ot security

Dragos’s expanded collaboration with Microsoft marks a decisive step in bringing purpose-built operational technology (OT) security into mainstream enterprise cloud and security operations: the Dragos Platform will run on Microsoft Azure, feed OT telemetry and asset context into Microsoft...

Dragos’s expanded collaboration with Microsoft marks a significant step toward bringing purpose-built operational technology (OT) security into mainstream enterprise cloud and security operations: the Dragos Platform will run on Microsoft Azure, push OT-specific telemetry and asset context into...

A remotely exploitable, high‑severity vulnerability in the Synectix LAN 232 TRIO serial‑to‑Ethernet adapter (CVE‑2026‑1633) leaves the device’s web management interface completely unprotected, allowing unauthenticated attackers to change critical configuration, erase device state, or...

A critical, high‑impact vulnerability in Johnson Controls’ Metasys product line — tracked as CVE‑2025‑26385 in vendor advisories — demands immediate attention from building‑automation teams, Windows administrators, and any organization that uses Metasys ADS/ADX servers, LCS/NAE appliances or the...

Johnson Controls’ iSTAR Configuration Utility (ICU) tool has a newly disclosed vulnerability — a stack‑based buffer overflow assigned CVE‑2025‑26386 — that can crash the Windows host running the utility and, in certain conditions, enable more severe host‑impact outcomes if exploited. The...

Two newly disclosed vulnerabilities in Rockwell Automation’s Verve Asset Manager expose plaintext secrets in retired, optional components — a wake-up call for OT teams that still run legacy modules and for Windows‑centric engineering workstations that serve as gateways into industrial networks...

CISA and the UK National Cyber Security Centre have jointly published practical guidance—Secure Connectivity Principles for Operational Technology (OT)—offering an eight‑point framework to design, secure, and manage connectivity into OT environments as organizations face rising business...

CISA’s latest notice that it has released two Industrial Control Systems advisories underscores a simple but urgent fact: vulnerabilities in operational technology (OT) and medical-device software continue to present high-impact risks to critical infrastructure and patient safety, and they...

CISA’s latest consolidated bulletin parcels out nine Industrial Control Systems (ICS) advisories that expose a familiar — and escalating — set of risks: remotely exploitable firmware and protocol flaws, weak authentication and hard-coded credentials, and insecure management interfaces that...

Rockwell Automation has published an urgent advisory after internal fuzz-testing uncovered two controller defects that can crash or fault Micro800-series devices: an IPv6 stack fault that produces recoverable controller faults (CVE-2025-13823) and a malformed-CIP handling flaw that can drive...

CISA's release of seven Industrial Control Systems (ICS) advisories on March 18, 2025, spotlights a concentrated wave of high‑severity flaws across multiple widely deployed operational technology (OT) products — most notably several Schneider Electric components, a Rockwell Automation...

CISA’s January 16, 2025 bulletin that released twelve new Industrial Control Systems (ICS) advisories is a blunt reminder that attackers continue to find and weaponize weaknesses in the hardware and software that run critical infrastructure, and that operators must prioritize patching...

Siemens has published a coordinated security advisory for Gridscale X Prepay that assigns two new CVE identifiers — CVE‑2025‑40806 and CVE‑2025‑40807 — describing a remotely exploitable user enumeration flaw and an authentication token capture‑replay weakness; Siemens recommends updating all...

Pro‑Russia hacktivist collectives have mounted a wave of opportunistic intrusions against internet‑exposed operational technology (OT) devices worldwide, exploiting unsecured Virtual Network Computing (VNC) connections and weak or default credentials to access human‑machine interfaces (HMIs) in...

CISA and partner agencies have issued a fresh warning: pro‑Russia hacktivist collectives are carrying out opportunistic intrusions against U.S. and global critical infrastructure by exploiting internet‑facing Virtual Network Computing (VNC) connections, a low‑sophistication but high‑impact...

CISA has again pushed a fresh set of Industrial Control Systems (ICS) advisories into the wild, emphasizing the continuing frequency and severity of vulnerabilities found in operational-technology products used across power, manufacturing, building automation, and transportation...

CISA’s consolidated bulletin announcing nine new Industrial Control Systems (ICS) advisories is a blunt reminder that the operational-technology (OT) landscape — and the Windows systems that often bridge to it — remain under persistent attack and demand coordinated, prioritized remediation. The...

CISA’s addition of an OpenPLC ScadaBR vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog puts industrial control system defenders back on high alert: the flaw—reported in 2021 as an unrestricted upload of file with dangerous type that permits uploading and execution of arbitrary...

CISA and Australia’s ACSC, together with federal and international partners, published joint guidance on how to integrate artificial intelligence into operational technology (OT) environments securely, framing a practical set of principles to balance operational gains from AI with the unique...

A coordinated security advisory has exposed high-severity weaknesses in a broad range of Festo products — including the Compact Vision System, multiple Control Block and Controller SKUs, and several Operator Unit models — that can allow remote attackers to read and modify configuration files or...