0
newNew Helix vishing group emerges in SharePoint data theft attacks

A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. [...]

0
newBlock reaches $45M settlement with 46 states over Cash App fraud probe

State attorneys general said they found that Block misled users by falsely advertising that Cash App provided bank-like protections, including advanced fraud detection.

0
newNew Forg365 phishing platform uses AI to target Microsoft 365 accounts

A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation. [...]

0
newHong Kong regulator orders new anti-phishing measures for crypto platforms

Hong Kong’s regulator has ordered crypto platforms and online brokers to meet newly issued phishing-resistant login requirements within the next 12 months.

0
newSchneider Electric PowerChute Serial Shutdown

View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown <=1.4  CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix The following product versions have been fixed: PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2399. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2399. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2399. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 4.0 6.9 MEDIUM CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-2404 PowerChute is vulnerable to improper output encoding, which may allow crafted input to be reflected in log files in unexpected ways. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2404. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2404. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2404. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-116 Improper Encoding or Escaping of Output Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.0 6.9 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-2402 PowerChute is vulnerable to insufficient limitations on repeated authentication attempts across multiple endpoints. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix (CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix (CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2402. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2402. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2402. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.0 6.9 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-2405 PowerChute is vulnerable to uncontrolled resource consumption when certain system operations are triggered excessively. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2405. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2405. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2405. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-400 Uncontrolled Resource Consumption Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 4.0 5.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-2403 PowerChute is vulnerable to improper validation of quantity‑related inputs, which can cause event and data logs to be truncated. As a result, important audit information may be lost, reducing visibility into system behavior. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2403. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2403. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2403. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-1284 Improper Validation of Specified Quantity in Input Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 4.0 5.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-2400 PowerChute is vulnerable to improper handling of newline sequences in certain inputs, enabling unexpected modification of configuration‑related data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2400. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2400. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2400. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 4.0 5.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-2401 PowerChute is vulnerable to improper logging of sensitive information when certain user‑triggered operations occur. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2401. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2401. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2401. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-532 Insertion of Sensitive Information into Log File Metrics CVSS Version Base Score Base Severity Vector String 3.1 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 4.0 2.4 LOW CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Schneider Electric reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-14 Date Revision Summary 2026-04-14 1 Initial Publication 2026-07-09 2 Initial Republication of Schneider Electric CPCERT SEVD-2026-104-01 Legal Notice and Terms of Use

0
newOpenPLC v3

View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user. The following versions of OpenPLC v3 are affected: OpenPLC v3 CVSS Vendor Equipment Vulnerabilities v3 9.9 OpenPLC OpenPLC v3 External Control of File Name or Path Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-14480 OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attacker‑controlled absolute paths, an authenticated user can write arbitrary files anywhere writable by the OpenPLC webserver process. In the default build pipeline, all C++ source files within the OpenPLC runtime core directory are automatically compiled into the executable runtime binary. By writing a malicious .cpp file into this directory, an authenticated attacker can escalate the arbitrary file write into arbitrary native code execution when the operator triggers a normal program compilation and runtime start. View CVE Details Affected Products OpenPLC v3 Vendor: OpenPLC Product Version: OpenPLC OpenPLC: v3 Product Status: known_affected Remediations Vendor fix OpenPLC recommends users upgrade to OpenPLC v4 as OpenPLC v3 is end-of-life and is no longer receiving patches, bug fixes, or security updates. Relevant CWE: CWE-73 External Control of File Name or Path Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Grady DeRosa reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-07-09 Date Revision Summary 2026-07-09 1 Initial Publication Legal Notice and Terms of Use

0
Interpol operation exposes $122M crypto wallet tied to romance scam laundering

Interpol said a suspect's crypto wallet processed over $122.5 million in 10 months as authorities uncovered the scheme during a global anti-fraud operation that led to 5,811 arrests.

0
Police arrests 5,800 suspects in global anti-fraud crackdown

Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries. [...]

0
Trader loses $1M after signing phishing token approval

Onchain scammers netted more than $14 billion last year, and approval phishing remains a primary attack vector.

0
Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.

0
Vidar Infostealer Hammers SMBs via Malvertising Campaign

A financially motivated operation uses lures of cracked or pirated software to deliver a malware two-for-one combo for data theft and cryptomining.

0
Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

0
CFTC charges commodity, crypto pool operator with $14M fraud

The CFTC has launched a rare crypto-related enforcement action against a commodity pool operator that allegedly defrauded investors of more than $14 million.

0
Accenture confirms breach after hacker offers stolen data for sale

IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. [...]

0
Big Brand Jobs Scam Targets Marketing Pros' Google Accounts

The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.

0
Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft

Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.

0
X adds a video editor to encourage creators to post original content, not stolen reposts

X is rolling out a new video editor and recorder for iOS with multilingual captions, green-screen effects, and other editing tools.

0
Webinar tomorrow: Why modern email attacks require a new approach to defense

Tomorrow's webinar explores how behavioral AI can help organizations detect sophisticated phishing, business email compromise, and account takeover attacks while reducing alert fatigue through automated investigation and response workflows. [...]

0
Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

The company just raised $7 million in seed funding, and is launching its app for iPhone and Android on Tuesday.

0
Labcenter Proteus 9

View CSAF Summary Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations. The following versions of Labcenter Proteus 9 are affected: Proteus 9.1_SP4_Build_42914 CVSS Vendor Equipment Vulnerabilities v3 7.8 Labcenter Electronics Labcenter Proteus 9 Out-of-bounds Write, Stack-based Buffer Overflow, Use After Free Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Defense Industrial Base, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United Kingdom Vulnerabilities Expand All + CVE-2026-42953 The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution. View CVE Details Affected Products Labcenter Proteus 9 Vendor: Labcenter Electronics Product Version: Labcenter Electronics Proteus: 9.1_SP4_Build_42914 Product Status: known_affected Remediations Vendor fix Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly. Mitigation If you have questions or need help please contact Labcenter or your local distributor. Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-49033 The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code. View CVE Details Affected Products Labcenter Proteus 9 Vendor: Labcenter Electronics Product Version: Labcenter Electronics Proteus: 9.1_SP4_Build_42914 Product Status: known_affected Remediations Vendor fix Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly. Mitigation If you have questions or need help please contact Labcenter or your local distributor. Relevant CWE: CWE-121 Stack-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-42958 The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process. View CVE Details Affected Products Labcenter Proteus 9 Vendor: Labcenter Electronics Product Version: Labcenter Electronics Proteus: 9.1_SP4_Build_42914 Product Status: known_affected Remediations Vendor fix Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly. Mitigation If you have questions or need help please contact Labcenter or your local distributor. Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Michael Heinzl reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. Revision History Initial Release Date: 2026-07-07 Date Revision Summary 2026-07-07 1 Initial Publication Legal Notice and Terms of Use

0
Hitachi Energy PROMOD V

View CSAF Summary Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access. The following versions of Hitachi Energy PROMOD V are affected: PROMOD V vers:PROMOD_V/<=1.0.10 CVSS Vendor Equipment Vulnerabilities v3 7.1 Hitachi Energy Hitachi Energy PROMOD V Reliance on HTTP instead of HTTPS Background Critical Infrastructure Sectors: Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-10763 PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. View CVE Details Affected Products Hitachi Energy PROMOD V Vendor: Hitachi Energy Product Version: PROMOD V versions 1.0.10 and prior Product Status: known_affected Remediations Vendor fix Upgrade to version 1.0.11 and enable HTTPS on Digipede server. [2] Refer to “1.0.11 PROMOD V User Guide”, Section 2 Essential Skills->Running PROMOD V->Digipede Grid. Alternatively, refer to the same section in the online help contained in the application. Mitigation Apply general mitigation factors Relevant CWE: CWE-1428 Reliance on HTTP instead of HTTPS Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 4.0 7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Acknowledgments Hitachi Energy Internal Team Notice The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners. Support For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers. General Mitigation Factors Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. Additional information on Industrial Control Systems Cybersecurity Best Practices can be found in the Hitachi Energy “Industrial Control Systems Cybersecurity Best Practices” Cybersecurity Notification. [1] SSVC SSVCv2/E:N/A:N/2026-06-29T12:01:59Z/ Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000250 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-06-30 Date Revision Summary 2026-06-30 1 Initial public release 2026-07-07 2 Initial CISA Republication of Hitachi Energy PSIRT 8DBD000250 advisory Legal Notice and Terms of Use

0
Trump says he became ‘a big crypto guy’ partly for politics

US President Donald Trump once called Bitcoin “a scam,” but admitted on Monday that he got involved in crypto “a little bit for politics.”

0
The ‘first’ AI-run ransomware attack still needed a human

An AI agent carried out the technical execution of a real-world ransomware attack for the first known time, but new details show a human still chose the victim, set up the infrastructure, and supplied stolen credentials — meaning it wasn't quite the fully autonomous cybercrime debut that last week's headlines suggested.

0
BonkDAO reports $20M theft from ‘malicious governance proposal’

The developers behind the memecoin project said they had informed law enforcement after the attack and were working to “recover funds and identify those responsible.”

0
Phishing poses as big-brand job interview to steal Google accounts

A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]

0
Belgian regulator flags 6 unauthorized crypto providers after MiCA deadline

Belgium’s FSMA warned consumers about six crypto-asset service providers it added to a fraudulent CASP list days after the EU’s MiCA transitional period expired.

0
Nigel Farage accepted gifts from crypto-linked fraudster: Report

Before he was an MP, Nigel Farage was reportedly gifted staff, security and other benefits from George Cottrell, a convicted fraudster involved in a crypto casino.

0
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]

0
Belgian police arrest suspected phishing gang leader tied to $572K theft

Belgian authorities say a European phishing gang stole over $572,000 from victims before laundering the proceeds through cryptocurrency.

0
CubeSpace CW0057 Reaction Wheel

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas Deployed: Worldwide Company Headquarters Location: South Africa Vulnerabilities Expand All + CVE-2026-13743 CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication. View CVE Details Affected Products CubeSpace CW0057 Reaction Wheel Vendor: CubeSpace Product Version: CubeSpace CW0057 Reaction Wheel: <firmware_5.0.20 Product Status: known_affected Remediations Vendor fix CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed‑boot functionality, particularly the fully immutable mode, to achieve full security. Mitigation CubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, CubeSpace offers optional cryptographic secure boot of varying security levels which customers can enable. Given the physical-access prerequisite and the availability of recovery, CubeSpace assesses the practical risk as low. Relevant CWE: CWE-347 Improper Verification of Cryptographic Signature Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 4.0 3.3 LOW CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P Acknowledgments Anthony Rose reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-07-02 Date Revision Summary 2026-07-02 1 Initial Publication Legal Notice and Terms of Use

0
ST Engineering iDirect iQ-Series Terminals

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 3315‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 9‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) CVSS Vendor Equipment Vulnerabilities v3 8.1 ST Engineering iDirect ST Engineering iDirect iQ-Series Terminals Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) Background Critical Infrastructure Sectors: Communications, Defense Industrial Base, Energy, Government Services and Facilities, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-38059 The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance. View CVE Details Affected Products ST Engineering iDirect iQ-Series Terminals Vendor: ST Engineering iDirect Product Version: ST Engineering iDirect Evolution iQ‑Series terminals: <=4.5.2.1, ST Engineering iDirect 3315‑Series terminals: <=4.5.2.1, ST Engineering iDirect 9‑Series terminals: <=4.5.2.1 Product Status: known_affected Remediations Mitigation ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer. Mitigation Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s/login. https://support.idirect.net/s/login Mitigation Restrict management interfaces to trusted networks (e.g., VPN, ACLs). Mitigation Avoid exposing administrative APIs to the public internet. Mitigation Enforce strong authentication practices. Mitigation Monitor for anomalous API activity and unexpected device reboots. Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-38057 The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition. View CVE Details Affected Products ST Engineering iDirect iQ-Series Terminals Vendor: ST Engineering iDirect Product Version: ST Engineering iDirect Evolution iQ‑Series terminals: <=4.5.2.1, ST Engineering iDirect 3315‑Series terminals: <=4.5.2.1, ST Engineering iDirect 9‑Series terminals: <=4.5.2.1 Product Status: known_affected Remediations Mitigation ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer. Mitigation Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s/login. https://support.idirect.net/s/login Mitigation Restrict management interfaces to trusted networks (e.g., VPN, ACLs). Mitigation Avoid exposing administrative APIs to the public internet. Mitigation Enforce strong authentication practices. Mitigation Monitor for anomalous API activity and unexpected device reboots. Relevant CWE: CWE-352 Cross-Site Request Forgery (CSRF) Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 4.0 7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Ahmed Alqahtani of Aramco reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-07-02 Date Revision Summary 2026-07-02 1 Initial Publication Legal Notice and Terms of Use

0
FortiBleed credential-theft campaign linked to Lynx ransomware

The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]

0
Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS

Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.

0
Webinar: Why traditional email security is no longer enough

Modern phishing, business email compromise, and account takeover attacks increasingly exploit trusted identities and legitimate business workflows, making them harder for traditional email defenses to detect. This webinar explores how behavioral AI can help organizations automate detection and response. [...]

0
Turning Indicators into Intelligence in OpenCTI with Criminal IP

Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and phishing analysis. [...]

0
Amazon fined $2.25M for withholding evidence from fraud victims

The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]

0
Former Goliath Ventures CEO pleads guilty in $400M crypto Ponzi case

Former Goliath Ventures CEO Christopher Delgado pleaded guilty to fraud and money laundering and agreed to forfeit properties, vehicles, luxury goods and crypto wallets.

0
New BioShocking attack manipulates AI browser into data theft

A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...]

0
Lessons from the Underground: How to Combat Business Email Compromise

Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. [...]

0
Schneider Electric EasyLogic T150 and Saitel DP RTU

View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected: EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.30 (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.31 (CVE-2026-9651) Saitel DP Remote Terminal Unit & Controller <=11.06.35 (CVE-2026-9650) Saitel DP Remote Terminal Unit & Controller <=11.06.37 (CVE-2026-9651) CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electric EasyLogic T150 and Saitel DP RTU Insufficiently Protected Credentials, Incorrect Permission Assignment for Critical Resource Background Critical Infrastructure Sectors: Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-9650 CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files.With this credential an attacker could subsequently compromise the device if they have physical access to the device. View CVE Details Affected Products Schneider Electric EasyLogic T150 and Saitel DP RTU Vendor: Schneider Electric Product Version: Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller: <=11.06.30, Schneider Electric Saitel DP Remote Terminal Unit & Controller: <=11.06.35 Product Status: known_affected Remediations Vendor fix Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Firmware (<=11.06.30) installed on Schneider Electric EasyLogic T150 Remote Terminal Unit & Controller (All versions): Version 11.06.32 of EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller includes a fix for these vulnerabilities and is available: Contact Schneider Electric's Customer Care Center to download this firmware. Reboot needed: Yes. Vendor fix (CVE-2026-9650) Saitel DP Remote Terminal Unit & Controller Firmware (<=11.06.35) installed on Schneider Electric Saitel DP Remote Terminal Unit & Controller (All versions): Version 11.06.38 of SAITEL DP Remote Terminal Unit & Controller includes a fix for these vulnerabilities and is available: Contact Schneider Electric's Customer Care Center to download this firmware. Reboot needed: Yes. Vendor fix The following product versions have been fixed: Firmware Version 11.06.32 installed on EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller are fixed versions for CVE-2026-9650 Vendor fix Firmware Version 11.06.38 installed on Saitel DP Remote Terminal Unit & Controller are fixed versions for CVE-2026-9650 Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-160-02 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf).CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-160-02.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-160-02 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf).CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-160-02.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-160-02.json Relevant CWE: CWE-522 Insufficiently Protected Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-9651 CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files. View CVE Details Affected Products Schneider Electric EasyLogic T150 and Saitel DP RTU Vendor: Schneider Electric Product Version: Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller: <=11.06.31, Schneider Electric Saitel DP Remote Terminal Unit & Controller: <=11.06.37 Product Status: known_affected Remediations Vendor fix (CVE-2026-9651) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Firmware (<=11.06.31) installed on Schneider Electric EasyLogic T150 Remote Terminal Unit & Controller (All versions): Version 11.06.32 of EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller includes a fix for these vulnerabilities and is available: Contact Schneider Electric's Customer Care Center to download this firmware. Reboot needed: Yes. Vendor fix (CVE-2026-9651) Saitel DP Remote Terminal Unit & Controller Firmware (<=11.06.37) installed on Schneider Electric Saitel DP Remote Terminal Unit & Controller (All versions): Version 11.06.38 of SAITEL DP Remote Terminal Unit & Controller includes a fix for these vulnerabilities and is available: Contact Schneider Electric's Customer Care Center to download this firmware. Reboot needed: Yes. Vendor fix Firmware Version 11.06.32 installed on EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller are fixed versions for CVE-2026-9651 Vendor fix Firmware Version 11.06.38 installed on Saitel DP Remote Terminal Unit & Controller are fixed versions for CVE-2026-9651 Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-160-02 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf).CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-160-02.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-160-02 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf).CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-160-02.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-160-02.json Relevant CWE: CWE-732 Incorrect Permission Assignment for Critical Resource Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 4.0 6.7 MEDIUM CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Dick Brooks of Business Cyber Guardian reported this vulnerability to Schneider Electric. (CVE-2026-9650) Internal Researcher of Schneider Electric reported this vulnerability to CISA. (CVE-2026-9651) Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-09 Date Revision Summary 2026-06-09 1 Initial Publication 2026-06-30 2 Initial Republication of Schneider Electric CPCERT SEVD-2026-160-02 Legal Notice and Terms of Use

