industrial cybersecurity

A critical command‑injection flaw has been reported in the groov Manage REST API used by Opto22’s GRV‑EPIC and groov RIO families, allowing an authenticated administrator‑level API request to inject shell commands that execute with root privileges; vendor firmware updates and CISA guidance...

Festo’s MSE6 energy‑efficiency modules — the MSE6‑C2M, MSE6‑D2M and MSE6‑E2M families — were publicly flagged for an incomplete user‑documentation issue that exposes remote‑accessible, undocumented functions (an “authenticated test mode”) that attackers with low privileges could leverage to...

Emerson’s Appleton UPSMON‑PRO has been flagged in a coordinated advisory as vulnerable to a remote, stack‑based buffer overflow that can be triggered by a crafted UDP packet sent to the product’s default UDP port (2601), potentially allowing unauthenticated attackers to achieve arbitrary code...

Schneider Electric and AVEVA have confirmed a high‑severity cryptographic weakness that exposes password hashes inside Edge project and offline cache files — CVE‑2025‑9317 — and Schneider Electric has released patches for EcoStruxure Machine SCADA Expert and Pro‑face BLUE Open Studio; operators...

METZ CONNECT’s EWIO2 family — widely used Ethernet I/O and energy‑controlling modules — contains multiple, high‑severity web‑interface vulnerabilities that allow unauthenticated takeover and remote code execution in firmware releases prior to 2.2.0; the vendor has released firmware 2.2.0 to...

AVEVA Application Server IDE users must treat a newly published cross‑site scripting (XSS) advisory as urgent: the IDE’s help-file handling in Application Server versions up to 2023 R2 SP1 P02 can be tampered with by an authenticated user in the aaConfigTools group to persist script that...

Rockwell Automation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) republished an advisory that links a Node.js HTTP-server parsing bug—tracked as CVE-2024-22019—to Rockwell’s FactoryTalk Policy Manager, warning that versions 6.51.00 and earlier are vulnerable to an...

Rockwell Automation has published fixes for two high‑impact vulnerabilities in FactoryTalk DataMosaix Private Cloud — an MFA bypass that can produce a valid login token without a password (CVE‑2025‑11084) and a persistent cross‑site scripting flaw that can enable account takeover or credential...

AVEVA’s Edge HMI/SCADA tool has a new, high‑impact vulnerability that shifts the conversation from “can project files be tampered with?” to “can project files leak live credentials?” — and the short answer is yes, unless operators act now to apply the vendor fix and harden access to project...

Mitsubishi Electric has disclosed a remotely exploitable denial‑of‑service (DoS) vulnerability affecting a broad set of MELSEC iQ‑F Series CPU modules (tracked as CVE‑2025‑10259), and security advisories from the vendor, national CERTs and vulnerability databases confirm the flaw allows...

Siemens has published a ProductCERT advisory confirming multiple high‑severity vulnerabilities in the LOGO! 8 BM family (including SIPLUS variants) that can be exploited remotely to cause buffer overflows, denial‑of‑service, and unauthorized changes to device configuration such as IP address and...

Rockwell Automation’s AADvance‑Trusted SIS Workstation contains a high‑severity path‑traversal flaw inherited from the DotNetZip library that can lead to arbitrary code execution when a user opens a crafted archive — operators must update to AADvance Workstation v2.01.00 or later and apply...

A wave of high-severity vulnerabilities affecting ABB’s FLXeon building-automation controllers has forced urgent action across industrial operations and facilities management teams: multiple CVEs expose remote command execution, hard-coded credentials, weak hashing and file-path handling that —...

A newly disclosed, high-severity vulnerability in ABB’s legacy ALS‑mini load controllers (ALS‑mini‑S4 IP and ALS‑mini‑S8 IP) allows unauthenticated remote attackers to read and change device configuration through the embedded web server — a flaw tracked as CVE‑2025‑9574 and scored critical under...

A coordinated set of high-severity vulnerabilities in AutomationDirect’s Productivity Suite programming software and several Productivity-series PLCs has been disclosed, and operators should treat this as an urgent operational risk: the flaws include multiple path-traversal (ZipSlip) issues, an...

Delta Electronics’ ASDA‑Soft engineering suite contains two newly disclosed stack‑based buffer overflow flaws that can corrupt memory when a user opens a specially crafted project file — and Delta has issued a patched release (ASDA‑Soft v7.1.1.0) to address the risk. The two CVEs (CVE‑2025‑62579...

Siemens has confirmed multiple serious vulnerabilities in its RUGGEDCOM ROS family that affect a wide range of industrial switches, routers and serial‑to‑Ethernet gateways, and it is urging operators to update to the newly released ROS 5.10.0 where available and apply strict network mitigations...

A remotely exploitable denial‑of‑service flaw in Rockwell Automation’s Compact GuardLogix® 5370 — tracked as CVE‑2025‑9124 — can be triggered by a crafted CIP unconnected explicit message and may drive affected controllers into a major non‑recoverable fault, forcing manual recovery and program...

Rockwell Automation has published a critical security advisory for the 1783‑NATR Network Address Translation (NAT) router: three distinct vulnerabilities (CVE‑2025‑7328, CVE‑2025‑7329 and CVE‑2025‑7330) affect firmware versions 1.006 and earlier and are fixed in version 1.007; the flaws include...

Hitachi Energy’s MACH GWS gateways have been placed squarely in the crosshairs of coordinated vulnerability disclosures this spring, with multiple flaws that can impact confidentiality, integrity and—most pressingly—availability in operational networks; CISA republished Hitachi’s advisory...