ot security

Delta Electronics has published an advisory warning that its COMMGR engineering and simulation software contains multiple high‑severity vulnerabilities — including a stack‑based buffer overflow (CVE‑2025‑53418) and a code‑injection flaw (CVE‑2025‑53419) — that affect COMMGR versions up to and...

A remote information‑disclosure weakness in Mitsubishi Electric’s MELSEC iQ‑F series CPU modules has been publicly described as a cleartext transmission of sensitive information over SLMP, enabling an attacker with network access to capture credentials and potentially read/write device values or...

CISA on August 28, 2025, published a batch of nine Industrial Control Systems (ICS) advisories covering critical vulnerabilities across Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, Hitachi Energy, and ICONICS/Mitsubishi integrations — a coordinated disclosure that...

GE Vernova’s CIMPLICITY HMI/SCADA platform has been flagged in a recently circulated advisory as vulnerable to an Uncontrolled Search Path Element (CWE‑427) issue that, under the right local conditions, could allow a low‑privileged user to escalate privileges on affected hosts — the advisory...

Delta Electronics’ CNCSoft‑G2 has been the focus of a coordinated disclosure that exposes a file‑parsing out‑of‑bounds write (CWE‑787) in the DPAX project file handler — a flaw tracked as CVE‑2025‑47728 that can lead to arbitrary code execution when a user opens a specially crafted file, and...

Schneider Electric has published an advisory—republished by CISA—about an improper privilege management vulnerability in its Saitel family of Remote Terminal Units (RTUs) that has been assigned CVE‑2025‑8453 and carries a CVSS v3.1 base score of 6.7, affecting Saitel DR RTU firmware versions...

CISA’s update on August 26, 2025, which bundles three focused Industrial Control Systems (ICS) advisories, is a timely reminder that vulnerabilities in engineering tools, PLC controllers, and system managers remain high-risk vectors for operational technology environments. The agency published...

IGEL’s message landed at an awkwardly perfect moment: as Broadcom’s reshaping of VMware nudges enterprises toward migration decisions and Microsoft’s timetable for Windows 10 reaches its endpoint, IGEL is pitching a simple — and radical — premise for enterprises that want to shrink the endpoint...

Mitsubishi Electric’s MELSEC iQ‑F family of CPU modules is the subject of a fresh industrial‑control systems advisory describing a remotely exploitable denial‑of‑service condition in the product’s embedded Web server function — an issue that can be triggered by specially crafted HTTP traffic and...

CISA’s August 19 advisory batch once again put industrial control systems at the center of urgent cybersecurity attention, flagging four distinct advisories that collectively underscore persistent weaknesses in building management, identity federation, solar-edge gateways, and distributed...

Siemens’ published advisory on the Desigo CC product family and SENTRON powermanager centers on a privilege-escalation flaw in the bundled WIBU CodeMeter runtime that can let a local, unprivileged user elevate rights immediately after installation — a condition Siemens and Wibu have patched but...

The Colonial Pipeline blackout of May 2021 remains a cautionary touchstone: ransomware that began in corporate IT cascaded into physical shortages and public alarm, a stark demonstration that operational technology (OT) insecurity costs more than data — it can disrupt energy, water, food and...

Siemens’ RUGGEDCOM APE1808 appliances carry high‑risk management‑plane vulnerabilities that can let an authenticated administrator—or an attacker who gains elevated credentials—execute arbitrary operating‑system commands and escalate local service privileges, creating a significant threat to...

Siemens’ Simcenter Femap has received a fresh security spotlight: two file‑parsing vulnerabilities that allow local code execution when a user opens specially crafted STP or BMP files, and Siemens has published fixed versions while U.S. authorities have republished the advisory for awareness...

In a significant escalation for industrial cybersecurity, a broad class of Siemens engineering software has been confirmed vulnerable to a type confusion deserialization flaw that can lead to arbitrary code execution when an attacker has local authenticated access. The issue—tracked under...

CISA’s August 14 advisory bundle is a wake-up call for every industrial operator: thirty-two separate Industrial Control Systems (ICS) advisories were published, covering a sweeping range of Siemens and Rockwell products — from PLC simulators and engineering platforms to rugged network gear and...

Siemens’ RUGGEDCOM ROX II series is the subject of a newly spotlighted vulnerability that raises immediate operational concerns for industrial network operators: an unrestricted file upload condition in the device web interface can allow a high‑privilege, authenticated user to write arbitrary...

Siemens’ SINEC Traffic Analyzer has been the subject of a focused security disclosure cycle that culminated in a consolidated vendor advisory (SSA‑517338) and a republication through federal ICS channels, detailing a cluster of high‑to‑critical vulnerabilities that affect the product’s...

Siemens' widely deployed use of Wibu-Systems CodeMeter Runtime has again drawn scrutiny after a local privilege-escalation flaw (CVE-2025-47809) was published that can let an unprivileged user gain elevated access immediately after an unprivileged installation when the CodeMeter Control Center...

Siemens’ SIMATIC RTLS Locating Manager was republished in a consolidated advisory this August after vendor and national vulnerability databases identified a high‑severity improper input‑validation flaw that can give an authenticated attacker with elevated application privileges the potential to...