0
OFFIS DCMTK Toolkit

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. The following versions of OFFIS DCMTK Toolkit are affected: DCMTK <=3.7.0 (CVE-2026-50003, CVE-2026-50254, CVE-2026-35505, CVE-2026-52868, CVE-2026-44628) CVSS Vendor Equipment Vulnerabilities v3 9.8 OFFIS OFFIS DCMTK Toolkit Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Release of Memory after Effective Lifetime, Access of Resource Using Incompatible Type ('Type Confusion') Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-50003 A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths. View CVE Details Affected Products OFFIS DCMTK Toolkit Vendor: OFFIS Product Version: OFFIS DCMTK: <=3.7.0 Product Status: known_affected Remediations Mitigation The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: Vendor fix https://github.com/DCMTK/dcmtk/releases/tag/latest. https://github.com/DCMTK/dcmtk/releases/tag/latest Mitigation Users are recommended to download the latest GitHub release once it becomes available. Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-50254 An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it. View CVE Details Affected Products OFFIS DCMTK Toolkit Vendor: OFFIS Product Version: OFFIS DCMTK: <=3.7.0 Product Status: known_affected Remediations Mitigation The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: Vendor fix https://github.com/DCMTK/dcmtk/releases/tag/latest. https://github.com/DCMTK/dcmtk/releases/tag/latest Mitigation Users are recommended to download the latest GitHub release once it becomes available. Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-35505 An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart. View CVE Details Affected Products OFFIS DCMTK Toolkit Vendor: OFFIS Product Version: OFFIS DCMTK: <=3.7.0 Product Status: known_affected Remediations Mitigation The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: Vendor fix https://github.com/DCMTK/dcmtk/releases/tag/latest. https://github.com/DCMTK/dcmtk/releases/tag/latest Mitigation Users are recommended to download the latest GitHub release once it becomes available. Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-52868 An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation. View CVE Details Affected Products OFFIS DCMTK Toolkit Vendor: OFFIS Product Version: OFFIS DCMTK: <=3.7.0 Product Status: known_affected Remediations Mitigation The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: Vendor fix https://github.com/DCMTK/dcmtk/releases/tag/latest. https://github.com/DCMTK/dcmtk/releases/tag/latest Mitigation Users are recommended to download the latest GitHub release once it becomes available. Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 4.0 8.8 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-44628 An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record. View CVE Details Affected Products OFFIS DCMTK Toolkit Vendor: OFFIS Product Version: OFFIS DCMTK: <=3.7.0 Product Status: known_affected Remediations Mitigation The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: Vendor fix https://github.com/DCMTK/dcmtk/releases/tag/latest. https://github.com/DCMTK/dcmtk/releases/tag/latest Mitigation Users are recommended to download the latest GitHub release once it becomes available. Relevant CWE: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Acknowledgments Abhinav Agarwal reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-30 Date Revision Summary 2026-06-30 1 Initial Publication Legal Notice and Terms of Use

0
Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected: MELSOFT Update Manager SW1DND-UDM-M >=1.000A|<=1.014Q (CVE-2025-53816, CVE-2025-53817, CVE-2025-55188, CVE-2025-11001) CVSS Vendor Equipment Vulnerabilities v3 8.8 Mitsubishi Electric Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Heap-based Buffer Overflow, NULL Pointer Dereference, Improper Link Resolution Before File Access ('Link Following'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2025-53816 A heap-based buffer overflow vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a buffer overflow that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.co.jp/fa/download/index.html Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability. Mitigation For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Relevant CWE: CWE-122 Heap-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 4.0 5.1 MEDIUM CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-53817 A NULL pointer dereference vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a NULL pointer dereference that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.co.jp/fa/download/index.html Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability. Mitigation For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 4.0 5.1 MEDIUM CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-55188 A link following vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to tamper with or destroy information by convincing a legitimate user to decompress a specially crafted archive file using the affected product. If the tampered or destroyed files are required for PC operation, the affected PC may enter a denial-of-service condition. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.co.jp/fa/download/index.html Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability. Mitigation For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Relevant CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H 4.0 6.9 MEDIUM CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H CVE-2025-11001 A path traversal vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to execute arbitrary code by decompressing a specially crafted archive file using the affected product. As a result, the affected product may be impacted in ways such as information theft, information tampering, a denial-of-service condition, or other impacts. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.co.jp/fa/download/index.html Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf". https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability. Mitigation For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability. Mitigation For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Acknowledgments Mitsubishi Electric reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. Revision History Initial Release Date: 2026-06-30 Date Revision Summary 2026-06-30 1 Initial Republication of Mitsubishi Electric 2026-004 Legal Notice and Terms of Use

0
StoneFly Storage Concentrator

View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions of StoneFly Storage Concentrator are affected: Storage Concentrator <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator Virtual Machine <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator <8.0.4.26 (CVE-2026-50110) Storage Concentrator Virtual Machine <8.0.4.26 (CVE-2026-50110) Storage Concentrator <8.0.4.29 (CVE-2026-56413) Storage Concentrator Virtual Machine <8.0.4.29 (CVE-2026-56413) CVSS Vendor Equipment Vulnerabilities v3 10 StoneFly StoneFly Storage Concentrator Use of Hard-coded Credentials, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Defense Industrial Base, Energy, Financial Services, Healthcare and Public Health, Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-50110 Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems. View CVE Details Affected Products StoneFly Storage Concentrator Vendor: StoneFly Product Version: StoneFly Storage Concentrator: <8.0.4.26, StoneFly Storage Concentrator Virtual Machine: <8.0.4.26 Product Status: known_affected Remediations Vendor fix StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities. Mitigation For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/. https://stonefly.com/contact-us/ Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.2 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 4.0 9.3 CRITICAL CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L CVE-2026-56413 Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges. View CVE Details Affected Products StoneFly Storage Concentrator Vendor: StoneFly Product Version: StoneFly Storage Concentrator: <8.0.4.29, StoneFly Storage Concentrator Virtual Machine: <8.0.4.29 Product Status: known_affected Remediations Vendor fix StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities. Mitigation For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/. https://stonefly.com/contact-us/ Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 10 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 4.0 10 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L CVE-2026-56415 Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system. View CVE Details Affected Products StoneFly Storage Concentrator Vendor: StoneFly Product Version: StoneFly Storage Concentrator: <8.0.4.22, StoneFly Storage Concentrator Virtual Machine: <8.0.4.22 Product Status: known_affected Remediations Vendor fix StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities. Mitigation For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/. https://stonefly.com/contact-us/ Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 10 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 4.0 10 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L CVE-2026-55721 Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys. View CVE Details Affected Products StoneFly Storage Concentrator Vendor: StoneFly Product Version: StoneFly Storage Concentrator: <8.0.4.22, StoneFly Storage Concentrator Virtual Machine: <8.0.4.22 Product Status: known_affected Remediations Vendor fix StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities. Mitigation For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/. https://stonefly.com/contact-us/ Relevant CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.3 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 4.0 9.2 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N CVE-2026-50040 Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting (XSS) due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim. View CVE Details Affected Products StoneFly Storage Concentrator Vendor: StoneFly Product Version: StoneFly Storage Concentrator: <8.0.4.22, StoneFly Storage Concentrator Virtual Machine: <8.0.4.22 Product Status: known_affected Remediations Vendor fix StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities. Mitigation For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/. https://stonefly.com/contact-us/ Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 4.0 5.1 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N Acknowledgments David Yesland of Rhino Security Labs reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-30 Date Revision Summary 2026-06-30 1 Initial Publication Legal Notice and Terms of Use

0
Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. View CVE Details Affected Products Frangoteam FUXA SCADA/HMI Vendor: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1.3.1 Product Status: known_affected Remediations Mitigation Frangoteam recommends users apply the latest version of FUXA 1.3.2 or later https://github.com/frangoteam/FUXA/releases. https://github.com/frangoteam/FUXA/releases Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Joshua Hayes of Cited Relevance LLC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-30 Date Revision Summary 2026-06-30 1 Initial Publication Legal Notice and Terms of Use

0
Delta Electronics DVP12SE PLC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. The following versions of Delta Electronics DVP12SE PLC are affected: DVP12SE PLC vers:all/* (CVE-2026-12819, CVE-2026-12818) CVSS Vendor Equipment Vulnerabilities v3 9.8 Delta Electronics Delta Electronics DVP12SE PLC Missing Authentication for Critical Function, Allocation of Resources Without Limits or Throttling Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12819 The Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. The device accepts Modbus commands from any reachable network source without requiring credentials, privilege validation, or operator approval, allowing unauthorized read and write access to coils, holding registers, operational memory, relay states, and process control functions. View CVE Details Affected Products Delta Electronics DVP12SE PLC Vendor: Delta Electronics Product Version: Delta Electronics DVP12SE PLC: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of these vulnerabilities and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Enable the IP Filter feature: Configure and enable the PLC's built-in IP Filter function via the programming software. Restrict access exclusively to the IP addresses of trusted devices (such as designated HMI panels or SCADA hosts) to block unauthorized network access.Set up PLC password protection: Enable password protection for the PLC within the programming software to ensure the device's core control logic and parameters cannot be easily downloaded, overwritten, or tampered with.Implement network isolation and firewall protection: Deploy the PLC within an independent local area network (OT control network) secured by a firewall. Never connect the device directly to the office network or the Internet. If remote access is required, enforce the use of a secure, authorized VPN tunnel. Mitigation For more information refer to Delta Electronic's advisory page https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory. https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-12818 Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. A remote attacker could exploit this vulnerability by flooding the Modbus port (TCP/502) with a continuous stream of raw network packets or specially crafted and malformed packets. View CVE Details Affected Products Delta Electronics DVP12SE PLC Vendor: Delta Electronics Product Version: Delta Electronics DVP12SE PLC: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of these vulnerabilities and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Enable the IP Filter feature: Configure and enable the PLC's built-in IP Filter function via the programming software. Restrict access exclusively to the IP addresses of trusted devices (such as designated HMI panels or SCADA hosts) to block unauthorized network access.Set up PLC password protection: Enable password protection for the PLC within the programming software to ensure the device's core control logic and parameters cannot be easily downloaded, overwritten, or tampered with.Implement network isolation and firewall protection: Deploy the PLC within an independent local area network (OT control network) secured by a firewall. Never connect the device directly to the office network or the Internet. If remote access is required, enforce the use of a secure, authorized VPN tunnel. Mitigation For more information refer to Delta Electronic's advisory page https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory. https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Adm Bin Harbi (0xnoag) - Corvo Security reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-30 Date Revision Summary 2026-06-30 1 Initial Publication Legal Notice and Terms of Use

0
SEC wins $5.4M judgment in NanoBit crypto fraud case

The SEC alleged that NanoBit’s crypto trading platform was fake and that hundreds of thousands of dollars in investor funds were misappropriated.

0
Nissan discloses employee data breach linked to Oracle zero-day attacks

Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]

0
NAIC says public data stolen in ShinyHunters' PeopleSoft breach

The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. [...]

0
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.

0
FBI: Russian hackers now target Signal backup recovery keys

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]

0
Cybersecurity firms targeted by fraudulent OpenAI organization invites

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. [...]

0
Russian Intelligence Services Continue to Target Commercial Messaging Applications

CISA and the Federal Bureau of Investigation (FBI) issued an updated Public Service Announcement (PSA) warning of Russian Intelligence Services (RIS) cyber threat actors targeting commercial messaging applications in ongoing phishing campaigns. This PSA is an update to the March 2026 Russian Intelligence Services Target Commercial Messaging Application Accounts and provides recent tactics, recommended mitigations, and samples of phishing messages.

0
Polymarket hit by $2.9M theft, users to be refunded

Polymarket said it contained the compromise and removed the affected dependency after attackers injected a malicious script into its frontend.

0
Poland busts SIM-swapping gang tied to millions in crypto theft

Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. [...]

0
Polymarket says hackers stole users’ funds

The prediction market giant Polymarket said it's refunding users who had funds stolen due to a third-party breach.

0
Order-tracking app Shop abused to push callback phishing attacks

Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software. [...]

0
Local Police Collusion Hampers Crackdown on Asian Scam Centers

With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.

0
Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats

Market research company Klue told customers that it believes the hacking group that stole their data is now deleting it. The company, however, warned about a second group of hackers wanting ransom.

0
Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft. [...]

0
The Four Elevations of Effective Fraud Prevention

Fraudsters don't attack just one transaction. They target accounts, platforms, and entire ecosystems. IPQS explains the four elevations of fraud prevention and why broader visibility improves fraud detection. [...]

0
Delta Electronics DTM Soft

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The following versions of Delta Electronics DTM Soft are affected: DTMSoft vers:all/*  CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DTM Soft Deserialization of Untrusted Data Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12578 The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. View CVE Details Affected Products Delta Electronics DTM Soft Vendor: Delta Electronics Product Version: Delta Electronics DTMSoft: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of the vulnerability and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it. Mitigation Avoid running as administrator: Do not use the "Run as Administrator" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code. Mitigation For more information refer to Delta Electronic's advisory page https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory Relevant CWE: CWE-502 Deserialization of Untrusted Data Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments kimiya of TrendAI Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-06-25 Date Revision Summary 2026-06-25 1 Initial Republication pf Delta-PCSA-2026-00010_DT Legal Notice and Terms of Use

0
OHIF Viewers DICOM

View CSAF Summary Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. The following versions of OHIF Viewers DICOM are affected: OHIF DICOM Web Viewer Framework <=v3.12.0 CVSS Vendor Equipment Vulnerabilities v3 8.2 Open Health Imaging Foundation (OHIF) OHIF Viewers DICOM Server-Side Request Forgery (SSRF) Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12473 Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted. View CVE Details Affected Products OHIF Viewers DICOM Vendor: Open Health Imaging Foundation (OHIF) Product Version: Open Health Imaging Foundation (OHIF) OHIF DICOM Web Viewer Framework: <=v3.12.0 Product Status: known_affected Remediations Mitigation The maintainer has fixed the reported vulnerability and released version 3.12.2 (2026-05-18). The fix is located at OHIF/Viewers#5985 (master), OHIF/Viewers#5978 (release/3.12). Mitigation Users are recommended to upgrade to v3.12.2 or later. Operators who need dicomwebproxy or dicomjson in authenticated deployments must additionally configure the new dangerouslyAllowedOriginsForAuthenticatedEnvironments allowlist in app-config.js. Mitigation Users running OHIF with authentication should remove ALL unused DicomWebProxyDataSource and DicomJSONDataSource configurations from the configuration file they are deploying with. Relevant CWE: CWE-918 Server-Side Request Forgery (SSRF) Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 4.0 8.3 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N Acknowledgments Simon Weber and Volker Schönefeld of Machine Spirits UG reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-25 Date Revision Summary 2026-06-25 1 Initial Publication Legal Notice and Terms of Use

0
H.VIEW HV-500S6 IP Camera

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device. The following versions of H.VIEW HV-500S6 IP Camera are affected: H.VIEW HV-500S6 IP Camera IPCAM_V4.06.88.251229  CVSS Vendor Equipment Vulnerabilities v3 7.2 H.VIEW H.VIEW HV-500S6 IP Camera Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Unrestricted Upload of File with Dangerous Type Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation. View CVE Details Affected Products H.VIEW HV-500S6 IP Camera Vendor: H.VIEW Product Version: H.VIEW H.VIEW HV-500S6 IP Camera: IPCAM_V4.06.88.251229 Product Status: known_affected Remediations Mitigation H.View did not respond to CISA's request to coordinate. Users are encouraged to reach out to H.View for support. https://hviewsmart.com/pages/contact-us https://hviewsmart.com/pages/contact-us Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 4.0 8.6 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot. View CVE Details Affected Products H.VIEW HV-500S6 IP Camera Vendor: H.VIEW Product Version: H.VIEW H.VIEW HV-500S6 IP Camera: IPCAM_V4.06.88.251229 Product Status: known_affected Remediations Mitigation H.View did not respond to CISA's request to coordinate. Users are encouraged to reach out to H.View for support. https://hviewsmart.com/pages/contact-us https://hviewsmart.com/pages/contact-us Relevant CWE: CWE-434 Unrestricted Upload of File with Dangerous Type Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 4.0 8.6 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Fukuhara Rikuto of Smooth Inc. (CTO) and Hosei University reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-25 Date Revision Summary 2026-06-25 1 Initial Publication Legal Notice and Terms of Use

0
Horner Automation Cscape

View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code. The following versions of Horner Automation Cscape are affected: Cscape <10.2_SP3  CVSS Vendor Equipment Vulnerabilities v3 7.8 Horner Automation Horner Automation Cscape Out-of-bounds Read Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12897 Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. View CVE Details Affected Products Horner Automation Cscape Vendor: Horner Automation Product Version: Horner Automation Cscape: <10.2_SP3 Product Status: known_affected Remediations Vendor fix Horner Automation has released Cscape 10.2 SP3 for users to download. Vendor fix For more information, see the Cscape 10.2 SP3 release notes (https://hornerautomation.com/cscape-software-free/cscape-software/). https://hornerautomation.com/cscape-software-free/cscape-software/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Michael Heinzl reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-06-25 Date Revision Summary 2026-06-25 1 Initial Publication Legal Notice and Terms of Use

0
This new tracking label could help solve cargo theft

The Samsara Tracking Label hides a BLE system that can offer real-time location in a disposable package.

