industrial control systems

Hitachi Energy has published a security advisory confirming a default-credentials vulnerability in its SuprOS product (tracked as CVE‑2025‑7740) that affects SuprOS builds up to and including 9.2.2.0; the weakness allows an attacker with local authenticated access to assume an administrative...

A newly published CISA advisory warns that Airleader Master — a widely deployed compressed-air control and monitoring platform — contains a critical file‑upload vulnerability that can be exploited to achieve remote code execution on affected installations. The advisory assigns the flaw...

A critical local privilege–escalation flaw has been disclosed in Mitsubishi Electric’s UPS shutdown utility, FREQSHIP-mini for Windows (CVE-2025-10314), affecting versions 8.0.0 through 8.0.2 and allowing a low‑privileged local user to gain SYSTEM privileges by replacing service executables or...

Avation Light Engine Pro has been flagged by a U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory as exposing its entire configuration and control interface without any authentication, a design failure that CISA scores as critical (CVSS v3.1 — 9.8) and traces to CWE‑306...

On October 2024 advisories from both Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) brought renewed attention to a family of denial‑of‑service vulnerabilities that affect the Logix family of controllers — including the widely deployed ControlLogix 5580 line —...

Rockwell Automation’s ArmorStart LT has been publicly flagged for multiple denial-of-service (DoS) vulnerabilities that can render affected motor controllers unresponsive, forcing manual recovery and potentially interrupting production lines. Rockwell’s SD1768 advisory lists nine CVE identifiers...

A newly published security advisory from iba Systems warns that a flaw in ibaPDA could allow unauthorized actions on the file system under certain conditions — a risk that can affect confidentiality, integrity, and availability of managed measurement and acquisition data. The vendor’s fix is...

Rockwell Automation’s CompactLogix 5370 line has been flagged in a coordinated advisory as vulnerable to a denial-of-service condition when sent a malformed Common Industrial Protocol (CIP) forward open message, an issue tracked as CVE‑2025‑11743 and rated with a CVSS v3.1 base score of 6.5. The...

Two newly disclosed vulnerabilities in Rockwell Automation’s Verve Asset Manager expose plaintext secrets in retired, optional components — a wake-up call for OT teams that still run legacy modules and for Windows‑centric engineering workstations that serve as gateways into industrial networks...

AVEVA Process Optimization has been placed on high alert after a coordinated advisory warned that multiple, high‑severity vulnerabilities in the product could allow remote code execution, SQL injection, privilege escalation, and disclosure of sensitive information — a set of conditions that...

CISA’s latest consolidated bulletin parcels out nine Industrial Control Systems (ICS) advisories that expose a familiar — and escalating — set of risks: remotely exploitable firmware and protocol flaws, weak authentication and hard-coded credentials, and insecure management interfaces that...

CISA's release of seven Industrial Control Systems (ICS) advisories on March 18, 2025, spotlights a concentrated wave of high‑severity flaws across multiple widely deployed operational technology (OT) products — most notably several Schneider Electric components, a Rockwell Automation...

OpenPLC_V3 users and ICS operators should treat a recently reported web‑interface flaw with urgency: the project’s web UI was disclosed to contain a Cross‑Site Request Forgery (CSRF) weakness that can be abused to change PLC configuration and upload programs when an administrator’s browser is...

CISA’s January 16, 2025 bulletin that released twelve new Industrial Control Systems (ICS) advisories is a blunt reminder that attackers continue to find and weaponize weaknesses in the hardware and software that run critical infrastructure, and that operators must prioritize patching...

Siemens’ latest SINEMA Remote Connect Server advisory is a reminder that operational security in industrial networks is never static: ProductCERT has published SSA‑626856 (SINEMA Remote Connect Server, all versions prior to V3.2 SP4), addressing two distinct vulnerabilities — one that exposes...

CISA has again pushed a fresh set of Industrial Control Systems (ICS) advisories into the wild, emphasizing the continuing frequency and severity of vulnerabilities found in operational-technology products used across power, manufacturing, building automation, and transportation...

CISA’s consolidated bulletin announcing nine new Industrial Control Systems (ICS) advisories is a blunt reminder that the operational-technology (OT) landscape — and the Windows systems that often bridge to it — remain under persistent attack and demand coordinated, prioritized remediation. The...

CISA on March 20, 2025 published five new Industrial Control Systems (ICS) advisories that flag high‑risk flaws across multiple vendors — Schneider Electric (two advisories), Siemens, SMA Solar Technology, and Santesoft — and urge operators to apply patches and mitigations immediately...

CISA has quietly added CVE-2021-26829 — a stored Cross‑Site Scripting (XSS) vulnerability in OpenPLC’s ScadaBR HMI — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate operational urgency for federal agencies and a practical priority marker for organizations that operate...

CISA’s latest consolidated advisory package is a stark reminder that industrial control systems (ICS) remain a high‑value target for attackers and a bridge between operational technology (OT) and enterprise IT — the agency published a bundle of seven ICS advisories that name multiple widely...