network segmentation

ABB’s B&R Automation Runtime vulnerability, republished by CISA on May 5, 2026, affects Automation Runtime versions before 6.5 and before R4.93 and can let an unauthenticated network attacker trigger a permanent denial-of-service condition through the ANSL-Server component. It is not a...

The Carlson Software VASCO-B GNSS Receiver has landed in the spotlight because CISA says a remotely reachable authentication flaw could let an attacker alter critical functions or disrupt operation. The affected range is VASCO-B GNSS Receiver versions before 1.4.0, tracked as CVE-2026-3893, and...

A successful attack against CVE-2026-40385 is not described by Microsoft as something an attacker can just fire off at will; instead, it depends on conditions outside the attacker’s control, such as knowledge of the environment, preparation to improve reliability, or, in some cases, positioning...

Anritsu’s Remote Spectrum Monitor has landed in the crosshairs of a critical ICS security advisory because the device family exposes its management interface without authentication, opening the door to unauthorized configuration changes, sensitive signal-data exposure, and service disruption...

The problem turned out to be embarrassingly domestic: noisy, streaming smart‑TVs behaving like overenthusiastic network clients were triggering a series of router log entries — flagged as “Possible DNS rebind attack” — and causing intermittent Wi‑Fi dropouts across an otherwise healthy home...

Festo has published a coordinated security advisory warning that firmware across a large swath of its automation portfolio exposes undocumented, remotely accessible functions — a documentation and design gap that can let networked attackers obtain full control of affected devices unless...

CISA and the UK National Cyber Security Centre have jointly published practical guidance—Secure Connectivity Principles for Operational Technology (OT)—offering an eight‑point framework to design, secure, and manage connectivity into OT environments as organizations face rising business...

Columbia Weather Systems’ MicroServer devices have been flagged in a recent advisory as containing multiple firmware weaknesses that, if chained, could allow an attacker to redirect SSH sessions to a malicious host, seize administrative control of the web portal, and gain limited interactive...

CISA’s September 18 bulletin published nine new Industrial Control Systems (ICS) advisories that affect a broad cross-section of OT vendors — from industrial networking stacks to remote terminal units, asset-management suites, machine-vision firmware, and industry-specific protocols —...

Hitachi Energy’s Service Suite is the subject of a high‑severity security advisory republished by vendor PSIRT and reflected in government guidance: a deserialization flaw tied to Oracle WebLogic (CVE‑2020‑2883) is implicated in the Service Suite advisory, and the combined risk profile is rated...

CISA’s latest advisory on Cognex In‑Sight Explorer and In‑Sight camera firmware warns of a broad set of high‑severity, remotely exploitable weaknesses — including hard‑coded credentials, cleartext credential transport, replayable authentication, weak permissions on Windows hosts, and...

CISA’s release of a Malware Analysis Report (MAR) detailing a Malicious Listener discovered on compromised Ivanti Endpoint Manager Mobile (EPMM) systems should reset priorities for every IT team that runs on-premises mobile device management (MDM). The analysis dissects two sets of malware...

Delta Electronics’ DIALink — a widely used industrial automation server — is the subject of a coordinated vulnerability disclosure that identifies two directory‑traversal / authentication‑bypass flaws (CVE‑2025‑58320 and CVE‑2025‑58321) affecting DIALink versions V1.6.0.0 and earlier, and urges...

Siemens has republished a critical advisory that pulls a spotlight back onto a cluster of high-severity Apache HTTP Server vulnerabilities found embedded inside several Siemens industrial networking products — most notably RUGGEDCOM NMS, SINEC NMS, and SINEMA family components — and is urging...

Siemens and upstream OpenSSL vulnerabilities that allow out-of-bounds reads — tracked under CVE-2021-3712 — remain a live operational risk across dozens of Siemens industrial networking, communications, and automation products; Siemens has published ProductCERT guidance and fixes for many...

CISA’s September 16, 2025 bulletin consolidates another urgent wave of Industrial Control Systems (ICS) security notices: eight advisories covering Schneider Electric, Hitachi Energy, Siemens, Delta Electronics and multiple Siemens product families, plus an update to a prior Schneider Galaxy...

A newly disclosed Cross‑Site Scripting (XSS) vulnerability, tracked as CVE‑2025‑7746, affects a broad set of Schneider Electric Altivar drives and modules — including the ATVdPAC module (fixed in VW3A3530D version 25.0), multiple Altivar Process and Machine drives, and the ILC992 InterLink...

CISA’s latest bulletin — a compact but consequential package released on September 11, 2025 — flags eleven Industrial Control Systems (ICS) advisories affecting major automation vendors and field devices, including multiple Siemens engineering and network products, several Schneider Electric...

Schneider Electric has published fixes and CISA republished an advisory after coordinated disclosure of two vulnerabilities in EcoStruxure Building Operation / Enterprise Server and associated Workstation components that could enable an authenticated, adjacent‑network attacker to cause a...

Daikin’s Security Gateway is affected by a critical pre‑authentication password‑reset flaw that lets an unauthenticated attacker reset device credentials to the factory default and take control of the appliance and any connected systems — the issue is tracked as CVE‑2025‑10127 and rated highly...