0
Healthtech firm Xolis suffers data breach impacting 1.4 million people

Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. [...]

0
Webinar: Why email security teams are drowning in alerts

Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency. [...]

0
ABB Freelance Security Lock

View CSAF Summary Successful exploitation of this vulnerability could allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. The following versions of ABB Freelance Security Lock are affected: ABB System Version (<=Freelance 2013) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2013 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2016) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2016 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2019) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2019 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2019 SP1 FP1) installed with ABB Freelance Security Lock(All versions) vers:all/*  ABB System Version (Freelance 2024) installed with ABB Freelance Security Lock(All versions) vers:all/*  CVSS Vendor Equipment Vulnerabilities v3 6.6 ABB ABB Freelance Security Lock Authentication Bypass by Primary Weakness Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-7064 An attacker is able to attack Freelance user management when Security Lock is enabled. The precondition is that the attacker bypasses Freelance Operations which blocks access to the Windows operating system. This bypass can be achieved via undocumented or special key combinations available on modern keyboards. These combinations may allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. View CVE Details Affected Products ABB Freelance Security Lock Vendor: ABB Product Version: ABB ABB System Version (<=Freelance 2013) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2013 SP1) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2016) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2016 SP1) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2019) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2019 SP1) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2019 SP1 FP1) installed with ABB Freelance Security Lock(All versions): vers:all/*, ABB ABB System Version (Freelance 2024) installed with ABB Freelance Security Lock(All versions): vers:all/* Product Status: known_affected Remediations Mitigation For more information see the associated ABB PSIRT security advisory 7PAA020361 PDF Version (https://search.abb.com/library/Download.aspx?DocumentID=7PAA020361&LanguageCode=en&DocumentPartId=&Action=Launch), CSAF Version (https://psirt.abb.com/csaf/2026/7paa020361.json). https://search.abb.com/library/Download.aspx?DocumentID=7PAA020361&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 7PAA020361 PDF Version (https://search.abb.com/library/Download.aspx?DocumentID=7PAA020361&LanguageCode=en&DocumentPartId=&Action=Launch)  CSAF Version (https://psirt.abb.com/csaf/2026/7paa020361.json). https://psirt.abb.com/csaf/2026/7paa020361.json Relevant CWE: CWE-305 Authentication Bypass by Primary Weakness Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Acknowledgments Gergely Regweld Szini reported this vulnerability to ABB Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-06-10 Date Revision Summary 2026-06-10 1 Initial Publication 2026-06-23 2 Initial Republication of ABB PSIRT 7PAA020361 Legal Notice and Terms of Use

0
Binance’s Yi He warns of alleged impersonation scam, CoinUp denies ties

Binance co-founder Yi He warns of an alleged impersonator referred to as “Zhu Pan” in Chinese-language posts as CoinUp distances itself from the individual.

0
WhatsApp phishing attack uses fake business docs to hack PCs

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]

0
JaredFromSubway MEV bot hacked in $15 million crypto theft

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]

0
He Thought He Was Secure; His Phone Number Got Stolen Anyway

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.

0
A Glimpse into the “Search Your Target” Market for Stolen Credentials

Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts. [...]

0
Klue hack results in data breach at several cybersecurity firms

Huntress, HackerOne, Jamf, Recorded Future, and Tanium are among the cybersecurity companies that had data stolen following an earlier breach at market research firm Klue.

0
Philippine SEC signals readiness for RWA tokenization

Philippine SEC Commissioner Rogelio Quevedo told Cointelegraph that tokenized assets could give Filipinos more legitimate investment options while helping steer them away from scams.

0
Webinar: How attackers bypass MFA and how defenders can respond

Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...]

0
Microsoft warns users of 'Crypto Clipper' malware spread via USB drives

The malware blends data theft with remote code execution, “turning a financially motivated stealer into a lightweight backdoor,” Microsoft said.

0
Nintendo confirms data stolen in WebMD subsidiary cyberattack

Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...]

0
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].

0
Salesforce Data Thefts Continue via Klue App Compromise

Klue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.

0
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks

Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...]

0
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.   To defend against this malicious cyber activity, CISA urges impacted Fortinet customers with FortiGate appliances and associated secure sockets layer (SSL) VPN gateways to immediately: Terminate sessions and reset credentials. Terminate all active SSL VPN and administrative sessions. Reset all Fortinet VPN and administrative passwords, especially on internet-facing systems, and enforce strong password policies. Ensure secure credential storage. Confirm your organization’s use of the Password-Based Key Derivation Function 2 (PBKDF2) algorithm to store administrator credentials and remove weaker legacy hashes per Fortinet’s guidance (see, Fortinet's Technical Tip: Enforcing PBKDF2 as hash function for administrator accounts in FortiOS v7.2.11 and later).   Review logs. Review firewall, VPN, authentication, and domain controller logs for lateral movement, unusual access, suspicious accounts, or unauthorized configuration changes. Enable phishing-resistant multifactor authentication (MFA). Require phishing-resistant MFA on all remote access and administrative accounts and ensure it is enforced on all external gateways and administrative interfaces. Reduce the attack surface and lock down management access. Ensure the administration of your firewall is inaccessible from the public internet; restrict Fortinet management interfaces to trusted internal networks; and remove or disable any unauthorized or unnecessary accounts. See the following resources to determine your organization’s potential impact and find additional guidance on the credentials compromised: Tech Times: Fortinet FortiGate Credential Leak Hits 73,932 Firewalls: Half the Internet-Facing Fleet   SOCRadar: FortiBleed: The Compromise of 80,000+ Fortinet Firewalls Hudson Rock: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure Arctic Wolf: Active FortiBleed Campaign Impacting Fortinet Devices Across 194 Countries Fortinet: Attacks at the Speed of AI Disclaimer The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.

0
Schneider Electric EasyLogic T150 and Saitel DP

View CSAF Summary Successful exploitation this vulnerability could allow an attacker to gain unauthorized access to sensitive files The following versions of Schneider Electric EasyLogic T150 and Saitel DP are affected: Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Firmware installed on Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller (All versions) vers:semver/<=11.06.31 (CVE-2026-6865) Schneider Electric Saitel DP Remote Terminal Unit & Controller Firmware installed on Schneider Electric Saitel DP Remote Terminal Unit & Controller (All versions) vers:semver/<=11.06.36 (CVE-2026-6865) CVSS Vendor Equipment Vulnerabilities v3 7.1 Schneider Electric Schneider Electric EasyLogic T150 and Saitel DP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Energy, Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-6865 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing. View CVE Details Affected Products Schneider Electric EasyLogic T150 and Saitel DP Vendor: Schneider Electric Product Version: Schneider Electric Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Firmware installed on Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller (All versions): vers:semver/<=11.06.31, Schneider Electric Schneider Electric Saitel DP Remote Terminal Unit & Controller Firmware installed on Schneider Electric Saitel DP Remote Terminal Unit & Controller (All versions): vers:semver/<=11.06.36 Product Status: known_affected Remediations Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Firmware (vers:semver/<=11.06.31) installed on Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller (All versions): Version 11.06.32 of EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller includes a fix for this vulnerability and is available for download here: Mitigation Contact Schneider Electric's Customer Care Center to download this firmware. Reboot needed: Yes Mitigation Schneider Electric Saitel DP Remote Terminal Unit & Controller Firmware (vers:semver/<=11.06.36) installed on Schneider Electric Saitel DP Remote Terminal Unit & Controller (All versions): Version 11.06.37 of Saitel DP Remote Terminal Unit & Controller includes a fix for this vulnerability and is available for download here: Mitigation Contact Schneider Electric's Customer Care Center to download this firmware. Reboot needed: Yes Mitigation All affected products: If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Ensure strict credential controls, even for low privilege users. Mitigation Ensure isolation and credentials are in place, as per the product's security recommendations. Mitigation The following product versions have been fixed: Firmware Version 11.06.32 installed on EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller are fixed versions for CVE-2026-6865 Mitigation Firmware Version 11.06.37 installed on Saitel DP Remote Terminal Unit & Controller are fixed versions for CVE-2026-6865 Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-132-03 Improper Limitation of a Pathname to a Restricted Directory vulnerability on Remote Terminal Unit and Controller Products - SEVD-2026-132-03 PDF Version, Improper Limitation of a Pathname to a Restricted Directory vulnerability on Remote Terminal Unit and Controller Products - SEVD-2026-132-03 CSAF Version. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-03.pdf Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-132-03 Improper Limitation of a Pathname to a Restricted Directory vulnerability on Remote Terminal Unit and Controller Products - SEVD-2026-132-03 PDF Version, Improper Limitation of a Pathname to a Restricted Directory vulnerability on Remote Terminal Unit and Controller Products - SEVD-2026-132-03 CSAF Version. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-132-03.json Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 4.0 7.1 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Acknowledgments Schneider Electric reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Initial Publication 2026-06-18 2 Initial Republication of Schneider Electric CPCERT SEVD-2026-132-03 Legal Notice and Terms of Use

0
AVer PTC cameras

View CSAF Summary Successful exploitation of this vulnerability could allow arbitrary code execution. The following versions of AVer PTC cameras are affected: PTC500S vers:all/* (CVE-2026-40624) PTC115 vers:all/* (CVE-2026-40624) PTC500+ vers:all/* (CVE-2026-40624) PTC115+ vers:all/* (CVE-2026-40624) CVSS Vendor Equipment Vulnerabilities v3 9.8 AVer AVer PTC cameras Files or Directories Accessible to External Parties Background Critical Infrastructure Sectors: Government Services and Facilities, Commercial Facilities, Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-40624 Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. View CVE Details Affected Products AVer PTC cameras Vendor: AVer Product Version: AVer PTC500S: vers:all/*, AVer PTC115: vers:all/*, AVer PTC500+: vers:all/*, AVer PTC115+: vers:all/* Product Status: known_affected Remediations Mitigation AVer has provided a firmware fix to address this vulnerability; users can find it at the following location: (https://presentation.aver.com/DownloadFile.aspx?n=6617|1C01A887-7CDC-4C96-AD9A-11D53DE1AD71&t=ServiceDownload). https://presentation.aver.com/DownloadFile.aspx?n=6617%7C1C01A887-7CDC-4C96-AD9A-11D53DE1AD71&t=ServiceDownload Relevant CWE: CWE-552 Files or Directories Accessible to External Parties Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments fj016 reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-18 Date Revision Summary 2026-06-18 1 Initial Publication Legal Notice and Terms of Use

0
Rockwell Automation FactoryTalk Historian Site Edition

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Automation FactoryTalk Historian Site Edition Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Uncaught Exception Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2025-13036 An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token. View CVE Details Affected Products Rockwell Automation FactoryTalk Historian Site Edition Vendor: Rockwell Automation Product Version: Rockwell Automation FactoryTalk Historian SE: 11 Product Status: known_affected Remediations Mitigation Rockwell Automation recommends the following: Mitigations and Workarounds for CVE-2025-13036: Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use our security best practices and consider applying the available patch (BF32850) for their current version (https://support.rockwellautomation.com/app/answers/answer_view/a_id/1157978/loc/en_US). https://support.rockwellautomation.com/app/answers/answer_view/a_id/1157978/loc/en_US Mitigation For more information, see Rockwell Automation Security Advisory SD1773 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html) https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html Relevant CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 4.0 9.2 CRITICAL CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2025-44019 AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. Depending on the timing of the crash, data present in snapshots/write cache may be lost. View CVE Details Affected Products Rockwell Automation FactoryTalk Historian Site Edition Vendor: Rockwell Automation Product Version: Rockwell Automation FactoryTalk Historian SE: <=11.00 Product Status: known_affected Remediations Mitigation For more information, see Rockwell Automation Security Advisory SD1773 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html) https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html Relevant CWE: CWE-248 Uncaught Exception Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 4.0 7.1 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-36539 AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. View CVE Details Affected Products Rockwell Automation FactoryTalk Historian Site Edition Vendor: Rockwell Automation Product Version: Rockwell Automation FactoryTalk Historian SE: <=11.00 Product Status: known_affected Remediations Mitigation Mitigations and Workarounds for CVE-2025-36539 & CVE-2025-44109: Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use our security best practices and also consider the following: Monitor liveness of PI Network Manager and PI Archive Subsystem services. Set the PI Network Manager and PI Archive Subsystem services to automatically restart. Limit port 5450 access to trusted workstations and software. For a list of PI System firewall port requirements, see knowledge base article KB01162 - Firewall Port Requirements. For a starting point on PI system security best practices, see knowledge base article KB00833 - Best practices for securing your PI Server. Mitigation For more information, see Rockwell Automation Security Advisory SD1773 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html) https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html Relevant CWE: CWE-248 Uncaught Exception Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 4.0 7.1 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Acknowledgments Rockwell Automation reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-18 Date Revision Summary 2026-06-18 1 Initial Republication of Rockwell Automation Security Advisory SD1773 Legal Notice and Terms of Use

0
AzeoTech DAQFactory

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. The following versions of AzeoTech DAQFactory are affected: DAQFactory <=21.1 (CVE-2026-12390) CVSS Vendor Equipment Vulnerabilities v3 7.8 AzeoTech AzeoTech DAQFactory Access of Resource Using Incompatible Type ('Type Confusion') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12390 In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution. View CVE Details Affected Products AzeoTech DAQFactory Vendor: AzeoTech Product Version: AzeoTech DAQFactory: <=21.1 Product Status: known_affected Remediations Mitigation Users are discouraged from using documents from unknown/untrusted sources. Mitigation Users are encouraged to store .ctl files in a folder only writeable by admin-level users. Mitigation Users are encouraged to operate in "Safe Mode" when loading documents that have been out of their control. Mitigation Users are encouraged to apply a document editing password to their documents. Relevant CWE: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Rocco Calvi (@TecR0c) of TecSecurity reported this vulnerability to CISA rgod of TrendAI Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-06-18 Date Revision Summary 2026-06-18 1 Initial Publication Legal Notice and Terms of Use

0
G7 calls for joint action on North Korean crypto theft, cybercrime

G7 leaders broadened their warning over North Korean crypto theft to include wider cybercrime as researchers link DPRK-affiliated actors to billions of dollars in stolen digital assets.

0
Florida man pleads guilty for promoting $1.8B ‘HyperFund’ crypto fraud

Rodney “Bitcoin Rodney” Burton faces a maximum sentence of five years in federal prison for conspiracy to operate an unlicensed money transmitting business.

0
FTC lawsuit reveals how subscription scam networks evade app store enforcement

A new FTC lawsuit reveals how sophisticated subscription app operators can allegedly use shell companies and payment infrastructure to stay active on app stores despite mounting consumer complaints.

0
Why Account Takeovers Are Rising and How to Stop Them

Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. [...]

0
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence

The emerging malware, spread via fake TikTok and Chrome downloads, has evolved by combining banking fraud with extensive device surveillance and remote control.

0
India orders temporary ban on Telegram over exam fraud concerns

The restrictions include a nationwide ban on Telegram until June 22 and a requirement to disable the app's message-editing feature.

0
FTC warns of record $3.5 billion losses to imposter scams in 2025

The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. [...]

