Portsuppe
▣ IT SECURITY · — · rss

ICS-CERT Advisories

Fetch interval: 12h

Items
36
Trust
100/100
Last activity
7/10/2026
Open original siteRSS ↗
Latest items· 36
ICS-CERT Advisories8d07/02

Gardyn IoT Hub

View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) CVSS Vendor Equipment Vulnerabilities v3 10 Gardyn Gardyn IoT Hub Use of Hard-coded Credentials, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improper Neutralization of HTTP Headers for Scripting Syntax Background Critical Infrastructure Sectors: Food and Agricultur

privacy · unknown-it-category-14
ICS-CERT Advisories8d07/02

ST Engineering iDirect iQ-Series Terminals

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 3315‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 9‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) CVSS Vendor Equipment Vulnerabilitie

privacy · unknown-it-category-14
ICS-CERT Advisories8d07/02

CubeSpace CW0057 Reaction Wheel

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas Deployed: Worldwide Company Headquarters Location: So

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

StoneFly Storage Concentrator

View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions of StoneFly Storage Concentrator are affected: Storage Concentrator <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator Virtual Machine <8.0.4.22 (CVE-2026-56415, CVE-2026-5

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

Schneider Electric EcoStruxure IT Data Center Expert

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Ce

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected: MELSOFT Update Manager SW1DND-UDM-M >=1.000A| =1.000A| =1.000A| =1.000A| =1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

Delta Electronics DVP12SE PLC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. The following versions of Delta Electronics DVP12SE PLC are affected: DVP12SE PLC vers:all/* (CVE-2026-12819, CVE-2026-12818) CVSS Vendor Equipment Vulnerabilities v3 9.8 Delta Electronics Delta Electronics DVP12SE PLC Missing Authentication for Cri

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

XZ Utils vulnerability impacting B&R Products

View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impacting B&R Products are affected: PPC3100 <1.8.1, 1.8.1 (CVE-2025-31115) C50 <1.8.0, 1.8.0 (CVE-2025-31115) C80 <1.8.0, 1.8.0 (CVE-2025-31115) FT50 <1.8.1, 1.8.1 (CVE-2025-31115) MT50 <1.8.1, 1.8.1 (CVE-20

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabi

privacy · unknown-it-category-14
ICS-CERT Advisories10d06/30

Schneider Electric EasyLogic T150 and Saitel DP RTU

View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected: EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.30 (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & C

privacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

Siemens Products using OpenSSL

View CSAF Summary OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Products using Ope

privacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

Siemens SIPROTEC 5 Using DIGSI5 Protocol

View CSAF Summary SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should

privacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

Hubbell Aclara Metrum Cellular Web Interface

View CSAF Summary Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. The following versions of Hubbell Aclara Metrum Cellular Web Interface are affected: Aclara Metrum Cellular Web Interface CVSS Vendor Equipment Vulnerabilities v3 7.5 Hubbell Hubbell Aclara Metrum Cellular Web Interface Missing Authentication for Critical Function Background Crit

privacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

ABB Freelance Security Lock

View CSAF Summary Successful exploitation of this vulnerability could allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. The following versions of ABB Freelance Security Lock are affected: ABB System Version (<=Freelance 2013) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2013 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System

privacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

Impact of Linux Kernel vulnerabilities on B&R products

View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The fol

privacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

Siemens WinCC Certificate Manager

View CSAF Summary WinCC Certificate Manager insufficiently protects key material that could allow an attacker to extract sensitive information. Siemens has released a new version for SIMATIC WinCC Unified PC Runtime V21 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens WinCC Certificate Manager are affected: SIMATIC WinCC Unified PC Runtime V16 vers:all/* SIMATIC Wi

borderlineprivacy · unknown-it-category-14
ICS-CERT Advisories17d06/23

Siemens SINEC INS

View CSAF Summary SINEC INS before V1.0 SP2 Update 6 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC INS and recommends to update to the latest version. The following versions of Siemens SINEC INS are affected: SINEC INS vers:intdot/<1.0.2.6 CVSS Vendor Equipment Vulnerabilities v3 8.8 Siemens Siemens SINEC INS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Path Traversal: '/dir/../filename', Execution with Unnecessary Privileges, Use of a One-Way Hash with a Predictable Salt Background Critical Infrastructure S

privacy · unknown-it-category-14
ICS-CERT Advisories24d06/16

Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP are affected: CompactLogix 5370 <=34.016 (CVE-2026-11317) Compact GuardLogix 5370 <=35.015 (CVE-2026-11317) ControlLogix 5570 <=35.015 (CVE-2026-11317) GuardLogix 5570 36.012 (CVE-2026-11317) CVSS Vendor Equipment Vulnerab

