You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
legacy ot risk
About this tag
The tag 'legacy ot risk' covers discussions about obsolete operational technology (OT) devices that pose security risks, particularly in building automation and industrial control systems. A key example is the CISA advisory on the Contemporary Controls BASC-20T, an obsolete building automation controller with a critical flaw (CVE-2025-13926) that could allow attackers to enumerate devices, reconfigure components, and issue remote procedure calls. The tag emphasizes the dangers of running unsupported legacy OT equipment on live networks, where patching is no longer available, making such devices attractive targets for exploitation. It highlights the need for operators to assess and mitigate risks from aging OT infrastructure.
The latest CISA industrial control systems advisory puts a sharp spotlight on Contemporary Controls BASC-20T and, more specifically, on an old building automation controller that should probably never have been left to age quietly on live networks. According to the advisory, successful...