0
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP are affected: CompactLogix 5370 <=34.016 (CVE-2026-11317) Compact GuardLogix 5370 <=35.015 (CVE-2026-11317) ControlLogix 5570 <=35.015 (CVE-2026-11317) GuardLogix 5570 36.012 (CVE-2026-11317) CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP Improper Resource Shutdown or Release Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-11317 A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover. View CVE Details Affected Products Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP Vendor: Rockwell Automation Product Version: Rockwell Automation CompactLogix 5370: <=34.016, Rockwell Automation Compact GuardLogix 5370: <=35.015, Rockwell Automation ControlLogix 5570: <=35.015, Rockwell Automation GuardLogix 5570: 36.012 Product Status: known_affected Remediations Vendor fix Rockwell Automation recommends users to update to the following versions: CompactLogix 5370: Versions 34.016 and later Vendor fix Compact GuardLogix 5370: Versions 35.015 and later Vendor fix ControlLogix 5570: Versions 36.012 and later Vendor fix GuardLogix 5570: Versions 37.011 and later Mitigation For more information, see Rockwell Automation Security Advisory SD1772 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html) https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html Relevant CWE: CWE-404 Improper Resource Shutdown or Release Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Acknowledgments Rockwell Automation reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-16 Date Revision Summary 2026-06-16 1 Initial Republication of Rockwell Automation Security Advisory SD1772 Legal Notice and Terms of Use

0
Rockwell Automation RSLinx

View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The following versions of RSLinx Classic Third-Party Vulnerability are affected: RSLinx Classic <=4.50.00 (CVE-2020-13573) CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation RSLinx Classic Third-Party Vulnerability Out-of-bounds Read Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2020-13573 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. View CVE Details Affected Products RSLinx Classic Third-Party Vulnerability Vendor: Rockwell Automation Product Version: Rockwell Automation RSLinx Classic: <=4.50.00 Product Status: known_affected Remediations Mitigation Rockwell Automation recommends that customers using the affected software should upgrade to version 4.60.00 or later. Customers who are not able to upgrade to one of the corrected versions, should consider applying the available patch (BF31213) for their current version or applying the recommended security best practices. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1774.html Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Acknowledgments Rockwell Automation reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-16 Date Revision Summary 2026-06-16 1 Initial Republication of Rockwell Automation Advisory SD1774 Legal Notice and Terms of Use

0
Rockwell Automation FLEX I/O EtherNet/IP Adapters

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of Rockwell Automation FLEX I/O EtherNet/IP Adapters are affected: 1794-AENTR V2.012 (CVE-2026-0646, CVE-2026-0647) 1794-AENTRXT V2.012 (CVE-2026-0646, CVE-2026-0647) CVSS Vendor Equipment Vulnerabilities v3 9.4 Rockwell Automation Rockwell Automation FLEX I/O EtherNet/IP Adapters Missing Release of Memory after Effective Lifetime, Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-0646 A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover. View CVE Details Affected Products Rockwell Automation FLEX I/O EtherNet/IP Adapters Vendor: Rockwell Automation Product Version: Rockwell Automation 1794-AENTR: V2.012, Rockwell Automation 1794-AENTRXT: V2.012 Product Status: known_affected Remediations Mitigation Rockwell Automation recommends users update to 2.013 to resolve these vulnerabilities. Mitigation For more information, please visit Rockwell Automation's SD1775 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-0647 An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device's embedded web server's availability. View CVE Details Affected Products Rockwell Automation FLEX I/O EtherNet/IP Adapters Vendor: Rockwell Automation Product Version: Rockwell Automation 1794-AENTR: V2.012, Rockwell Automation 1794-AENTRXT: V2.012 Product Status: known_affected Remediations Mitigation Rockwell Automation recommends users update to 2.013 to resolve these vulnerabilities. Mitigation For more information, please visit Rockwell Automation's SD1775 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 4.0 8.8 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Rockwell Automation reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-16 Date Revision Summary 2026-06-16 1 Initial Republication of Rockwell Automation Security Advisory SD1775 Legal Notice and Terms of Use

0
Rockwell Automation CompactLogix

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are affected: CompactLogix 5370 L1 CompactLogix 5370 L2 CompactLogix 5370 L3 CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation CompactLogix Improper Validation of Integrity Check Value, Exposure of Sensitive System Information to an Unauthorized Control Sphere Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2025-11694 A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID's visible on the web interface to perform denial-of-service attacks, resulting in a minor fault. View CVE Details Affected Products Rockwell Automation CompactLogix Vendor: Rockwell Automation Product Version: Rockwell Automation CompactLogix 5370 L1: <V38.011, Rockwell Automation CompactLogix 5370 L2: <V38.011, Rockwell Automation CompactLogix 5370 L3: <V38.011 Product Status: known_affected Remediations Mitigation Rockwell Automation recommends users update to V38.011 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=55023,55024,55025,55026,55027,55061 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=55023,55024,55025,55026,55027,55061 Mitigation For more information, please visit Rockwell Automations SD1776 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html Relevant CWE: CWE-354 Improper Validation of Integrity Check Value Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-9307 A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service. View CVE Details Affected Products Rockwell Automation CompactLogix Vendor: Rockwell Automation Product Version: Rockwell Automation CompactLogix 5370 L1: <V38.011, Rockwell Automation CompactLogix 5370 L2: <V38.011, Rockwell Automation CompactLogix 5370 L3: <V38.011 Product Status: known_affected Remediations Mitigation Rockwell Automation recommends users update to V38.011 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=55023,55024,55025,55026,55027,55061 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=55023,55024,55025,55026,55027,55061 Mitigation For more information, please visit Rockwell Automations SD1776 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html Relevant CWE: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.0 6.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Tyler Lentz of Idaho National Laboratory reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-16 Date Revision Summary 2026-06-16 1 Initial Republication of Rockwell Automation Security Advisory SD1776 Legal Notice and Terms of Use

0
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.

0
FBI: Fraudsters use couriers to steal money in crypto scams

The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. [...]

0
New attack turned Microsoft 365 Copilot into 1-click data theft tool

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]

0
Infinite Campus data breach affects 137,000 school staff accounts

The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]

0
Webinar: How behavioral AI stops phishing and account takeovers

Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. [...]

0
FBI disrupts massive AI-powered phishing service using a million URLs

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...]

0
Maine disables data breach notification portal after fake disclosures

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]

0
Google sues alleged Chinese cybercrime operation that used AI to send scam texts

The tech giant said a group called "Outsider Enterprise" used AI to scam hundreds of thousands of victims, sending 2.5 million text messages over a span of two weeks.

0
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]

0
Crypto scammers exploit World Cup ticket demand, TRM warns

FIFA and the FBI warned of ticket scams as TRM Labs identified World Cup-themed crypto fraud operations tied to multiple wallet addresses.

0
Phishing Attack Volume Down 20%, But Risk Still Rising

Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them.

0
Maine breach portal abused to publish fake data breach disclosures

In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]

0
SpaceX SPV investors won’t know their true holdings until post-IPO lock-ups lift

After SpaceX makes its public debut, lower-tier SPV investors face hidden fees, lengthy payout delays, and the risk of outright fraud.

0
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]

0
Yarbo Android/iOS Mobile Application and Cloud Infrastructure

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to the robot fleet. The following versions of Yarbo Android/iOS Mobile Application and Cloud Infrastructure are affected: Yarbo Android/IOS mobile application Cloud MQTT infrastructure vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.8 Yarbo Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials, Missing Authorization Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2026-10557 The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers carrying real-time telemetry for the entire global Yarbo robot fleet. They allow both wildcard subscription to all robot telemetry topics and publishing to any robot's command topic using only the robot's serial number.. View CVE Details Affected Products Yarbo Android/iOS Mobile Application and Cloud Infrastructure Vendor: Yarbo Product Version: Yarbo Yarbo Android/IOS mobile application: <v3.17.4, Yarbo Cloud MQTT infrastructure: vers:all/* Product Status: known_affected Remediations Mitigation Yarbo recommends users update the Yarbo mobile app to 3.17.4 or later. Server-side broker authorization will be enforced automatically upon deployment of the May 2026 update. No user action is required. Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-7368 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic using only the robot's serial number (disclosed in the telemetry stream). Even after removal of hard-coded credentials from the app, a single compromised credential could still provide fleet-wide access without per-device access controls. View CVE Details Affected Products Yarbo Android/iOS Mobile Application and Cloud Infrastructure Vendor: Yarbo Product Version: Yarbo Yarbo Android/IOS mobile application: <v3.17.4, Yarbo Cloud MQTT infrastructure: vers:all/* Product Status: known_affected Remediations Mitigation Yarbo recommends users update the Yarbo mobile app to 3.17.4 or later. Server-side broker authorization will be enforced automatically upon deployment of the May 2026 update. No user action is required. Relevant CWE: CWE-862 Missing Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 4.0 8.6 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Acknowledgments Markus Lassfolk of Truesec reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-11 Date Revision Summary 2026-06-11 1 Initial Publication Legal Notice and Terms of Use

0
Naxclow IoT Platform

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. The following versions of Naxclow IoT Platform are affected: Smart Doorbell X3 vers:all/*  X Smart Home vers:all/*  V720 vers:all/*  ix cam vers:all/*  CVSS Vendor Equipment Vulnerabilities v3 9.8 Naxclow Naxclow IoT Platform Authorization Bypass Through User-Controlled Key, Missing Authorization, Not Using Password Aging, Use of Hard-coded Cryptographic Key, Generation of Predictable Numbers or Identifiers, Insertion of Sensitive Information into Externally-Accessible File or Directory Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2026-42947 A flaw in Naxclow's platform's onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can take over a device without user interaction while the device remains online and unaware. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-639 Authorization Bypass Through User-Controlled Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-50108 The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device, enabling interception and disruption of its communications. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-862 Missing Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-50101 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintain persistent access to the device's relay channel. This enables long-term impersonation or interception, even after factory resets or re-onboarding. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-262 Not Using Password Aging Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.2 CRITICAL CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-28742 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys, server-side nonce tracking, or replay protections. Combined with the system's use of plain HTTP for control-plane traffic, the construction enables broad request forgery and impersonation across the platform. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-321 Use of Hard-coded Cryptographic Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.2 CRITICAL CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-42932 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-340 Generation of Predictable Numbers or Identifiers Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.0 6.9 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-50244 The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water counter value for the batch, allowing callers to measure and enumerate the active device space. The endpoint's behavior enables precise fleet enumeration. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-862 Missing Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.0 6.9 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-50099 During WiFi association, Naxclow device firmware prints the host network's SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks. View CVE Details Affected Products Naxclow IoT Platform Vendor: Naxclow Product Version: Naxclow Smart Doorbell X3: vers:all/*, Naxclow X Smart Home: vers:all/*, Naxclow V720: vers:all/*, Naxclow ix cam: vers:all/* Product Status: known_affected Remediations Mitigation Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information. Relevant CWE: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 5.1 MEDIUM CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Temuri Takalandze reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-06-11 Date Revision Summary 2026-06-11 1 Initial Publication Legal Notice and Terms of Use

0
Brickcom Cameras

View CSAF Summary Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. The following versions of Brickcom Cameras are affected: Brickcom Cube 3.2.3.5.6 Brickcom Dome 3.2.3.5.6  Brickcom Bullet 3.2.3.5.6  Brickcom Box 3.2.3.5.6 CVSS Vendor Equipment Vulnerabilities v3 7.7 Brickcom Brickcom Cameras Missing Authentication for Critical Function, Use of Default Credentials Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Financial Services, Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-50245 The affected product allows unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed. View CVE Details Affected Products Brickcom Cameras Vendor: Brickcom Product Version: Brickcom Brickcom Cube: 3.2.3.5.6, Brickcom Brickcom Dome: 3.2.3.5.6, Brickcom Brickcom Bullet: 3.2.3.5.6, Brickcom Brickcom Box: 3.2.3.5.6 Product Status: known_affected Remediations Mitigation Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support https://www.brickcom.com/case/ https://www.brickcom.com/case/ Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 4.0 8.3 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N CVE-2026-50005 The affected product ships with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. View CVE Details Affected Products Brickcom Cameras Vendor: Brickcom Product Version: Brickcom Brickcom Cube: 3.2.3.5.6, Brickcom Brickcom Dome: 3.2.3.5.6, Brickcom Brickcom Bullet: 3.2.3.5.6, Brickcom Brickcom Box: 3.2.3.5.6 Product Status: known_affected Remediations Mitigation Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support https://www.brickcom.com/case/ https://www.brickcom.com/case/ Relevant CWE: CWE-1392 Use of Default Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 4.0 8.3 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N Acknowledgments CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. Revision History Initial Release Date: 2026-06-11 Date Revision Summary 2026-06-11 1 Initial Publication Legal Notice and Terms of Use

0
Teen crypto scammer stole $13M to splurge on private jets, Lambo

Trenton Richard Johnston was arrested in March during a traffic stop for speeding, but investigators soon found he was involved in a wider fraud scheme.

0
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]

0
The 5 Best Practices for Secure Identity Verification

Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]

0
Chainalysis, South Korean police link up to fight crypto crime

South Korea's national police has been battling crypto-enabled crimes from DPRK-state level threats to scams targeting retail investors.

0
OpenClaw AI agent found falling for phishing attacks, spills user data

Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]

0
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.

0
Humanity Protocol token falls 85% amid $30M private key exploit

The compromise of private keys belonging to a member of the Humanity Foundation has reportedly resulted in the theft of at least $30 million worth of its native token.

0
WhatsApp says it disrupted new NSO spyware phishing attacks

WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...]

0
WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order

The messaging giant announced that it disrupted a phishing campaign targeting its users with NSO’s spyware.

0
Chinese court treats Bitcoin as property in 107 BTC memory theft case

Man in eastern China who stole 107 Bitcoin using a memorized seed phrase gets 10 years and nine months behind bars.

0
Over 20,000 Instagram accounts stolen in Meta AI support hack

Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]

0
Silent Ransom Group targets law firms with fake IT support calls

The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]

0
Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person

Cybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms' offices, where the criminals have stolen data using USB drives or remote access tools.

0
What 2026 DBIR Confirms: Attacks Are Living in the Browser

Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...]

0
Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]

0
NAVTOR NavBox

View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. The following versions of NAVTOR NavBox are affected: NavBox 4.16.1.20 (CVE-2026-21404) CVSS Vendor Equipment Vulnerabilities v3 6.3 NAVTOR NAVTOR NavBox Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: Norway Vulnerabilities Expand All + CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths. View CVE Details Affected Products NAVTOR NavBox Vendor: NAVTOR Product Version: NAVTOR NavBox: 4.16.1.20 Product Status: known_affected Remediations Vendor fix NAVTOR has released a patch for NavBox in April 2026. Version 4.17.2.6 and later includes the fix. Users that have an active NavBox connection will automatically be kept up to date with the latest version. No user action required. Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 4.0 5.8 MEDIUM CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Cydome Security Ltd reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity. Revision History Initial Release Date: 2026-06-04 Date Revision Summary 2026-06-04 1 Initial Publication Legal Notice and Terms of Use

0
Coinbase freezes $3M tied to Southeast Asia crypto fraud networks

Authorities around the world have been heavily targeting scam infrastructure this year, with joint actions involving the US, UAE, China, Austria and Albania.

0
Ultrahuman says hackers accessed customers’ wellness data via internal tool

The breach at wearable ring maker Ultrahuman stemmed from credentials stolen from a malware-infected employee laptop.

0
Google adds Android protection against AI deepfake scam calls

Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. [...]

0
FBI-Flagged Phishing Kit Kali365 Expands Its Reach

Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.

0
China Uses Dual-Method Cyberattack on Czech Orgs

China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.

0
CISA and Partners Urge Hardening Automatic Tank Gauge Systems

CISA and Partners Urge Hardening Automatic Tank Gauge Systems Overview The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA)—hereafter referred to as “the authoring organizations”—are aware of malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems. ATG systems are widely used throughout the Energy, Chemical, Food and Agriculture, and Transportation Systems Sectors for automated and remote monitoring of storage tank parameters, including fuel and liquid levels, temperature, and possible leak detection. The authoring organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the internet to reduce public exposure.   Threat The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution. This fact sheet provides insight into probable tactics, techniques, and procedures (TTPs) leveraged by these cyber actors, highlights risk factors associated with such compromises, and provides mitigation guidance and resources to reduce the likelihood of continued malicious activity targeting U.S.-based ATG systems.   Cyber threat actors may exploit flaws in ATG systems through multiple attack vectors: Authentication Bypass and Hardcoded Credentials: Threat actors gain unauthorized access to device management interfaces.   OS Command Execution and Structured Query Language (SQL) Injection: Threat actors execute arbitrary code and manipulate underlying databases.   Privilege Escalation: Threat actors achieve full administrator privileges over the device application and operating system. Should a cyber threat actor exploit these vulnerabilities and compromise an ATG system, they could disrupt or manipulate the below critical functions by interfacing directly with the tank management as though they possessed legitimate physical access to the system console. The cyber threat actors could: Alter system(s) attributes, such as network settings, product identifiers, tank volumes, and pump controls; Compound operational malfunctions; components operating incorrectly could create a denial of view condition of tank fill levels, which could cause permanent damage to the tank system’s critical function; Disable system alerts, reducing an operator’s ability to detect and mitigate system issues increases the risk of environmental or physical hazards from incidents such as leaks or relay failures. Mitigations The authoring organizations recommend ATG owners immediately implement the following recommendations: Eliminate public internet exposure: Do not expose the ATG serial port (e.g., default TCP port 8001, 9001, or 10001), or other applicable web interfaces, directly to the internet. If remote access to the port is necessary, consider the following options: Restrict access: Use a firewall, access control list (ACL), or virtual private network (VPN) to restrict access. Enforce Credential Security: Change any default passwords immediately [CPG 3.A] and implement strong, unique security codes and administrative credentials for all interfaces, including the serial port. Further, implement phishing-resistant multifactor authentication wherever feasible [CPG 3.F]. If unfamiliar with these procedures, contact your ATG service provider for assistance. Apply Patches: Where possible, work with certified ATG service providers, if available, to verify compliance, update software, and apply the latest security patches from the manufacturer.   Monitor and Report: Organizations should actively monitor networks for unauthorized access. Enable logging and audit and monitor logs to identify exposures of ATG device interfaces, unauthorized connections, suspicious alarms, alarm threshold modifications, tank label changes, and other system modifications [CPG 3.Q]. Report suspected incidents promptly to the CISA portal. Engage your third-party service providers to adopt CISA, FBI, EPA, and DOE’s Primary Mitigations to Reduce Cyber Threats to Operational Technology [CPG 1.E]. Resources The authoring organizations recommend ATG owners and operators review the following resources and implement suggested mitigations, where possible, to enhance their security posture. For more information on mitigating cyber threat activity targeting internet-exposed OT and ICS, see CISA, FBI, EPA, and DOE’s Primary Mitigations to Reduce Cyber Threats to Operational Technology fact sheet. For more information on vulnerabilities affecting ATG systems, see Critical Vulnerabilities Discovered in Automated Tank Gauge Systems.1 For ways to identify and remove internet-accessible assets, see CISA’s Internet Exposure Reduction Guidance web page.   For more information about how organizations should design, secure, and manage connectivity in OT, see Secure connectivity principles for Operational Technology (OT).   Contact Information The authoring organizations recommend U.S. organizations report suspicious or criminal activity related to information provided in this fact sheet. CISA: Contact CISA’s 24/7 Operations Center via report@cisa.gov or 888-282-0870. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For more information on reporting a cyber incident, refer to CISA’s Voluntary Cyber Incident Reporting web page. FBI: File a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov. When available, include the following incident information: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting organization; and designated point of contact. EPA: Contact EPA’s Office of National Security via ONS-OC@epa.gov. DOE: Entities required to report incidents to DOE should follow established reporting requirements, as appropriate. For other energy sector inquiries, contact EnergySRMA@hq.doe.gov. Disclaimer The information in this report is being provided “as is” for informational purposes only. The authoring organizations do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favor by the authoring organizations.  Notes 1 Pedro Umbelino, “Critical Vulnerabilities Discovered in Automated Tank Gauge Systems,” Bitsight, October 11, 2023, bitsight.com/blog/critical-vulnerabilities-discovered-automated-tank-gauge-systems. Please share your thoughts! We welcome your feedback. CISA PRODUCT SURVEY

0
Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers

Hackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V.

