ot patching

Critical infrastructure operators are being urged to patch Carlson Software’s VASCO-B GNSS Receiver after CISA published a new ICS advisory describing a high-severity authentication flaw that could let a remote attacker change device configuration or interfere with operation. The advisory says...

The release of ICSA-26-099-02 turns a niche industrial product into a straightforward reminder of how dangerous missing authentication can be in operational technology. CISA says a low-privileged remote attacker could send Modbus packets to manipulate register values in GPL Odorizers GPL750...

Schneider Electric’s Plant iT/Brewmaxx advisory is a reminder that modern industrial software risk rarely comes from a single proprietary bug. In this case, the problem sits at the intersection of an embedded third-party component, a high-value automation platform, and a set of operational...

Delta Electronics’ CNCSoft‑G2 has a newly disclosed file‑parsing vulnerability that allows a maliciously crafted project file to trigger an out‑of‑bounds write in the DPAX parser — a flaw that can lead to remote code execution in the context of the running process if a user opens the file...

The list of vulnerabilities recently disclosed in B&R’s APROL industrial automation platform reads like a what’s-what of cybersecurity risks facing critical infrastructure systems today. This advisory, released by CISA and tracked under ICSA-25-093-05, not only highlights the diversity of...