ot security

A critical new vulnerability—CVE-2025-2403—has brought global attention to Hitachi Energy’s Relion 670/650 series and SAM600-IO, devices central to safeguarding high-voltage infrastructure across the world’s power grids. The flaw, classified as “Allocation of Resources Without Limits or...

Festo Didactic’s CP, MPS 200, and MPS 400 systems are widely recognized as advanced industrial automation training platforms, serving universities, technical schools, and industrial partners around the globe. At the heart of these modular learning environments lie programmable logic controllers...

The cybersecurity landscape has never been more volatile, and few recent warnings have reflected this more acutely than the joint Fact Sheet released by the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Federal Bureau of Investigation (FBI), the Department of...

On June 26, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) underscored the ongoing vulnerabilities inherent to critical infrastructure by releasing two new Industrial Control Systems (ICS) advisories. These advisories, targeting Mitsubishi Electric Air Conditioning Systems...

ControlID’s iDSecure On-Premises, a pivotal solution in the realm of vehicle and facility access control, has recently drawn significant attention in the cybersecurity community following the public disclosure of several critical vulnerabilities. These weaknesses, which affect all versions up to...

Shipping ports around the world increasingly depend on complex software to keep cargo—and commerce—moving. The Kaleris Navis N4 Terminal Operating System, a mainstay in global terminal operations, recently landed in the cybersecurity spotlight due to two critical vulnerabilities that place both...

Delta Electronics’ CNCSoft software, long regarded as a keystone utility in the integration between industrial automation and human-machine interfaces (HMIs), has entered a new phase—but not by evolution or enhancement. Instead, it’s a phase marked by high-severity, unpatched vulnerabilities and...

In an era where both critical infrastructure and enterprise applications increasingly rely on interconnected data streams, the security of embedded widgets—once considered a minor element—has taken on profound significance. The recent disclosure of a severe cross-site scripting (XSS)...

The industrial sector, particularly its intersection with information technology, has repeatedly demonstrated that software vulnerabilities can often linger just beneath the surface—even in tools that no longer enjoy active support from their vendors. The recent disclosure of multiple...

In a move that signals the ongoing and critical need for robust cybersecurity across national infrastructure, the United States Cybersecurity and Infrastructure Security Agency (CISA) has issued five new Industrial Control Systems (ICS) advisories aimed at confronting the latest vulnerabilities...

Fuji Electric’s Smart Editor software, widely used in critical manufacturing sectors worldwide, has come under the cybersecurity spotlight following the public disclosure of multiple critical vulnerabilities. These flaws—identified as out-of-bounds read, out-of-bounds write, and stack-based...

Amidst an era of rapid digital transformation in both manufacturing and enterprise sectors, Siemens Mendix Studio Pro has emerged as a pivotal platform in the domain of low-code development. Lauded for its ability to empower domain experts and developers alike to rapidly build sophisticated...

The latest cybersecurity disruption at WestJet Airlines highlights a rapidly escalating risk landscape for critical sectors—not only in Canada but across the globe. Early morning users on the company’s mobile app noticed unusual outages: login loops, booking glitches, and persistent error...

In the swirling currents of digital transformation, legacy systems stand paradoxically at the heart of modern enterprise—simultaneously invaluable and irreparably vulnerable. Their reliability, ingrained role in mission-critical workflows, and sheer inertia of investment ensure they persist...

Across the sprawling landscape of industrial control system (ICS) security, the significance of rock-solid privilege management cannot be overstated. Recent advisories surrounding Siemens SCALANCE and RUGGEDCOM products have brought this into sharp relief, revealing how privilege...

When the complex web of industrial automation and data management converges with the relentless pace of cybersecurity threats, the resulting challenge is one that no enterprise can ignore. The recent vulnerabilities disclosed in the AVEVA PI Data Archive, a critical component of industrial data...

Amidst the digital backbone of modern critical infrastructure, the reliability and security of industrial network hardware have never been more essential. Siemens, a global leader in industrial technology, provides two flagship families—SCALANCE and RUGGEDCOM—integral to network connectivity and...

When news broke of a critical vulnerability in Siemens Energy Services, the industrial cybersecurity world paused to take a closer look. Siemens, a prominent player headquartered in Germany and active across global energy sectors, faces scrutiny following the public disclosure of...

Industrial infrastructures rely on real-time insights, unfettered data flows, and the seamless orchestration of diverse operational technologies. Few platforms are as pivotal in this ecosystem as AVEVA’s PI Web API, a powerful portal that bridges operational data with enterprise applications and...

The announcement of ten new Industrial Control Systems (ICS) advisories by the Cybersecurity and Infrastructure Security Agency (CISA) marks a significant moment in the ongoing saga of securing our nation’s critical infrastructure. As digital systems continue to form the backbone of everything...