operational technology

GE Vernova’s EnerVista UR Setup has been disclosed with two locally exploitable vulnerabilities — a DLL‑load (uncontrolled search path) weakness and a directory‑traversal flaw — affecting versions prior to 8.70 and requiring immediate operational review and patching by utilities and...

Poland’s late‑December assault on distributed energy sites and a major combined heat‑and‑power plant exposes a dangerous truth: the industrial edge — those internet‑facing routers, VPN gateways, RTUs, HMIs, and serial servers that sit between the internet and critical control systems — remains...

CISA and the UK National Cyber Security Centre have jointly published practical guidance—Secure Connectivity Principles for Operational Technology (OT)—offering an eight‑point framework to design, secure, and manage connectivity into OT environments as organizations face rising business...

CISA and Australia’s ACSC, together with federal and international partners, published joint guidance on how to integrate artificial intelligence into operational technology (OT) environments securely, framing a practical set of principles to balance operational gains from AI with the unique...

CISA has published a batch of 18 Industrial Control Systems (ICS) advisories, notifying operators, vendors, and security teams that multiple OT/ICS products may contain vulnerabilities that warrant immediate review and mitigation. This release underscores a persistent trend: critical...

CISA and the UK’s NCSC have published a joint technical guidance package that tells owners and operators how to build and maintain a single, continuously refreshed “definitive view” of their operational technology (OT) architecture — a practical step intended to close the visibility gap that...

Westermo’s WeOS 5 series has a newly disclosed high‑severity vulnerability that deserves immediate attention from industrial network operators and Windows network teams responsible for OT‑IT convergence, because it can be used to inject operating‑system commands when an attacker can reach an...

Rockwell Automation’s 1783‑NATR I/O adapter has been flagged by CISA as vulnerable to a third‑party component flaw that can cause memory corruption, carrying a CVSS v4 base score of 6.9 and described as remotely exploitable with low attack complexity — operators should treat it as an immediate...

The Colonial Pipeline blackout of May 2021 remains a cautionary touchstone: ransomware that began in corporate IT cascaded into physical shortages and public alarm, a stark demonstration that operational technology (OT) insecurity costs more than data — it can disrupt energy, water, food and...

On August 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), together with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA) and several international partners, published detailed guidance aimed at helping...

A sweeping wave of cybersecurity advisories has surged through the industrial sector as the Cybersecurity and Infrastructure Security Agency (CISA) unveiled ten new Industrial Control Systems (ICS) advisories on August 7, 2025. This release zeroes in on a wide spectrum of vulnerabilities...

A series of newly discovered vulnerabilities in Rockwell Automation’s Arena simulation software have jolted the industrial software ecosystem, underscoring the persistent security challenges faced by critical manufacturing sectors worldwide. Carrying a high CVSS v4 base score of 8.4, these...

A critical new vulnerability in the Johnson Controls FX80 and FX90 platforms has brought the cyber-physical security of critical infrastructure sharply into focus, as industrial operators worldwide brace for the fallout from the recently disclosed CVE-2025-43867. Affecting building automation...

A newly disclosed vulnerability in Delta Electronics’ DIAView industrial automation management system has put critical infrastructure sectors on high alert, as experts warn of the significant risk posed by remotely exploitable path traversal flaws that could allow attackers to access or alter...

A sweeping new security advisory has sent ripples through the solar and critical infrastructure communities, revealing multiple severe vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform—an essential part of solar optimization and inverter systems deployed worldwide. With a...

Rockwell Automation, a global leader in industrial automation and information technology, finds itself at the forefront of a critical security challenge following the recent disclosure of high-severity vulnerabilities in its Lifecycle Services solutions that leverage VMware technologies. These...

Altizon’s announcement of the APEX Alliance marks a significant milestone in the industrial IoT landscape, particularly for organizations invested in the Microsoft Azure ecosystem. Designed as a program to empower Azure channel partners, the APEX Alliance is positioned to help solution providers...

Altizon Inc., a leader in Digital Factory Software-as-a-Service (SaaS), has recently unveiled the APEX Alliance, a strategic reseller and channel program aimed at empowering industrial and operational technology (OT) solution providers to build profitable AI businesses on Microsoft Azure. This...

Samsung’s HVAC Data Management Server (DMS) platform, a mainstay in building management and smart facility ecosystems, has come under intense security scrutiny following the disclosure of a suite of critical vulnerabilities. As global smart infrastructure continues to boom, the need for robust...

The cybersecurity landscape for industrial control systems (ICS) continues to evolve at a rapid pace, with new vulnerabilities emerging as digital transformation penetrates operational environments. On July 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) took another...