Tag: All CISA Advisories

Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other…

Read more →

View CSAF Summary Schneider Electric is aware of multiple vulnerabilities with EmberZNet disclosed by Silicon Labs. Many vendors, including Schneider Electric, use Silicon Labs’ Zigbee processors in their offers. The following have denial of service vulnerabilities: Wiser iTRV, Wiser RTR,…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. The following versions of iba Systems ibaPDA are affected: ibaPDA (CVE-2025-14988) CVSS Vendor Equipment Vulnerabilities v3 9.8 iba Systems iba…

Read more →

View CSAF Summary MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Products are affected: Application and Data Server (ADS) (CVE-2025-26385) Extended Application and Data…

Read more →

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-21509 Microsoft Office Security…

Read more →

Executive Summary In response to the June 6, 2025, Executive Order (EO) 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Cybersecurity and Infrastructure Security Agency (CISA) is providing and…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code. The following versions of Delta Electronics DIAView are affected: DIAView (CVE-2026-0975) CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DIAView Improper Neutralization…

Read more →

View CSAF Summary Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. The following versions of Weintek cMT X Series HMI EasyWeb Service are affected: cMT3072XH (CVE-2025-14750, CVE-2025-14751) cMT3072XH(T)…

Read more →

View CSAF Summary Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. The following versions of EVMAPA are affected: EVMAPA…

Read more →

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxureTM Process and EcoStruxure™ Process Expert for AVEVA System Platform products. The EcoStruxureTM Process is a single automation system to engineer, operate, and maintain your entire infrastructure for…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix 5370 are affected: CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CVSS Vendor Equipment Vulnerabilities…

Read more →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20045 Cisco Unified Communications Products Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors…

Read more →

View CSAF Summary Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If successfully exploited, these vulnerabilities could result in a denial of service…

Read more →

View CSAF Summary Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server. The following versions of Rockwell Automation Verve Asset Manager are affected: Verve Asset Manager (CVE-2025-14376, CVE-2025-14377) Verve…

Read more →

View CSAF Summary Schneider Electric is aware of a vulnerability disclosed by INTEL used in the EcoStruxure™ Foxboro DCS product formerly known as Foxboro Evo Process Automation System and I/A Series. The [EcoStruxure™ Foxboro DCS product](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/#overview) is an innovative family…

Read more →

View CSAF Summary Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information. The following versions of AVEVA Process Optimization are affected: Process Optimization (CVE-2025-61937, CVE-2025-64691, CVE-2025-61943, CVE-2025-65118,…

Read more →

CISA and the UK National Cyber Security Centre (NCSC-UK), in collaboration with federal and international partners, have released Secure Connectivity Principles for Operational Technology (OT) guidance to help asset owners address increasing business and regulatory pressures for connectivity into operational…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of Rockwell Automation 432ES-IG3 Series A are affected: 432ES-IG3 Series A (CVE-2025-9368) CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation 432ES-IG3…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations. The following versions of Rockwell Automation FactoryTalk DataMosaix Private Cloud are affected: FactoryTalk DataMosaix Private Cloud (CVE-2025-12807) FactoryTalk DataMosaix Private Cloud (CVE-2025-12807)…

Read more →