privacy · unknown-it-category-14
ICS-CERT Advisories24d06/16

Rockwell Automation FLEX I/O EtherNet/IP Adapters

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of Rockwell Automation FLEX I/O EtherNet/IP Adapters are affected: 1794-AENTR V2.012 (CVE-2026-0646, CVE-2026-0647) 1794-AENTRXT V2.012 (CVE-2026-0646, CVE-2026-0647) CVSS Vendor Equipment Vulnerabilities v3 9.4 Rockwell Automation Rockwell Automation FLEX I/O EtherNet/IP Adapters Missing Release of Memory

privacy · unknown-it-category-14
ICS-CERT Advisories24d06/16

Rockwell Automation FactoryTalk Analytics PavilionX

View CSAF Summary Successful exploitation of this vulnerability could result in an attacker executing privileged operations. The following versions of Rockwell Automation FactoryTalk Analytics PavilionX are affected: FactoryTalk Analytics PavilionX <7.01 (CVE-2025-14272) CVSS Vendor Equipment Vulnerabilities v3 7 Rockwell Automation Rockwell Automation FactoryTalk Analytics PavilionX Missing Authorization Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2025-14272

privacy · unknown-it-category-14
ICS-CERT Advisories24d06/16

Rockwell Automation CompactLogix

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are affected: CompactLogix 5370 L1 CompactLogix 5370 L2 CompactLogix 5370 L3 CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation CompactLogix Improper Validation of Integrity Check Value, Exposure of Sensitive System Information to an Unauthorized Control Sphere Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Hea

privacy · unknown-it-category-14
ICS-CERT Advisories24d06/16

Rockwell Automation RSLinx

View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The following versions of RSLinx Classic Third-Party Vulnerability are affected: RSLinx Classic <=4.50.00 (CVE-2020-13573) CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation RSLinx Classic Third-Party Vulnerability Out-of-bounds Read Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters

privacy · unknown-it-category-14
ICS-CERT Advisories36d06/04

B&R PPT30 Operating System

View CSAF Summary B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. The following versions of B&R PPT30 Operating System are affected: PPT30 Operating System <1.8.0, 1.8.0 (CVE-2025-11482) CVSS Vendor Equipment Vulnerabilities v3 7.5 B&R Industrial Automation GmbH B&R PPT30 Operating System Allocation of Resources Without Limits or Throttlin

privacy · unknown-it-category-14
ICS-CERT Advisories36d06/04

Hitachi Energy ITT600 Explorer

View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service (DoS) attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600 SA Explorer without affecting IEC 61850 system endpoints. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy ITT600 Explorer are affected: ITT600 Explorer vers:ITT600_Explorer/<2.1_SP6, vers:ITT600_Expl

privacy · unknown-it-category-14
ICS-CERT Advisories36d06/04

NAVTOR NavBox

View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. The following versions of NAVTOR NavBox are affected: NavBox 4.16.1.20 (CVE-2026-21404) CVSS Vendor Equipment Vulnerabilities v3 6.3 NAVTOR NAVTOR NavBox Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: Norway Vulnerabilities Expand All + CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains har

privacy · unknown-it-category-14
ICS-CERT Advisories36d06/04

Hitachi Energy RTU500

View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy RTU500 are affected: RTU500 series CMU Firmware vers:RTU500_series_CMU_Firmware/>=12.7.1| =13.5.1| =13.6.1| =13.7.1| =13.7.1|<=13.7.7 (CVE-2025-69421, CVE-2026-24515, CVE-2026-25210, CVE-2026-327

privacy · unknown-it-category-14
ICS-CERT Advisories36d06/04

Hitachi Energy MACH HiDraw

View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy MACH HiDraw are affected: MACH HiDraw vers:MACH_HiDraw/<=9.22 (CVE-2026-7310) CVSS Vendor Equipment Vulnerabilities v3 5.5

privacy · unknown-it-category-14
ICS-CERT Advisories52d05/19

ZKTeco CCTV Cameras

View CSAF Summary Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. The following versions of ZKTeco CCTV Cameras are affected: SSC335-GC2063-Face-0b77 Solution CVSS Vendor Equipment Vulnerabilities v3 9.1 ZKTeco ZKTeco CCTV Cameras Authentication Bypass Using an Alternate Path or Channel Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Lo

privacy · unknown-it-category-14
ICS-CERT Advisories52d05/19

ABB CoreSense HM and CoreSense M10

View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information. The following versions of ABB CoreSense HM and CoreSense M10 are affected: CoreSense™ HM <=2.3.1, 2.3.4 (CVE-2025-3465) CoreSense™ M10 <=1.

privacy · unknown-it-category-14
ICS-CERT Advisories52d05/19

Kieback & Peter DDC Building Controllers

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Kieback & Peter DDC Building Controllers are affected: DDC4002 Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC4200e -> Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC4400e -> Update to version 1.23.5 or newer Vendor fix Update the firmwa

privacy · unknown-it-category-14