scada

Advantech WebAccess/SCADA operators need to act now: a coordinated advisory published today documents multiple high‑severity vulnerabilities in WebAccess/SCADA that — when chained or exploited individually — can let an authenticated attacker read or modify remote databases, perform path...

CISA’s addition of an OpenPLC ScadaBR vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog puts industrial control system defenders back on high alert: the flaw—reported in 2021 as an unrestricted upload of file with dangerous type that permits uploading and execution of arbitrary...

CISA has quietly added CVE-2021-26829 — a stored Cross‑Site Scripting (XSS) vulnerability in OpenPLC’s ScadaBR HMI — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate operational urgency for federal agencies and a practical priority marker for organizations that operate...

Hitachi Energy’s widely deployed RTU500 series has been the subject of a renewed and broad advisory outlining multiple, exploitable parsing and memory-corruption flaws that can trigger Denial‑of‑Service (DoS) conditions and — in at least one case — permit bypass of secure firmware update checks...

Siemens’ SINEC Traffic Analyzer has been the subject of a focused security disclosure cycle that culminated in a consolidated vendor advisory (SSA‑517338) and a republication through federal ICS channels, detailing a cluster of high‑to‑critical vulnerabilities that affect the product’s...

On August 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), together with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA) and several international partners, published detailed guidance aimed at helping...

A critical vulnerability has sent ripples through the global industrial cybersecurity community: all versions of Schneider Electric’s Galaxy VS, Galaxy VL, and Galaxy VXL uninterruptible power supplies (UPS), widely used to protect critical infrastructure, are exposed to a remotely exploitable...

Imagine managing a sprawling web of oil and gas pipelines, where the cost of a delayed response is measured not just in dollars, but in safety and continuity. Traditionally, the backbone technology enabling this vigilance—known as SCADA, or Supervisory Control and Data Acquisition—has played an...

Industrial AI Breakthrough: Modernizing SCADA for the Digital Era The industrial world is no stranger to transformation. As digitalization continues to reshape our technological landscape, legacy systems across industries are undergoing a radical overhaul. At the forefront of this revolution is...

Ladies and gentlemen of the WindowsForum.com community, today we've got a cybersecurity advisory that's crucial for anyone in or adjacent to the industrial control systems (ICS) or critical infrastructure sectors. Grab your coffee and buckle up, because this one packs a punch. Schneider...

In a proactive move, the Cybersecurity and Infrastructure Security Agency (CISA) has released four Industrial Control Systems (ICS) advisories on January 10, 2025, highlighting critical vulnerabilities affecting manufacturing, automation, and industrial operations worldwide. These advisories aim...

When it comes to industrial control systems, security isn't just a precaution—it's a necessity. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued a high-priority advisory pertaining to a critical vulnerability in iniNet Solutions SpiderControl SCADA PC HMI Editor. With...

On January 10, 2023, a pivotal change occurred in the landscape of cybersecurity advisories regarding critical infrastructure products manufactured by Siemens. Effective immediately, CISA (the Cybersecurity and Infrastructure Security Agency) announced that it would no longer update security...

In the vast ocean of cyber vulnerabilities, few are as critical and pressing as those found in Supervisory Control and Data Acquisition (SCADA) systems. These systems, integral to managing an array of industrial operations ranging from power generation to water treatment, have increasingly...

Original release date: October 14, 2021 Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on Link Removed. • If you use RDP, secure and monitor it. • Use Link Removed. • Use Link Removed. Note: This advisory uses the MITRE...

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information...

Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...

Original release date: October 20, 2017 Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...

Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued June 16 by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) This could cause denial of service...

Dillon Beresford and Brian Meixell were planning to perform a demonstration of how to attack critical infrastructure at the TakeDown Conference but cancelled after they were "asked very nicely" to refrain from providing that information. Beresford, a security analyst at NSS Labs, told Link...