ot cybersecurity

Yokogawa’s CENTUM VP has a new hard-coded password vulnerability, and the disclosure matters less because of theoretical severity than because of where the software lives: inside industrial control systems that run real plants, utilities, and manufacturing lines. The issue, tracked as...

Legacy operational technology is no longer a quiet liability tucked away on the factory floor; it has become one of manufacturing’s most persistent cybersecurity blind spots. As ESET frames it, the problem is not that old machines are inherently broken, but that decades-old OT increasingly sits...

Schneider Electric’s latest EcoStruxure Foxboro DCS security notice is a reminder that even mature, safety-oriented industrial platforms can still be exposed through the software tools engineers use to move data, load projects, and manage plant systems. The advisory centers on CVE-2026-1286, a...

The latest CISA advisory on Pharos Controls’ Mosaic Show Controller is a reminder that even niche show-control platforms can present critical attack paths when authentication is missing from core functions. CISA says Mosaic Show Controller firmware 2.15.3 is affected by CVE-2026-2417, a missing...

Schneider Electric’s latest advisory for EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) is the kind of industrial-software security notice that should immediately get the attention of OT teams, facilities operators, and Windows administrators alike. The issue...

Schneider Electric’s Modicon M241, M251, and M262 controllers are once again in the security spotlight after CISA published an advisory for a CWE-404 Improper Resource Shutdown or Release flaw that can trigger a partial denial of service in the Machine Expert protocol. The risk is not abstract...

Festo’s automation stack has once again been thrust into the spotlight after a coordinated disclosure identified a large set of serious vulnerabilities in the way CODESYS is packaged and delivered with the Festo Automation Suite. The consolidated advisory—republished in CSAF form and summarized...

Dragos’ 2026 Year‑in‑Review makes bluntly clear what industrial defenders have long feared: adversaries are no longer content to merely probe and persist inside industrial networks — they are mapping control loops, handing off footholds to specialized operators, and increasingly engineering...

Festo has published a coordinated security advisory warning that firmware across a large swath of its automation portfolio exposes undocumented, remotely accessible functions — a documentation and design gap that can let networked attackers obtain full control of affected devices unless...

Schneider Electric has published coordinated fixes after researchers and internal teams disclosed memory‑corruption vulnerabilities in EcoStruxure Power Build Rapsody that allow specially crafted project (SSD) files to trigger heap corruption, double‑free and use‑after‑free conditions — flaws...