0
Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds

The Kelp DAO exploiter laundered about $220 million worth of remaining stolen funds in a bid to make them untraceable, excluding the $71 million frozen by Arbitrum’s Security Council.

0
SEC charges Texas man with $12.3M crypto fraud using fake AI trading bots

The SEC charged Texas man Nathan Fuller with raising $12.3 million from 150 investors through a crypto fraud scheme built around fake AI trading bots.

0
Google Chrome adds session cookie theft protection for all users

Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]

0
Man sent to prison for selling data of 7 millions elderly Americans

A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]

0
BTMOB Android malware service generates custom phishing payloads

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]

0
FBI warns of fake FIFA websites running World Cup fraud schemes

The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. [...]

0
CP Plus 8 Ch. Network Video Recorder

View CSAF Summary Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with the victim's privileges, exposure or manipulation of sensitive data, and degradation of overall system integrity. The following versions of CP Plus 8 Ch. Network Video Recorder are affected: CP-UNR-108F1 Hardware V1.0 CP-UNR-108F1 Web V3.2.7.128806  CP-UNR-108F1 System V4.001.00AT009.0.R  CVSS Vendor Equipment Vulnerabilities v3 8.4 CP Plus CP Plus 8 Ch. Network Video Recorder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Emergency Services Countries/Areas Deployed: India, Nepal, United Arab Emirates, Gambia Company Headquarters Location: India Vulnerabilities Expand All + CVE-2026-6824 A stored Cross-Site Scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft. View CVE Details Affected Products CP Plus 8 Ch. Network Video Recorder Vendor: CP Plus Product Version: CP Plus CP-UNR-108F1 Hardware: V1.0, CP Plus CP-UNR-108F1 Web: V3.2.7.128806, CP Plus CP-UNR-108F1 System: V4.001.00AT009.0.R Product Status: known_affected Remediations Mitigation CP Plus recommends updating the firmware on the device to the latest firmware version. Mitigation CP-UNR-AxxxMars_PN_15_Q_00_V1.00.14.01.T.260326 which can be downloaded at https://drive.google.com/file/d/1Ctxdp55UtlrQY7CSepkImM9zFgdcuCyL/view https://drive.google.com/file/d/1Ctxdp55UtlrQY7CSepkImM9zFgdcuCyL/view Mitigation For firmware access and upgrade instructions, please contact support at: Mitigation Phone: +91-8800952952 Mitigation Email: support@cpplusworld.com mailto:support@cpplusworld.com Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H Acknowledgments Jithin Nambiar J reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-28 Date Revision Summary 2026-05-28 1 Initial Publication Legal Notice and Terms of Use

0
XCharge C6

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. The following versions of XCharge C6 are affected: C6 CVSS Vendor Equipment Vulnerabilities v3 9.8 XCharge XCharge C6 Download of Code Without Integrity Check, Stack-based Buffer Overflow, Initialization of a Resource with an Insecure Default Background Critical Infrastructure Sectors: Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-9037 A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device, View CVE Details Affected Products XCharge C6 Vendor: XCharge Product Version: XCharge C6: <May_22_2026 Product Status: known_affected Remediations Mitigation XCharge has confirmed that the update has been deployed for all affected chargers. Users with questions can reach out to XCharge Support for further details if needed. https://www.xcharge.com/contact https://www.xcharge.com/contact Relevant CWE: CWE-494 Download of Code Without Integrity Check Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-9038 A stack-based buffer overflow vulnerability in the charging controller's signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges. View CVE Details Affected Products XCharge C6 Vendor: XCharge Product Version: XCharge C6: <May_22_2026 Product Status: known_affected Remediations Mitigation XCharge has confirmed that the update has been deployed for all affected chargers. Users with questions can reach out to XCharge Support for further details if needed. https://www.xcharge.com/contact https://www.xcharge.com/contact Relevant CWE: CWE-121 Stack-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2026-9039 A configuration weakness in the device's remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access. View CVE Details Affected Products XCharge C6 Vendor: XCharge Product Version: XCharge C6: <May_22_2026 Product Status: known_affected Remediations Mitigation XCharge has confirmed that the update has been deployed for all affected chargers. Users with questions can reach out to XCharge Support for further details if needed. https://www.xcharge.com/contact https://www.xcharge.com/contact Relevant CWE: CWE-1188 Initialization of a Resource with an Insecure Default Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Acknowledgments Lionel R. Saposnik of SaiFlow reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-28 Date Revision Summary 2026-05-28 1 Initial Publication Legal Notice and Terms of Use

0
KMW CCTV Security Cameras

View CSAF Summary Successful exploitation of this vulnerability may grant full unauthorized access to camera feeds and settings. The following versions of KMW CCTV Security Cameras are affected: KM-IP521 IPCAM_V4.04.91.230307 KM-IP421 IPCAM_V4.04.53.210416  CVSS Vendor Equipment Vulnerabilities v3 9.1 KMW KMW CCTV Security Cameras Unverified Password Change Background Critical Infrastructure Sectors: Commercial Facilities, Government Services and Facilities, Critical Manufacturing, Financial Services, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: Romania Vulnerabilities Expand All + CVE-2026-5386 The affected product is vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings. View CVE Details Affected Products KMW CCTV Security Cameras Vendor: KMW Product Version: KMW KM-IP521: IPCAM_V4.04.91.230307, KMW KM-IP421: IPCAM_V4.04.53.210416 Product Status: known_affected Remediations Mitigation KMW has issued a firmware update to address this vulnerability. The firmware update can be found at https://main.kmw.ro/pub/Firmware/521_421.zip. https://main.kmw.ro/pub/Firmware/521_421.zip Vendor fix KM-IP421 - will lose the cloud authorization after this update so users will need to contact customer support to re-authorize the P2P connection. Mitigation KMW recommends connecting surveillance equipment on a separate network, allow only specific devices access to the internet, check for firmware updates regularly, and use cloud connections responsibly. Mitigation If there are any issues customers are encouraged to contact KMW directly. Relevant CWE: CWE-620 Unverified Password Change Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Acknowledgments Reporter Name(s): Souvik Kandar reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-28 Date Revision Summary 2026-05-28 1 Initial Publication Legal Notice and Terms of Use

0
FBI warns of in-person data theft attacks from extortion gang

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]

0
Charter confirms data breach after ShinyHunters extortion threat

U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]

0
Eppendorf BioFlo 320

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain full access to functionality and data with the bioreactor. The following versions of Eppendorf BioFlo 320 are affected: BioFlo 320 Bioreactor vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.8 Eppendorf Eppendorf BioFlo 320 Use of Hard-coded Password Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-7251 The affected product is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted. View CVE Details Affected Products Eppendorf BioFlo 320 Vendor: Eppendorf Product Version: Eppendorf BioFlo 320 Bioreactor: vers:all/* Product Status: known_affected Remediations Mitigation Eppendorf has released a software update that permanently removes VNC access from the controller. Users should download and apply this update from: https://www.eppendorf.com/software-downloads. https://www.eppendorf.com/software-downloads Mitigation All affected BioFlo 320 systems always shipped with Virtual Network Computing (VNC) disabled by default, and VNC can only be enabled locally at the tower. Eppendorf has removed VNC configuration information from all current documentation, so it no longer appears in BioFlo 320 Operating Manuals. Mitigation Eppendorf recommends user do the following: Verify that VNC is disabled on the controller Enable security so that only Admin and Supervisor roles can change VNC settings Install Version 5.0 Software as soon as possible Relevant CWE: CWE-259 Use of Hard-coded Password Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments BIO-ISAC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-26 Date Revision Summary 2026-05-26 1 Initial Publication Legal Notice and Terms of Use

0
Ex-Hodlnaut CEO charged with fraud over Terra exposure claims

Singapore police charge ex-Hodlnaut CEO Zhu Juntao with six counts of fraud by false representation over allegedly misleading statements on the company’s exposure to the Terra/UST crash.

0
Scammers make $400K through fake Uniswap ads on Google

A blockchain analyst has warned that malicious phishing advertisements impersonating Uniswap have appeared on Google Search, which has netted attackers at least $400,000.

0
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]

0
Former US execs plead guilty to aiding tech support scammers

Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]

0
Why Chargebacks are Just One Piece of the Fraud Puzzle

Fraud losses don't stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. [...]

0
Verus bridge exploiter returns $8.5M after bounty offer

The hacker behind the Verus bridge exploit returned 75% of the stolen funds as part of a recovery deal negotiated with the protocol days after the incident.

0
Apple blocked over $11 billion in App Store fraud in 6 years

Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transactions in 2025 alone. [...]

0
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. [...]

0
Police seize “First VPN” service used in ransomware, data theft attacks

A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. [...]

0
Scammers are abusing an internal Microsoft account to send spam links

The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts.

0
Missouri AG sues crypto ATM operator CoinFlip, alleging fraud

The lawsuit followed an investigation by Missouri authorities into several crypto ATM companies that involve allegations of “deceptive fee structures” and scams.

0
Ukraine identifies infostealer operator tied to 28,000 stolen accounts

The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. [...]

0
GitHub Confirms Breach, 4K Internal Repos Stolen

GitHub confirmed a data breach this week involving the theft of thousands of developer code repositories. One threat actor — TeamPCP — took credit.

0
Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

0
Identity Alone Isn't Enough: Why Device Security Has to Share the Load

Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. [...]

0
Exploit released for new PinTheft Arch Linux root escalation flaw

PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. [...]

0
ScadaBR

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. The following versions of ScadaBR are affected: ScadaBR 1.2.0 (CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, CVE-2026-8605) CVSS Vendor Equipment Vulnerabilities v3 9.1 ScadaBR ScadaBR Missing Authentication for Critical Function, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Cross-Site Request Forgery (CSRF), Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Critical Manufacturing, Dams, Chemical, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Brazil Vulnerabilities Expand All + CVE-2026-8602 In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings. View CVE Details Affected Products ScadaBR Vendor: ScadaBR Product Version: ScadaBR ScadaBR: 1.2.0 Product Status: known_affected Remediations Vendor fix ScadaBR has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of ScadaBR are invited to contact ScadaBR customer support for additional information https://github.com/ScadaBR. https://github.com/ScadaBR Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2026-8603 In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. View CVE Details Affected Products ScadaBR Vendor: ScadaBR Product Version: ScadaBR ScadaBR: 1.2.0 Product Status: known_affected Remediations Vendor fix ScadaBR has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of ScadaBR are invited to contact ScadaBR customer support for additional information https://github.com/ScadaBR. https://github.com/ScadaBR Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-8604 In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage. View CVE Details Affected Products ScadaBR Vendor: ScadaBR Product Version: ScadaBR ScadaBR: 1.2.0 Product Status: known_affected Remediations Vendor fix ScadaBR has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of ScadaBR are invited to contact ScadaBR customer support for additional information https://github.com/ScadaBR. https://github.com/ScadaBR Relevant CWE: CWE-352 Cross-Site Request Forgery (CSRF) Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-8605 In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. View CVE Details Affected Products ScadaBR Vendor: ScadaBR Product Version: ScadaBR ScadaBR: 1.2.0 Product Status: known_affected Remediations Vendor fix ScadaBR has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of ScadaBR are invited to contact ScadaBR customer support for additional information https://github.com/ScadaBR. https://github.com/ScadaBR Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Acknowledgments Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol of DREAM reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-19 Date Revision Summary 2026-05-19 1 Initial Publication Legal Notice and Terms of Use

0
Kieback & Peter DDC Building Controllers

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Kieback & Peter DDC Building Controllers are affected: DDC4002 <=1.12.14 (CVE-2026-4293) DDC4100 <=1.12.14 (CVE-2026-4293) DDC4200 <=1.12.14 (CVE-2026-4293) DDC4200-L <=1.12.14 (CVE-2026-4293) DDC4400 <=1.12.14 (CVE-2026-4293) DDC4002e <=1.23.4 (CVE-2026-4293) DDC4200e <=1.23.4 (CVE-2026-4293) DDC4400e <=1.23.4 (CVE-2026-4293) DDC4020e <=1.23.4 (CVE-2026-4293) DDC4040e <=1.23.4 (CVE-2026-4293) DDC520 <=1.24.1 (CVE-2026-4293) CVSS Vendor Equipment Vulnerabilities v3 5.3 Kieback & Peter Kieback & Peter DDC Building Controllers Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Commercial Facilities, Communications, Financial Services, Food and Agriculture, Government Services and Facilities, Healthcare and Public Health, Information Technology Countries/Areas Deployed: Austria, China, France, Germany, United Arab Emirates Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-4293 The affected products are vulnerable to cross-site scripting (XSS), enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser. View CVE Details Affected Products Kieback & Peter DDC Building Controllers Vendor: Kieback & Peter Product Version: Kieback & Peter DDC4002: <=1.12.14, Kieback & Peter DDC4100: <=1.12.14, Kieback & Peter DDC4200: <=1.12.14, Kieback & Peter DDC4200-L: <=1.12.14, Kieback & Peter DDC4400: <=1.12.14, Kieback & Peter DDC4002e: <=1.23.4, Kieback & Peter DDC4200e: <=1.23.4, Kieback & Peter DDC4400e: <=1.23.4, Kieback & Peter DDC4020e: <=1.23.4, Kieback & Peter DDC4040e: <=1.23.4, Kieback & Peter DDC520: <=1.24.1 Product Status: known_affected Remediations Mitigation Kieback & Peter DDC Building Controllers are developed and designed for use in closed building automation networks. The system is protected by a multi-level perimeter against attacks, especially from outside, by dividing it into operational technology (OT) zones with firewalls. Building automation systems (BA systems) in general should not be directly accessible from untrusted networks, especially from the Internet, but should be protected by consistently applying the defense-in-depth strategy. This concept is supported by organizational measures in the building as part of a safety management system. In order to achieve safety, measures are required at all levels. Vendor fix The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are end-of-maintenance, therefore the recommendations for these devices are as follows: These devices must be operated in a strictly separate OT environment. Vendor fix The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are end-of-maintenance, therefore the recommendations for these devices are as follows: Only trusted individuals should be granted network access to the DDC web portal. Vendor fix The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are end-of-maintenance, therefore the recommendations for these devices are as follows: Access to the web portal should be disabled in the device configuration if not required. Vendor fix The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are end-of-maintenance, therefore the recommendations for these devices are as follows: Users should be informed that only links from trusted sources should be used to access the web service. Vendor fix For the DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, Kieback & Peter recommends the following safety measure: Restrict network access to the device Vendor fix For the DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, Kieback & Peter recommends the following safety measure: Do not directly connect the device to the Internet Vendor fix Update the firmware to the latest available version: DDC4002e -> Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC4200e -> Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC4400e -> Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC4020e -> Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC4040e -> Update to version 1.23.5 or newer Vendor fix Update the firmware to the latest available version: DDC520 -> Update to version 1.24.2 or newer Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Acknowledgments Maximilian Hildebrand of G DATA Advanced Analytics reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-19 Date Revision Summary 2026-05-19 1 Initial Publication Legal Notice and Terms of Use

0
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.

0
OpenAI says hackers stole some data after latest code security issue

OpenAI said the damage was limited to the employees’ devices, and did not affect user data nor its production systems, and none of its intellectual property was stolen.

0
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight

Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. [...]

