario that turns a physical-access appliance into a persistent foothold. The vulnerability, tracked as CVE‑2022‑31807...

Siemens has published a coordinated security advisory for Gridscale X Prepay that assigns two new CVE identifiers — CVE‑2025‑40806 and CVE‑2025‑40807 — describing a remotely exploitable user enumeration flaw and an authentication token capture‑replay weakness; Siemens recommends updating all...

Johnson Controls’ iSTAR Ultra family has been the subject of coordinated security advisories after multiple remote OS command‑injection and related firmware‑integrity weaknesses were disclosed; attackers who successfully chain these issues could modify firmware, gain root access, and take full...

Siemens ProductCERT published a focused advisory on December 9, 2025, confirming a physical authentication‑bypass vulnerability in Elspec G5 Digital Fault Recorder (G5DFR) devices used in Siemens Energy Services deployments that allows an attacker with physical access to reset the Admin password...

Festo’s LX Appliance contains a cross‑site scripting (XSS) exposure tied to a third‑party video player library (video.js) that can be abused by a privileged user to inject script into administrative sessions — a practical, medium‑severity risk for training and control‑system deployments that...

Mitsubishi Electric has disclosed a serious information‑disclosure flaw in GX Works2 that leaves project‑level credentials stored in cleartext inside project files, enabling any actor with access to those files to extract authentication data, open protected projects, and read or alter control...

Advantech’s iView — a widely deployed industrial video monitoring and management platform — is the subject of a fresh, high‑priority coordinated advisory that catalogs multiple remote, authenticated and (in some cases) authenticated‑low‑privilege vulnerabilities that can lead to SQL injection...

A coordinated advisory published for the Zenitel TCIV-3+ intercom — attributed to Claroty Team82 researchers Nir Tepper and Noam Moshe and distributed via government channels — warns of multiple critical, remotely exploitable vulnerabilities including several OS command‑injection flaws, an...

A critical command‑injection flaw has been reported in the groov Manage REST API used by Opto22’s GRV‑EPIC and groov RIO families, allowing an authenticated administrator‑level API request to inject shell commands that execute with root privileges; vendor firmware updates and CISA guidance...

Festo’s MSE6 energy‑efficiency modules — the MSE6‑C2M, MSE6‑D2M and MSE6‑E2M families — were publicly flagged for an incomplete user‑documentation issue that exposes remote‑accessible, undocumented functions (an “authenticated test mode”) that attackers with low privileges could leverage to...

Emerson’s Appleton UPSMON‑PRO has been flagged in a coordinated advisory as vulnerable to a remote, stack‑based buffer overflow that can be triggered by a crafted UDP packet sent to the product’s default UDP port (2601), potentially allowing unauthenticated attackers to achieve arbitrary code...

Schneider Electric and AVEVA have confirmed a high‑severity cryptographic weakness that exposes password hashes inside Edge project and offline cache files — CVE‑2025‑9317 — and Schneider Electric has released patches for EcoStruxure Machine SCADA Expert and Pro‑face BLUE Open Studio; operators...

METZ CONNECT’s EWIO2 family — widely used Ethernet I/O and energy‑controlling modules — contains multiple, high‑severity web‑interface vulnerabilities that allow unauthenticated takeover and remote code execution in firmware releases prior to 2.2.0; the vendor has released firmware 2.2.0 to...

AVEVA Application Server IDE users must treat a newly published cross‑site scripting (XSS) advisory as urgent: the IDE’s help-file handling in Application Server versions up to 2023 R2 SP1 P02 can be tampered with by an authenticated user in the aaConfigTools group to persist script that...

Rockwell Automation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) republished an advisory that links a Node.js HTTP-server parsing bug—tracked as CVE-2024-22019—to Rockwell’s FactoryTalk Policy Manager, warning that versions 6.51.00 and earlier are vulnerable to an...

Rockwell Automation has published fixes for two high‑impact vulnerabilities in FactoryTalk DataMosaix Private Cloud — an MFA bypass that can produce a valid login token without a password (CVE‑2025‑11084) and a persistent cross‑site scripting flaw that can enable account takeover or credential...

AVEVA’s Edge HMI/SCADA tool has a new, high‑impact vulnerability that shifts the conversation from “can project files be tampered with?” to “can project files leak live credentials?” — and the short answer is yes, unless operators act now to apply the vendor fix and harden access to project...