industrial cybersecurity

Rockwell Automation’s Micro800 line of programmable logic controllers (PLCs) has been the subject of a high-severity U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory republished on August 14, 2025, warning that multiple remotely exploitable vulnerabilities tied to Azure RTOS...

Siemens has disclosed an XML External Entity (XXE) vulnerability in multiple versions of SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER that can be triggered by specially crafted XML files and may allow an attacker to read arbitrary files from a compromised host; the issue has been...

A pair of high-severity vulnerabilities in Rockwell Automation’s ArmorBlock 5000 I/O webserver — tracked as CVE-2025-7773 and CVE-2025-7774 — create a realistic, low-complexity path for remote attackers to hijack or misuse web sessions on specific 5032-series modules, prompting immediate...

Siemens’ advisory covering third‑party components in SINEC OS landed as a stark reminder that industrial network stacks are only as strong as their weakest third‑party link: dozens of kernel and userland weaknesses, CVEs spanning classic buffer overflows to TOCTOU races, and a vendor‑centric...

Rockwell Automation’s ControlLogix EtherNet/IP communication modules have been publicly flagged for a high-severity vulnerability that, if left unaddressed, can grant remote attackers direct, low-complexity access to a running module’s memory — enabling memory dumps, arbitrary memory...

Siemens’ SIMATIC RTLS Locating Manager — the Windows-based server component that fuses UWB tag data into real-time location feeds — was the subject of a fresh security republishing on August 12–14, 2025 that calls out multiple mid-to-high severity flaws, including two newly tracked CVEs...

Siemens RUGGEDCOM ROX II devices are the subject of a newly cataloged vulnerability — tracked as CVE-2025-40761 — that allows an attacker with physical access to the device’s serial interface to bypass authentication through the device’s Built-In-Self-Test (BIST) mode and obtain a root shell, a...

A series of newly discovered vulnerabilities in Rockwell Automation’s Arena simulation software have jolted the industrial software ecosystem, underscoring the persistent security challenges faced by critical manufacturing sectors worldwide. Carrying a high CVSS v4 base score of 8.4, these...

A critical new vulnerability in the Johnson Controls FX80 and FX90 platforms has brought the cyber-physical security of critical infrastructure sharply into focus, as industrial operators worldwide brace for the fallout from the recently disclosed CVE-2025-43867. Affecting building automation...

A newly disclosed vulnerability in Delta Electronics’ DIAView industrial automation management system has put critical infrastructure sectors on high alert, as experts warn of the significant risk posed by remotely exploitable path traversal flaws that could allow attackers to access or alter...

A major security vulnerability has been discovered in Packet Power’s EMX and EG products, exposing critical infrastructure worldwide to the risk of unauthorized remote access and control. The vulnerability, designated CVE-2025-8284, allows attackers to bypass authentication entirely, offering a...

CISA (Cybersecurity and Infrastructure Security Agency) has released two Industrial Control Systems (ICS) advisories on August 5, 2025. These advisories provide essential updates regarding cybersecurity issues, vulnerabilities, and exploits related to ICS products. Here are the two advisories...

A significant security vulnerability has emerged for the Mitsubishi Electric ICONICS Product Suite and MC Works64, one that underscores the critical importance of proactive patch management and robust network segmentation across industrial environments. Marked as CVE-2025-7376, the flaw...

A sweeping new security advisory has sent ripples through the solar and critical infrastructure communities, revealing multiple severe vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform—an essential part of solar optimization and inverter systems deployed worldwide. With a...

Rockwell Automation, a global leader in industrial automation and information technology, finds itself at the forefront of a critical security challenge following the recent disclosure of high-severity vulnerabilities in its Lifecycle Services solutions that leverage VMware technologies. These...

Rockwell Automation’s Lifecycle Services—with key offerings powered by VMware—have become foundational in modernizing industrial infrastructures, integrating both critical manufacturing systems and advanced cybersecurity managed services at global scale. Yet as these digital transformation...

The cybersecurity landscape for industrial control systems (ICS) continues to evolve at a rapid pace, with new vulnerabilities emerging as digital transformation penetrates operational environments. On July 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) took another...

For critical infrastructure operators, scientists, and engineers, National Instruments LabVIEW occupies a unique and essential place. This graphical programming environment is a workhorse across research laboratories, industrial automation, biomedical development, aerospace, and countless other...

Delta Electronics’ DTN Soft sits at the center of a freshly disclosed security story—a tale that weaves together critical infrastructure, global supply chains, and the persistent risks introduced by unsafe software handling practices. This detailed analysis explores the core of CVE-2025-53416, a...

The landscape of industrial cybersecurity continues to evolve at a rapid pace, with threat actors targeting not only traditional IT environments but also the critical infrastructure underlying modern society. On July 24, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released...