0
Universal Robots Polyscope 5

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code. The following versions of Universal Robots Polyscope 5 are affected: Polyscope 5 <5.25.1  CVSS Vendor Equipment Vulnerabilities v3 9.8 Universal Robots Universal Robots Polyscope 5 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Denmark Vulnerabilities Expand All + CVE-2026-8153 OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS. View CVE Details Affected Products Universal Robots Polyscope 5 Vendor: Universal Robots Product Version: Universal Robots Polyscope 5: <5.25.1 Product Status: known_affected Remediations Vendor fix Universal Robots has released Polyscope 5 version 5.25.1.For more information, see Universal Robots article: https://www.universal-robots.com/articles/ur/cybersecurity/cve-2026-8153-command-injection-in-the-polyscope-5-dashboard-server/. https://www.universal-robots.com/articles/ur/cybersecurity/cve-2026-8153-command-injection-in-the-polyscope-5-dashboard-server/ Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments Vera Mens of Claroty Team82 reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-05-14 Date Revision Summary 2026-05-14 1 Initial Publication Legal Notice and Terms of Use

0
Siemens SIMATIC S7 PLC Web Server

View CSAF Summary SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIMATIC S7 PLC Web Server are affected: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1507S F V2 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1507S F V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1507S F V4 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1507S V2 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1507S V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1507S V4 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S F V2 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S F V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S F V4 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S T V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S TF V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S V2 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller CPU 1508S V4 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller Linux V2 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-1500 Software Controller Linux V3 vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIMATIC S7-PLCSIM Advanced vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0) vers:all/* (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0) vers:intdot/<2.9.9 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) vers:intdot/<3.1.6 (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) CVSS Vendor Equipment Vulnerabilities v3 9.1 Siemens Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Chemical, Energy, Food and Agriculture, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-25786 Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "communication" parameters page, the malicious code would be executed in the scope of their web session. View CVE Details Affected Products Siemens SIMATIC S7 PLC Web Server Vendor: Siemens Product Version: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0), SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0), SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3, SIMATIC S7-1500 Software Controller CPU 1508S V4, SIMATIC S7-1500 Software Controller Linux V2, SIMATIC S7-1500 Software Controller Linux V3, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0), SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) Product Status: known_affected Remediations Mitigation Restrict TIA project download to trusted personnel only. No fix planned Currently no fix is planned None available Currently no fix is available Vendor fix Update to V2.9.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109478459/ Vendor fix Update to V3.1.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109773914/ Vendor fix Update to V3.1.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109478459/ Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2026-25787 Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters page, the malicious code would be executed in the scope of their web session. View CVE Details Affected Products Siemens SIMATIC S7 PLC Web Server Vendor: Siemens Product Version: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0), SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0), SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3, SIMATIC S7-1500 Software Controller CPU 1508S V4, SIMATIC S7-1500 Software Controller Linux V2, SIMATIC S7-1500 Software Controller Linux V3, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0), SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) Product Status: known_affected Remediations Mitigation Restrict TIA project download to trusted personnel only. No fix planned Currently no fix is planned None available Currently no fix is available Vendor fix Update to V2.9.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109478459/ Vendor fix Update to V3.1.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109773914/ Vendor fix Update to V3.1.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109478459/ Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2026-25789 Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the authenticated user's session without requiring the file to be uploaded, potentially leading to session hijacking or credential theft. View CVE Details Affected Products Siemens SIMATIC S7 PLC Web Server Vendor: Siemens Product Version: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0), SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0), SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3, SIMATIC S7-1500 Software Controller CPU 1508S V4, SIMATIC S7-1500 Software Controller Linux V2, SIMATIC S7-1500 Software Controller Linux V3, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0), SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) Product Status: known_affected Remediations Mitigation Restrict access to the function right "firmware update" to instructed personnel. No fix planned Currently no fix is planned None available Currently no fix is available Vendor fix Update to V2.9.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109478459/ Vendor fix Update to V3.1.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109773914/ Vendor fix Update to V3.1.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109478459/ Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Acknowledgments Siemens ProductCERT reported these vulnerabilities to CISA. Lukas Sohrmann reported these vulnerabilities to Siemens. General Recommendations As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity Additional Resources For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories Terms of Use The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use. Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of Siemens ProductCERT SSA-688146 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Publication Date 2026-05-14 2 Initial CISA Republication of Siemens ProductCERT SSA-688146 advisory Legal Notice and Terms of Use

0
Law firm Fenwick & West sued for $525M over alleged role in FTX collapse

Twenty FTX victims are suing Fenwick & West, claiming the law firm didn’t just represent FTX, it helped build the infrastructure that kept the fraud running.

0
Fuji Electric Tellus

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files. The following versions of Fuji Electric Tellus are affected: Tellus 5.0.2 CVSS Vendor Equipment Vulnerabilities v3 7.8 Fuji Electric Fuji Electric Tellus Exposed Dangerous Method or Function Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2026-8108 The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions. View CVE Details Affected Products Fuji Electric Tellus Vendor: Fuji Electric Product Version: Fuji Electric Tellus: 5.0.2 Product Status: known_affected Remediations Vendor fix Fuji Electric recommends that Tellus be installed only with administrator privileges. Relevant CWE: CWE-749 Exposed Dangerous Method or Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Acknowledgments Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Initial Publication Legal Notice and Terms of Use

0
Subnet Solutions PowerSYSTEM Center

View CSAF Summary Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. The following versions of Subnet Solutions PowerSYSTEM Center are affected: PowerSYSTEM Center 2020 <=5.28.x (CVE-2026-35504) PowerSYSTEM Center 2020 >=5.8.x|<=5.28.x (CVE-2026-26289) PowerSYSTEM Center 2020 >=5.11.x|<=5.28.x (CVE-2026-33570) PowerSYSTEM Center 2024 >=6.0.x|<=6.1.x (CVE-2026-26289, CVE-2026-35555, CVE-2026-35504) PowerSYSTEM Center 2026 7.0.x (CVE-2026-26289, CVE-2026-35555, CVE-2026-35504) CVSS Vendor Equipment Vulnerabilities v3 8.2 Subnet Solutions Inc. Subnet Solutions PowerSYSTEM Center Incorrect Authorization, Improper Neutralization of CRLF Sequences ('CRLF Injection') Background Critical Infrastructure Sectors: Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Canada Vulnerabilities Expand All + CVE-2026-26289 PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only. View CVE Details Affected Products Subnet Solutions PowerSYSTEM Center Vendor: Subnet Solutions Inc. Product Version: Subnet Solutions Inc. PowerSYSTEM Center 2020: >=5.8.x|<=5.28.x, Subnet Solutions Inc. PowerSYSTEM Center 2024: >=6.0.x|<=6.1.x, Subnet Solutions Inc. PowerSYSTEM Center 2026: 7.0.x Product Status: known_affected Remediations Mitigation Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. Mitigation For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403) 270-8885 or by email at support@subnet.com. mailto:support@subnet.com Mitigation Subnet Solutions recommends users do the following in order to reduce risk: Monitor user activity records to ensure users are following acceptable usage policies of the application. Restrict access to Notification Settings to trusted Administrators Monitor "Send from Address" in settings and Activity Records. Configure a notification rule that triggers in any bulk account export activity. Relevant CWE: CWE-863 Incorrect Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L CVE-2026-33570 PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions. View CVE Details Affected Products Subnet Solutions PowerSYSTEM Center Vendor: Subnet Solutions Inc. Product Version: Subnet Solutions Inc. PowerSYSTEM Center 2020: >=5.11.x|<=5.28.x Product Status: known_affected Remediations Mitigation Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. Mitigation For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403) 270-8885 or by email at support@subnet.com. mailto:support@subnet.com Mitigation Subnet Solutions recommends users do the following in order to reduce risk: Monitor user activity records to ensure users are following acceptable usage policies of the application. Restrict access to Notification Settings to trusted Administrators Monitor "Send from Address" in settings and Activity Records. Configure a notification rule that triggers in any bulk account export activity. Relevant CWE: CWE-863 Incorrect Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2026-35555 PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. View CVE Details Affected Products Subnet Solutions PowerSYSTEM Center Vendor: Subnet Solutions Inc. Product Version: Subnet Solutions Inc. PowerSYSTEM Center 2024: >=6.0.x|<=6.1.x, Subnet Solutions Inc. PowerSYSTEM Center 2026: 7.0.x Product Status: known_affected Remediations Mitigation Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. Mitigation For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403) 270-8885 or by email at support@subnet.com. mailto:support@subnet.com Mitigation Subnet Solutions recommends users do the following in order to reduce risk: Monitor user activity records to ensure users are following acceptable usage policies of the application. Restrict access to Notification Settings to trusted Administrators Monitor "Send from Address" in settings and Activity Records. Configure a notification rule that triggers in any bulk account export activity. Relevant CWE: CWE-863 Incorrect Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2026-35504 PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. View CVE Details Affected Products Subnet Solutions PowerSYSTEM Center Vendor: Subnet Solutions Inc. Product Version: Subnet Solutions Inc. PowerSYSTEM Center 2020: <=5.28.x, Subnet Solutions Inc. PowerSYSTEM Center 2024: >=6.0.x|<=6.1.x, Subnet Solutions Inc. PowerSYSTEM Center 2026: 7.0.x Product Status: known_affected Remediations Mitigation Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. Mitigation For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403) 270-8885 or by email at support@subnet.com. mailto:support@subnet.com Mitigation Subnet Solutions recommends users do the following in order to reduce risk: Monitor user activity records to ensure users are following acceptable usage policies of the application. Restrict access to Notification Settings to trusted Administrators Monitor "Send from Address" in settings and Activity Records. Configure a notification rule that triggers in any bulk account export activity. Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Acknowledgments Kelly Stich of Subnet Solutions Inc reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Initial Publication Legal Notice and Terms of Use

0
Americans sentenced for running 'laptop farms' for North Korea

Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. [...]

0
Hackers steal students’ data during breach at education tech giant Instructure

The data breach at education tech giant Instructure includes students' private data, according to a sample of the allegedly stolen data seen by TechCrunch.

0
Johnson Controls CEM AC2000

View CSAF Summary Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. The following versions of Johnson Controls CEM AC2000 are affected: CEM AC2000 12.0 (CVE-2026-21661) CEM AC2000 11.0 (CVE-2026-21661) CEM AC2000 10.6 (CVE-2026-21661) CVSS Vendor Equipment Vulnerabilities v3 8.7 Johnson Controls Inc. Johnson Controls CEM AC2000 Uncontrolled Search Path Element Background Critical Infrastructure Sectors: Critical Manufacturing, Commercial Facilities, Government Services and Facilities, Transportation Systems, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Ireland Vulnerabilities Expand All + CVE-2026-21661 The affected product is vulnerable to DLL hijacking, which could allow an attacker to escalate standard user privileges on the host machine. View CVE Details Affected Products Johnson Controls CEM AC2000 Vendor: Johnson Controls Inc. Product Version: Johnson Controls Inc. CEM AC2000: 12.0, Johnson Controls Inc. CEM AC2000: 11.0, Johnson Controls Inc. CEM AC2000: 10.6 Product Status: known_affected Remediations Mitigation Johnson Controls recommends users apply the following mitigations: Mitigation Upgrade CEM AC 2000 12.0 to 12.0 Release 10. Mitigation Upgrade CEM AC 2000 11.0 to 11.0 Release 9. Mitigation Upgrade CEM AC 2000 10.6 to 10.6 Release 3. Mitigation For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory. https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories Relevant CWE: CWE-427 Uncontrolled Search Path Element Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.7 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L Acknowledgments Tom Hulme of CSACyber reported this vulnerability to Johnson Controls Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-05-05 Date Revision Summary 2026-05-05 1 Initial Republication of Johnson Controls product security advisory. Legal Notice and Terms of Use

0
Physical Cargo Theft Gets a Boost From Cybercriminals

Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods.

0
RMM Tools Fuel Stealthy Phishing Campaign

Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.

0
Amazon SES increasingly abused in phishing to evade detection

The Amazon Simple Email Service (SES) is being increasingly abused, a cybersecurity company's telemetry data shows, to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. [...]

0
They don’t hack, they borrow: How fraudsters target credit unions

Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. [...]

0
76% of All Crypto Stolen in 2026 Is Now in North Korea

North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.

0
FBI links cybercriminals to sharp surge in cargo theft attacks

The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. [...]

0
South Korea seeks 20-year sentence for Delio CEO over $169M crypto fraud

Prosecutors say Jeong Sang-ho’s “active deceptive acts” left nearly 2,800 investors frozen out of their funds, as South Korea's crackdown on the crypto industry widens.

0
ABB AWIN Gateways

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely reboot the device or complete an unauthenticated query to reveal system configuration, including sensitive details. The following versions of ABB AWIN Gateways are affected: ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2 2.0-0  ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2 2.0-1  ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120 1.2-0  ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120 1.2-1  CVSS Vendor Equipment Vulnerabilities v3 8.3 ABB ABB AWIN Gateways Authentication Bypass by Capture-replay, Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-13777 An unauthenticated query reveals data. Authentication Bypass due to Improper Session Validation. View CVE Details Affected Products ABB AWIN Gateways Vendor: ABB Product Version: ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1 Product Status: known_affected Remediations Mitigation The following product versions have been fixed: ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13777 ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13777 Mitigation For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY - PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY - CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json. https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY - PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY - CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json. https://psirt.abb.com/csaf/2026/4jno000329.json Relevant CWE: CWE-294 Authentication Bypass by Capture-replay Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CVE-2025-13778 An unauthenticated query allows an attacker to remotely reboot the device, potentially causing a denial of service. View CVE Details Affected Products ABB AWIN Gateways Vendor: ABB Product Version: ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1 Product Status: known_affected Remediations Mitigation The following product versions have been fixed: ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13778 ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13778 Mitigation For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY - PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY - CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json. https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY - PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY - CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json. https://psirt.abb.com/csaf/2026/4jno000329.json Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-13779 An unauthenticated query reveals the system configuration, including sensitive details. View CVE Details Affected Products ABB AWIN Gateways Vendor: ABB Product Version: ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1 Product Status: known_affected Remediations Mitigation The following product versions have been fixed: ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13779 ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13779 Mitigation For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY - PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY - CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json. https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY - PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY - CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json. https://psirt.abb.com/csaf/2026/4jno000329.json Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Acknowledgments Fred Alvarez reported these vulnerabilities to ABB Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. Revision History Initial Release Date: 2026-04-30 Date Revision Summary 2026-04-30 1 Initial Republication of ABB 4JNO000329 Legal Notice and Terms of Use

0
ABB Ability OPTIMAX

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration. The following versions of ABB Ability OPTIMAX are affected: ABB Ability OPTIMAX 6.1 vers:all/*  ABB Ability OPTIMAX 6.2 vers:all/*  ABB Ability OPTIMAX 6.3 <6.3.1-251120  ABB Ability OPTIMAX 6.4 <6.4.1-251120  CVSS Vendor Equipment Vulnerabilities v3 8.1 ABB ABB Ability OPTIMAX Incorrect Implementation of Authentication Algorithm Background Critical Infrastructure Sectors: Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-14510 The vulnerability allows an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration. View CVE Details Affected Products ABB Ability OPTIMAX Vendor: ABB Product Version: ABB ABB Ability OPTIMAX 6.1: vers:all/*, ABB ABB Ability OPTIMAX 6.2: vers:all/*, ABB ABB Ability OPTIMAX 6.3: <6.3.1-251120, ABB ABB Ability OPTIMAX 6.4: <6.4.1-251120 Product Status: known_affected Remediations Mitigation The following product versions have been fixed:  Ability OPTIMAX 6.3 6.3.1-251120 is a fixed version for CVE-2025-14510 Mitigation For more information see the associated ABB PSIRT security advisory 9AKK108472A1331 ABB CYBERSECURITY ADVISORY - PDF Version (https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY - CSAF Version (https://psirt.abb.com/csaf/2026/9akk108472a1331.json). https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 9AKK108472A1331 ABB CYBERSECURITY ADVISORY - PDF Version (https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY - CSAF Version (https://psirt.abb.com/csaf/2026/9akk108472a1331.json). https://psirt.abb.com/csaf/2026/9akk108472a1331.json Relevant CWE: CWE-303 Incorrect Implementation of Authentication Algorithm Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments ABB PSIRT reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity. Revision History Initial Release Date: 2026-04-30 Date Revision Summary 2026-04-30 1 Initial Republication of ABB PSIRT 9AKK108472A1331 Legal Notice and Terms of Use

0
ABB PCM600

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to send specially crafted messages to the system node resulting in execution of arbitrary code. The following versions of ABB PCM600 are affected: PCM600 >=1.5|<=2.13  CVSS Vendor Equipment Vulnerabilities v3 4.4 ABB ABB PCM600 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2018-1002208 A vulnerability exists in the SharpZip.dll included in the product versions listed above. An attacker could exploit vulnerability by providing a specially crafted message to the system node, causing insertion, and running of arbitrary code. View CVE Details Affected Products ABB PCM600 Vendor: ABB Product Version: ABB PCM600: >=1.5|<=2.13 Product Status: known_affected Remediations Vendor fix The problem is corrected in the following product version: ABB Protection and control IED manager PCM600 version 2.14. ABB recommends that customers apply the update at earliest convenience. Vendor fix Note: RE_630 protection relays are not compatible with PCM600 version 2.14. When using earlier PCM600 versions with RE_630, the known vulnerability must be mitigated through system-level defenses. For mitigation guidance, refer to the General Security Recommendations. Vendor fix The following product versions have been fixed: Protection and Control IED manager PCM600 2.14 is a fixed version for CVE-2018-1002208 Mitigation For more information see the associated ABB PSIRT security advisory 2NGA002813 ABB CYBERSECURITY ADVISORY - PDF version (https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=pdf&Action=Launch), ABB CYBERSECURITY ADVISORY - CSAF version (https://psirt.abb.com/csaf/2025/2nga002813.json). https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=pdf&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 2NGA002813 ABB CYBERSECURITY ADVISORY - PDF version (https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=pdf&Action=Launch), ABB CYBERSECURITY ADVISORY - CSAF version (https://psirt.abb.com/csaf/2025/2nga002813.json). https://psirt.abb.com/csaf/2025/2nga002813.json Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N Acknowledgments ABB PSIRT reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity. Revision History Initial Release Date: 2026-04-30 Date Revision Summary 2026-04-30 1 Initial Republication of ABB PSIRT 2NGA002813 Legal Notice and Terms of Use

0
ABB Edgenius Management Portal

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to send a specially crafted message to the system node allowing the attacker to install and run arbitrary code, uninstall applications, and modify the configuration of installed applications. The following versions of ABB Edgenius Management Portal are affected: Edgenius Management Portal 3.2.0.0|3.2.1.1 CVSS Vendor Equipment Vulnerabilities v3 9.6 ABB ABB Edgenius Management Portal Authentication Bypass Using an Alternate Path or Channel Background Critical Infrastructure Sectors: Critical Manufacturing, Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-10571 The Edgenius Management Portal in the affected product versions contains a vulnerability that allows authentication to be bypassed. An attacker could exploit the vulnerability by sending a specially crafted message to the system node allowing the attacker to install and run arbitrary code, uninstall in-stalled applications and modify the configuration of installed applications. View CVE Details Affected Products ABB Edgenius Management Portal Vendor: ABB Product Version: ABB Edgenius Management Portal: 3.2.0.0|3.2.1.1 Product Status: known_affected Remediations Vendor fix ABB has prepared an update to fix this vulnerability included in the latest Roll-Up, ABB Ability Edgenius version 3.2.2.0. ABB advises customers to upgrade as soon as possible. Until the upgrade is applied, ABB advises customers to disable the Edgenius Management Portal to mitigate the vulnerability. Vendor fix All affected products: Exploitation requires an attacker to have gained access to the network where Edgenius has been deployed, and while the Edgenius Management Portal is running. Refer to section "General security recommendations" for further advise on how to keep your system secure. Mitigation All affected products: Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workaround. Mitigation The following product versions have been fixed: Ability Edgenius 3.2.2.0 is a fixed version for CVE-2025-10571 Mitigation For more information see the associated ABB PSIRT security advisory 7PAA022088 ABB CYBERSECURITY ADVISORY - PDF version (https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY - CSAF version (https://psirt.abb.com/csaf/2025/7paa022088.json). https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation For more information see the associated ABB PSIRT security advisory 7PAA022088 ABB CYBERSECURITY ADVISORY - PDF version (https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY - CSAF version (https://psirt.abb.com/csaf/2025/7paa022088.json). https://psirt.abb.com/csaf/2025/7paa022088.json Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Acknowledgments ABB PSIRT reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-04-30 Date Revision Summary 2026-04-30 1 Initial Republication of ABB PSIRT 7PAA022088 Legal Notice and Terms of Use

0
Police dismantles 9 crypto scam centers, arrests 276 suspects

A joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine cryptocurrency investment fraud centers. [...]

0
US, UAE and China joint effort dismantles 9 crypto scam centers

In another police action, European police arrested 10 people and took down three scam centers, estimated to have stolen over $58 million from victims around the world.

0
AI Finds 38 Security Flaws in Electronic Health Record Platform

Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.

0
Kustodia launches smart contract escrow for LATAM's $600m fraud crisis

Mexico's first peso-denominated blockchain escrow goes live on SPEI for high-value P2P transactions.

0
European police dismantles €50 million crypto investment fraud ring

Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. [...]

0
Canada proposes crypto ATM ban over scams and money laundering

Ottawa says Bitcoin ATMs have become a key tool for scammers, as regulators move to tighten oversight of high-risk parts of the crypto sector.

0
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.

0
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]

0
NSA GRASSMARLIN

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. The following versions of NSA GRASSMARLIN are affected: GRASSMARLIN vers:all/* CVSS Vendor Equipment Vulnerabilities v3 5.5 NSA NSA GRASSMARLIN Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-6807 A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process. View CVE Details Affected Products NSA GRASSMARLIN Vendor: NSA Product Version: NSA GRASSMARLIN: vers:all/* Product Status: known_affected Remediations Vendor fix NSA has indicated that the GRASSMARLIN project has reached end-of-life status as of 2017 and is no longer supported. The project is archived, and no patches or further updates are planned or expected. Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Acknowledgments Grady DeRosa reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-28 Date Revision Summary 2026-04-28 1 Initial Publication Legal Notice and Terms of Use

0
Helping Romance Scam Victims Requires a Proactive, Empathic Approach

People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial, and government institutions to work together and protect them.

0
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.

0
AI Phishing Is No. 1 With a Bullet for Cyberattackers

In the past six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.

0
North Korea's Lazarus Targets macOS Users via ClickFix

Lazarus continues leveraging ClickFix for initial access and data theft: in this case, against Mac-centric organizations and their high-value leaders.

0
Milesight Cameras

View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. The following versions of Milesight Cameras are affected: MS-Cxx63-PD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx64-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx73-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx75-xxPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx83-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx74-PA <=3x.8.0.3-r11 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C8477-HPG1 <=63.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C8477-PC <=48.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C5321-FPE <=62.8.0.4-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx72-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx62-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx52-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxGPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx61-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx67-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx71-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx41-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx76-PE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx65-PE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx62-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx72-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-CQxx31-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-CQxx68-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-CQxx72-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-NxE <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxC <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxE <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxG <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxH <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxT <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) PMC8266-FPE <=PO_61.8.0.4_LPR (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) PMC8266-FGPE <=PO_61.8.0.4_LPR (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) PM3322-E <=PI_61.8.0.3_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5366-X12RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-RFIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-RFIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RIWG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4RIWG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5510-GVH <=T_47.8.0.4_LPR-r7 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5510-GH <=T_47.8.0.4_LPR-r6 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5511-GVH <=T_47.8.0.4_LPR-r6 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2966-X12TPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5366-X12PE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4PE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2966-X12TVPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RVPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5366-X12VPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4VPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4441-X36RPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4441-X36RE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RWE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4WE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2964-RFLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2972-RFLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2966-RFLWPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2866-X4TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2866-X4TVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2866-X4TGPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2841-X36TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2841-X36TPC/W <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2867-X5TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2961-X12TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-FPC/P <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2966-X12RLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2966-X12RLVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C5366-X12LPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C5366-X12LVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C5361-X12LPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxxGOPC <=45.8.0.2-AIoT-r4 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) SC211 <=C_21.1.0.8-r4 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) SP111 <=52.8.0.4-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-RFIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx72-RFIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-FIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx72-FIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) CVSS Vendor Equipment Vulnerabilities v3 9.8 Milesight Milesight Cameras Authorization Bypass Through User-Controlled Key, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Heap-based Buffer Overflow Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2026-28747 A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras. View CVE Details Affected Products Milesight Cameras Vendor: Milesight Product Version: Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX Product Status: known_affected Remediations Mitigation Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware Vendor fix MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13 Vendor fix MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4 Vendor fix MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4 Vendor fix MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6 Vendor fix MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5 Vendor fix TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8 Vendor fix TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5 Vendor fix SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5 Vendor fix SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6 Vendor fix MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Mitigation Milesight asks all users to report potential security vulnerabilities to security@milesight.com. mailto:security@milesight.com Mitigation Learn more: Milesight Vulnerability Reporting Policy https://www.milesight.com/legal/vulnerability-report Relevant CWE: CWE-639 Authorization Bypass Through User-Controlled Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-27785 Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. View CVE Details Affected Products Milesight Cameras Vendor: Milesight Product Version: Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX Product Status: known_affected Remediations Mitigation Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware Vendor fix MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13 Vendor fix MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4 Vendor fix MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4 Vendor fix MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6 Vendor fix MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5 Vendor fix TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8 Vendor fix TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5 Vendor fix SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5 Vendor fix SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6 Vendor fix MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Mitigation Milesight asks all users to report potential security vulnerabilities to security@milesight.com. mailto:security@milesight.com Mitigation Learn more: Milesight Vulnerability Reporting Policy https://www.milesight.com/legal/vulnerability-report Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-32644 Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. View CVE Details Affected Products Milesight Cameras Vendor: Milesight Product Version: Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX Product Status: known_affected Remediations Mitigation Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware Vendor fix MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13 Vendor fix MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4 Vendor fix MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4 Vendor fix MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6 Vendor fix MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5 Vendor fix TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8 Vendor fix TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5 Vendor fix SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5 Vendor fix SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6 Vendor fix MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Mitigation Milesight asks all users to report potential security vulnerabilities to security@milesight.com. mailto:security@milesight.com Mitigation Learn more: Milesight Vulnerability Reporting Policy https://www.milesight.com/legal/vulnerability-report Relevant CWE: CWE-321 Use of Hard-coded Cryptographic Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-32649 A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. View CVE Details Affected Products Milesight Cameras Vendor: Milesight Product Version: Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX Product Status: known_affected Remediations Mitigation Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware Vendor fix MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13 Vendor fix MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4 Vendor fix MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4 Vendor fix MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6 Vendor fix MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5 Vendor fix TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8 Vendor fix TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5 Vendor fix SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5 Vendor fix SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6 Vendor fix MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Mitigation Milesight asks all users to report potential security vulnerabilities to security@milesight.com. mailto:security@milesight.com Mitigation Learn more: Milesight Vulnerability Reporting Policy https://www.milesight.com/legal/vulnerability-report Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2026-20766 An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. View CVE Details Affected Products Milesight Cameras Vendor: Milesight Product Version: Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX Product Status: known_affected Remediations Mitigation Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware Vendor fix MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13 Vendor fix MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13 Vendor fix MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4 Vendor fix MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4 Vendor fix MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6 Vendor fix MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2 Vendor fix MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4 Vendor fix MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2 Vendor fix MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6 Vendor fix PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1 Vendor fix PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5 Vendor fix TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4 Vendor fix TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8 Vendor fix TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4 Vendor fix MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10 Vendor fix MS-Cxx66-xxxxGOPC: 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5 Vendor fix SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5 Vendor fix SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6 Vendor fix MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Vendor fix MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX Mitigation Milesight asks all users to report potential security vulnerabilities to security@milesight.com. mailto:security@milesight.com Mitigation Learn more: Milesight Vulnerability Reporting Policy https://www.milesight.com/legal/vulnerability-report Relevant CWE: CWE-122 Heap-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Acknowledgments Souvik Kandar reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-23 Date Revision Summary 2026-04-23 1 Initial Publication Legal Notice and Terms of Use

0
Defending Against China-Nexus Covert Networks of Compromised Devices

Defending against china-nexus covert networks of compromised devices executive summary Defending against China-nexus covert networks of compromised devices  Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it  Summary With support from the UK Cyber League, this advisory has been jointly released by the National Cyber Security Centre (NCSC-UK) and international partners:  Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) Communications Security Establishment Canada’s (CSE’s) Canadian Centre for Cyber Security (Cyber Centre) Germany Federal Office for the Protection of the Constitution -   Bundesamt für Verfassungsschutz (BfV) Germany Federal Intelligence Service – Bundesnachrichtendienst (BND) Germany Federal Office for Information Security - Bundesamt für Sicherheit in der Informationstechnik (BSI) Japan National Cybersecurity Office (NCO) - 国家サイバー統括室 Netherlands General Intelligence and Security Service - Algemene Inlichtingen- en Veiligheidsdienst (AIVD) Netherlands Defence Intelligence and Security Service - Militaire Inlichtingen- en Veiligheidsdienst (MIVD) New Zealand National Cyber Security Centre (NCSC-NZ) Spain National Cryptologic Centre – Centro Criptológico Nacional (CCN) Sweden National Cyber Security Centre - Nationellt cybersäkerhetscenter (NCSC-SE) United States Cybersecurity and Infrastructure Security Agency (CISA) United States Department of Defense Cyber Crime Center (DC3) United States Federal Bureau of Investigation (FBI) United States National Security Agency (NSA)  Its purpose is to provide network defenders with the tools needed to defend against China-nexus cyber actors and their tactic of using large scale networks of compromised devices (covert networks) to route their cyber activity.  Introduction   Over the past few years there has been a major shift in the tactics, techniques and procedures (TTPs) used by China-nexus cyber actors, moving away from the use of individually procured infrastructure, and towards the use of externally provisioned, large-scale networks of compromised devices.  The NCSC believes that the majority of China-nexus threat actors are using these networks (hereafter “covert networks”), that multiple covert networks have been created and are being constantly updated, and that a single covert network could be being used by multiple actors. These networks are mainly made up of compromised Small Office Home Office (SOHO) routers, as well as Internet of Things (IoT) and smart devices.  Anyone who is a target of China-nexus cyber actors may be impacted by the use of covert networks. They have been used by Chinese state-sponsored actors Volt Typhoon to pre-position offensive cyber capabilities on critical national infrastructure. The group Flax Typhoon used a different covert network of compromised infrastructure to conduct cyber espionage.  The use of covert networks of compromised devices - also known as botnets - to facilitate malicious cyber activity is not new, but China-nexus cyber actors are now using them strategically, and at scale.   This advisory describes the typical makeup of a covert network and what they are being used for. It also includes protective advice for organizations being targeted by cyber activity using a covert network as an access vector. Covert Networks  Covert networks are used to connect across the internet in a low-cost, low-risk, deniable way, disguising the origin and attribution of malicious activity. Actors have been observed using them for each phase of their Cyber Kill Chains, from performing scans as part of reconnaissance, to the delivery of malware, communicating with said malware, and exfiltrating stolen data from a victim. They can also be used for general deniable internet browsing, allowing threat actors to research exploitation techniques, new TTPs, and their victims without attribution. Some covert networks are also used by legitimate customers to browse the internet, making it challenging to attribute malicious activity.  There is evidence that covert networks used by China-nexus actors are created and maintained by Chinese information security companies. A network known to network defenders as Raptor Train, which in 2024 infected more than 200,000 devices worldwide, was controlled and managed by the Chinese company, Integrity Technology Group. This company was also assessed by the FBI to be responsible for the computer intrusion activities attributed to China-based hackers known as Flax Typhoon.  Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks – NCSC Director of Operations, Paul Chichester  Covert networks mostly consist of compromised SOHO routers, but they also pull in any vulnerable device they can exploit at scale. Raptor Train was made up of thousands of SOHO routers and IoT devices, such as web cameras and video recorders, as well as firewalls and Network Attached Storage (NAS) devices. The KV Botnet used by Volt Typhoon was mainly made up of vulnerable Cisco and NetGear routers. The edge devices were vulnerable because they were “end of life” – out of date and no longer receiving updates or security patches by their manufacturers.  The cyber security industry has been aware of examples of these networks for some time and has publicly reported on the widespread scale of the threat and its implications. Mandiant Intelligence produced a public blog in May 2024 talking about covert networks in which they highlighted a key issue for defenders – indicator of compromise (IOC) Extinction. If a particular threat group could now come from one of many covert networks, each with potentially hundreds of thousands of endpoints, and each used by multiple threat actors, old network defense paradigms of static malicious IP block lists will be less effective. This is compounded by the dynamic nature of these networks where new nodes will be added as old devices are patched or removed from use.  Typical Network Topology The number of covert networks used by China-nexus cyber actors is large, with new networks regularly developed and deployed. The existing covert networks change too, either because of defensive or legal action, or simply as a result of software updates and new exploits being used to target different technologies for incorporation into the network.  Because of this, a description of all known covert networks in detail, including how they are constructed and how they communicate, would immediately be out of date – and for most network defenders would not be practically useful.  However, most covert networks of compromised devices use the same basic set up. Understanding this generalized structure can aid researchers and defenders by helping them to understand which part of a network they may have found, and how to defend against it.  A diagram illustrating the basic setup of a covert network. The diagram above illustrates the basic setup of a covert network, where typically an actor will connect to the network via an on-ramp or entry node. Their traffic will be forwarded through multiple compromised devices, used as traversal nodes, before exiting the network from an exit node, usually in the same geographic region as the target.  Protective Advice  Defending from attackers using covert networks is not straightforward, and defensive tactics will be different based on the levels of resource and the nature of the target organization. General advice for good cyber security practice should be followed, and some key messages can be found in the appendix of this advisory.   The following advice is specifically tailored to steps which can be taken to combat the risk of attacks coming from large, dynamic networks of compromised devices.  Further guidance for all organizations facing cyber security threats is available on the NCSC website.  This guidance should be considered alongside all applicable laws and regulations of the UK and co-sealing countries relating to the security of networks and data. It will be each organization’s responsibility to ensure compliance with any such laws and regulations. Organizations should note that following the recommended actions set out below will not remove all risks. All organizations The NCSC recommends the following steps for all affected organizations to either take themselves, or ask their managed service and/or security providers to investigate for them:  Map and understand network edge devices, developing a clear understanding of organizational assets and what should be connecting to them. Baseline normal connections, especially to corporate virtual private networks (VPNs) or other similar services. Would you expect connections from consumer broadband ranges? Leverage available dynamic threat feeds which include covert network infrastructure. Implement multifactor authentication for remote connections. Smaller organizations should consider creating and actioning a free NCSC Cyber Action Toolkit.  Larger or more at-risk organizations Some more comprehensive measures may be appropriate if the risk to an organization is high enough, to be conducted either in-house or through a security provider:   Apply IP address allow lists rather than deny lists for connections to corporate VPNs for remote workers. Use geographic allow lists or profile incoming connections based on operating system, time zones, and/or organization specific system configuration settings. Implement zero trust policies for connections. Enforce machine certificates for Secure Sockets Layer (SSL) connections. Reduce the internet-facing presence of the IT estate. Investigate machine learning techniques to profile normal network edge activity to detect and block anomalies.  The NCSC's Cyber Essentials can help protect organizations of all sizes.  Largest or most at-risk organizations  If Advanced Persistent Threat (APT) tracking is part of an organization’s in-house capability, or if it is part of the service provided by a security vendor, consider tracking China-nexus covert networks as APTs in their own right. Active hunting – look for connections from IP addresses likely to be part of a covert network of compromised devices, for instance those hosting SOHO routers or IoT devices. Track and map covert networks reported by industry or government by looking at banners and certificates. Use threat reporting and threat feeds to create and implement dynamic blocklists and create alert rules to detect incoming threats. Consider using NetFlow feeds to look upstream and map covert networks to find new nodes.  The NCSC Cyber Assessment Framework provides guidance for organizations under the highest levels of threat, including those operating essential services, in sectors such as energy, healthcare, transport, digital infrastructure and government.   MITRE ATT&CK®  This advisory has been compiled with respect to the MITRE ATT&CK® framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.  Tactic  ID  Technique  Procedure  Resource Development  T1584.005  Compromise Infrastructure: Botnet  Botnets are used as core components of covert networks  Resource Development  T1584.008  Compromise Infrastructure: Network Devices  Devices are compromised and added to botnets  Resource Development  T1583.003  Acquire Infrastructure: Virtual Private Server  Virtual private servers (VPS) are used in covert networks, typically as on-ramps  Command and Control  T1090.003  Proxy: Multi-hop Proxy  Used by China-nexus cyber actors to route traffic   Appendix: Cyber Security Best Practices  In addition to the protective advice outlined in this advisory, a number of cyber security best practices will also be useful in defending against the activity described in this advisory.  Protect your devices and networks by keeping them up to date: use the latest supported versions, apply security updates promptly, use antivirus and scan regularly to guard against known malware threats. See NCSC Guidance: https://www.ncsc.gov.uk/collection/device-security-guidance/policies-and-settings/antivirus-and-other-security-software Prevent and detect lateral movement in your organization’s networks. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/preventing-lateral-movement Implement architectural controls for network segregation. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/10-steps-network-security Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/introduction-logging-security-purposes and https://www.ncsc.gov.uk/information/logging-made-easy Use modern systems and software. These have better security built-in. If you cannot move off out-of-date platforms and applications straight away, there are short term steps you can take to improve your position. See NCSC Guidance:  https://www.ncsc.gov.uk/collection/mobile-device-guidance/managing-the-risks-from-obsolete-products Restrict intruders' ability to move freely around your systems and networks. Pay particular attention to potentially vulnerable entry points such as third-party systems with onward access to your core network. During an incident, disable remote access from third-party systems until you are sure they are clean. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/preventing-lateral-movement and https://www.ncsc.gov.uk/guidance/assessing-supply-chain-security. Deploy a host-based intrusion detection system. A variety of products are available, free and paid-for, to suit different needs and budgets. Further information: Invest in preventing malware-based attacks across various scenarios.  See NCSC Guidance: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks  Disclaimer   This report draws on information derived from NCSC and industry sources. Any NCSC findings and recommendations made have not been provided with the intention of avoiding all risks and following the recommendations will not remove all such risk. Ownership of information risks remains with the relevant system owner at all times. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by co-sealers. UK readers should refer to the NCSC website for information about NCSC assured services.  This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation.   Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk.   All material is UK Crown Copyright ©

0
SpiceJet Online Booking System

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. The following versions of SpiceJet Online Booking System are affected: Online Booking System vers:all/* (CVE-2026-6375, CVE-2026-6376) CVSS Vendor Equipment Vulnerabilities v3 7.5 SpiceJet SpiceJet Online Booking System Authorization Bypass Through User-Controlled Key, Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: India Vulnerabilities Expand All + CVE-2026-6375 A vulnerability in SpiceJet's booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw stems from missing authorization checks on an endpoint intended for authenticated profile access. View CVE Details Affected Products SpiceJet Online Booking System Vendor: SpiceJet Product Version: SpiceJet Online Booking System: vers:all/* Product Status: known_affected Remediations Mitigation SpiceJet did not respond to CISA's requests to coordinate. Users are encouraged to reach out to SpiceJet for more information: https://corporate.spicejet.com/contactus.aspx https://corporate.spicejet.com/contactus.aspx Relevant CWE: CWE-639 Authorization Bypass Through User-Controlled Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-6376 A weakness in SpiceJet's public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user who can obtain or guess those basic inputs. The issue arises from improper access control on a sensitive data retrieval function. View CVE Details Affected Products SpiceJet Online Booking System Vendor: SpiceJet Product Version: SpiceJet Online Booking System: vers:all/* Product Status: known_affected Remediations Mitigation SpiceJet did not respond to CISA's requests to coordinate. Users are encouraged to reach out to SpiceJet for more information: https://corporate.spicejet.com/contactus.aspx https://corporate.spicejet.com/contactus.aspx Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Acknowledgments Owais Shaikh reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-23 Date Revision Summary 2026-04-23 1 Initial Publication Legal Notice and Terms of Use

0
Yadea T5 Electric Bicycle

View CSAF Summary Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. The following versions of Yadea T5 Electric Bicycle are affected: T5 Electric Bicycle vers:all/* (CVE-2025-70994) CVSS Vendor Equipment Vulnerabilities v3 7.3 Yadea Yadea T5 Electric Bicycle Weak Authentication Background Critical Infrastructure Sectors: Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2025-70994 Yadea T5 Electric Bicycles have a weak authentication mechanism which is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmissions. View CVE Details Affected Products Yadea T5 Electric Bicycle Vendor: Yadea Product Version: Yadea T5 Electric Bicycle: vers:all/* Product Status: known_affected Remediations Mitigation Yadea did not respond to CISA's attempts at coordination. Users of Yadea T5 Electric Bicycles are encouraged to keep their systems up to date and lock their property securely with external mechanisms. Users can contact Yadea at https://yadea.com/contact-us. https://yadea.com/contact-us Relevant CWE: CWE-1390 Weak Authentication Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Acknowledgments Ashen Chathuranga reported this vulnerability to MITRE and CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-04-23 Date Revision Summary 2026-04-23 1 Initial Publication Legal Notice and Terms of Use

0
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. The following versions of Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera are affected: IP Camera XM530V200_X6-WEQ_8M firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 (CVE-2025-65856) CVSS Vendor Equipment Vulnerabilities v3 9.8 Hangzhou Xiongmai Technology Co., Ltd Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2025-65856 Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access. View CVE Details Affected Products Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera Vendor: Hangzhou Xiongmai Technology Co., Ltd Product Version: Hangzhou Xiongmai Technology Co., Ltd IP Camera XM530V200_X6-WEQ_8M firmware: V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 Product Status: known_affected Remediations Mitigation Hangzhou Xiongmai Technology Co., Ltd has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of XM530 IP cameras are invited to contact Xiongmai Technology customer support for additional information (https://www.xiongmaitech.com/en/index.php/about/contact/42). https://www.xiongmaitech.com/en/index.php/about/contact/42 Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments CISA discovered a public Proof of Concept (PoC) as authored by Luis Miranda Acebedo and reported it to MITRE Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-23 Date Revision Summary 2026-04-23 1 Initial Publication Legal Notice and Terms of Use

0
Intrado 911 Emergency Gateway (EGW)

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files. The following versions of Intrado 911 Emergency Gateway (EGW) are affected: Emergency Gateway 7.x (CVE-2026-6074) Emergency Gateway 6.x (CVE-2026-6074) Emergency Gateway 5.x (CVE-2026-6074) CVSS Vendor Equipment Vulnerabilities v3 9.8 Intrado Intrado 911 Emergency Gateway (EGW) Path Traversal: '.../...//' Background Critical Infrastructure Sectors: Emergency Services Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-6074 A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files. View CVE Details Affected Products Intrado 911 Emergency Gateway (EGW) Vendor: Intrado Product Version: Intrado Emergency Gateway: 7.x, Intrado Emergency Gateway: 6.x, Intrado Emergency Gateway: 5.x Product Status: known_affected Remediations Mitigation Intrado developed and released a software update on March 2nd, 2026, that addresses this issue and has contacted customers to coordinate applying the patch. Mitigation If you have questions, contact Intrado E911 Support: E911Support@intrado.com mailto:E911Support@intrado.com Relevant CWE: CWE-35 Path Traversal: '.../...//' Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments An anonymous source reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-23 Date Revision Summary 2026-04-23 1 Initial Publication Legal Notice and Terms of Use

0
Phishing, deepfakes, supply chain attacks to fuel 2026's biggest crypto hacks: CertiK

CertiK has urged crypto users not to overlook basic security practices as major crypto hacks spiked in April.

0
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.

0
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process

Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-Service" operations like a professional sales team. [...]

0
North Korea tied to heists worth $578M in April after Kelp DAO exploit

DPRK-linked crypto theft topped $578M in April after the Kelp DAO exploit, as attacks continue to expand across protocols, companies and end users.

0
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.

0
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction

Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. [...]

0
Silex Technology SD-330AC and AMC Manager

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. The following versions of Silex Technology SD-330AC and AMC Manager are affected: SD-330AC <=1.42 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965) AMC Manager <=5.0.2 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965) CVSS Vendor Equipment Vulnerabilities v3 9.8 Silex Technology Silex Technology SD-330AC and AMC Manager Stack-based Buffer Overflow, Heap-based Buffer Overflow, Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Dependency on Vulnerable Third-Party Component, Use of a Broken or Risky Cryptographic Algorithm, Sensitive Information in Resource Not Removed Before Reuse, Incorrect Privilege Assignment, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of CRLF Sequences ('CRLF Injection'), Initialization of a Resource with an Insecure Default Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2026-32955 A Stack-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to execute arbitrary code on the device. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-121 Stack-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-32956 A Heap-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to execute arbitrary code on the device. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-122 Heap-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-32957 A Missing Authentication for Critical Function vulnerability in Silex Technology SD-330AC and AMC Manager could allow uploads of arbitrary files to the device without authentication. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-32958 A Use of Hard-coded Cryptographic Key vulnerability in Silex Technology SD-330AC and AMC Manager could cause an administrative user to be directed to apply a fake firmware update. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2026-32958 and CVE-2026-32965: Set a password for the settings web interface. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-321 Use of Hard-coded Cryptographic Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2015-5621 The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash). View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2015-5621: Disable SNMP service. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-1395 Dependency on Vulnerable Third-Party Component Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-32959 A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to retrieve information via a man-in-the-middle attack. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-32960 A Sensitive Information in Resource Not Removed Before Reuse vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to send specially crafted packets that may allow the attacker to login to the device. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-226 Sensitive Information in Resource Not Removed Before Reuse Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2026-32961 A Heap-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to send specially crafted packets that may cause a temporary denial-of-service (DoS) condition. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-122 Heap-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-32962 A Missing Authentication for Critical Function vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to alter the device configuration without authentication. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2024-24487 An issue discovered in Silex Technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-266 Incorrect Privilege Assignment Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H CVE-2026-32963 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to trick a user into accessing a special web page and execute arbitrary script on the user's browser. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2026-32964 An Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to inject arbitrary entries into the system configuration. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-32965 An Initialization of a Resource with an Insecure Default vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker using the factory default configuration to configure the device using the null string password. View CVE Details Affected Products Silex Technology SD-330AC and AMC Manager Vendor: Silex Technology Product Version: Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status: known_affected Remediations Vendor fix The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later Vendor fix AMC Manager Ver.5.1.0 or later Mitigation CVE-2026-32958 and CVE-2026-32965: Set a password for the settings web interface. Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/en/2026-001 Mitigation For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001). https://www.silex.jp/support/security-advisories/2026-001 Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/en/vu/JVNVU94271449/ Mitigation For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/). https://jvn.jp/vu/JVNVU94271449/ Relevant CWE: CWE-1188 Initialization of a Resource with an Insecure Default Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Acknowledgments Francesco La Spina of Forescout Technologies reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-21 Date Revision Summary 2026-04-21 1 Initial Publication Legal Notice and Terms of Use

0
SenseLive X3050

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. The following versions of SenseLive X3050 are affected: X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE-2026-40623, CVE-2026-27841, CVE-2026-40620, CVE-2026-35064, CVE-2026-25775) CVSS Vendor Equipment Vulnerabilities v3 9.8 SenseLive SenseLive X3050 Authentication Bypass Using an Alternate Path or Channel, Insufficient Session Expiration, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information, Missing Authorization, Cross-Site Request Forgery (CSRF) Background Critical Infrastructure Sectors: Critical Manufacturing, Water and Wastewater, Energy, Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: India Vulnerabilities Expand All + CVE-2026-40630 A vulnerability in the X3050's web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25720 A vulnerability exists in the X3050's web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-613 Insufficient Session Expiration Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2026-35503 A vulnerability in the X3050's web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-39462 A vulnerability exists in the X3050's web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-522 Insufficiently Protected Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-27843 A vulnerability exists in the X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires specialized technical access via the console to perform a factory reset, resulting in a total denial-of-service for the gateway and its connected RS-485 downstream systems. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2026-40431 A vulnerability exists in the X3050's web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-40623 A vulnerability in the X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-862 Missing Authorization Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2026-27841 A vulnerability in the X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-352 Cross-Site Request Forgery (CSRF) Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2026-40620 A vulnerability in the X3050's embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-35064 A vulnerability in the X3050's management ecosystem allows unauthenticated discovery of deployed units through the vendor's management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-25775 A vulnerability in X3050's remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware. View CVE Details Affected Products SenseLive X3050 Vendor: SenseLive Product Version: SenseLive X3050: V1.523 Product Status: known_affected Remediations Mitigation SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact https://senselive.io/contact Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments Jithin Nambiar J reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-21 Date Revision Summary 2026-04-21 1 Initial Publication Legal Notice and Terms of Use

0
Vercel Employee's AI Tool Access Led to Data Breach

Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.

0
Deezer says 44% of songs uploaded to its platform daily are AI-generated

Deezer says consumption of AI-generated music on the platform is still very low, between 1-3% of the total streams, and that 85% of these streams are detected as fraudulent and are demonetized.

5
App host Vercel says it was hacked and customer data stolen

Vercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.

0
British Scattered Spider hacker pleads guilty to crypto theft charges

A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]

0
​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments.  On March 31, 2026, two npm packages for versions axios@1.14.1 and axios@0.30.4 of Axios npm injected the malicious dependency plain-crypto-js@4.2.1 that downloads multi-stage payloads from cyber threat actor infrastructure, including a remote access trojan.2 CISA urges organizations to implement the following recommendations to detect and remediate a potential compromise:  Monitor and review code repositories, continuous integration/continuous delivery (CI/CD) pipelines, and developer machines that ran npm install or npm update with the compromised Axios version. Search for cached versions of affected dependencies in artifact repositories and dependency management tools. Pin npm package dependency versions to known safe releases. If compromised dependencies are identified, revert the environment to a known safe state.  Downgrade to axios@1.14.0 or axios@0.30.3 and delete node_modules/plain-crypto-js/. Rotate/revoke credentials that may have been exposed on affected systems or pipelines (e.g., version control system [VCS] tokens, CI/CD secrets, cloud keys, npm tokens, and Secure Shell [SSH] keys). For ephemeral CI jobs, rotate all secrets injected into the compromised run. Monitor for unexpected child processes and anomalous network behavior, specifically during npm install or npm update. Block and monitor outbound connections to Sfrclak[.]com domains. Conduct continuous indicator searches and endpoint detection and response (EDR) hunts to confirm no indicators of compromise (IOCs) remain; ensure no further egress to the command and control (C2). In addition, CISA recommends organizations using Axios npm: Mandate phishing-resistant multifactor authentication (MFA) on all developer accounts, especially for critical platforms. Set ignore-scripts=true in the .npmrc configuration file, which prevents potentially malicious scripts from executing during npm install packages. Set min-release-age=7 in the .npmrc configuration file to only install packages that have been published for at least seven days, which helps avoid installation of packages that may not be completely vetted or are potentially malicious. Establish and maintain a baseline of normal execution behavior for tools that use Axios. Alert when a dependency behaves differently (e.g., building containers, enabling shells, executing commands) and trace outbound network activity for anomalous connections. See the following resources for additional guidance on this compromise:  GitHub: Post Mortem: axios npm supply chain compromise #10636 Microsoft: Mitigating the Axios npm supply chain compromise StepSecurity: axios Compromised on npm - Malicious Versions Drop Remote Access Trojan npm Docs: Securing your code Socket: Supply Chain Attack on Axios Pulls Malicious Dependency from npm Disclaimer The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. Notes 1 “Post Mortem: axios npm supply chain compromise,” axios GitHub, Issue #10636, March 31, 2026, https://github.com/axios/axios/issues/10636. 2 “Mitigating the Axios npm supply chain compromise,” Microsoft Threat Intelligence and Microsoft Defender Security Research Team, April 1, 2026, https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/.

0
Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]

0
Apple account change alerts abused to send phishing emails

Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. [...]

0
SEC charges Donald Basile in $16M crypto fraud tied to ‘insured’ token

The SEC has sued crypto executive Donald Basile over an alleged $16 million scheme involving false claims about an “insured” Bitcoin Latinum token.

0
Man who hacked US Supreme Court filing system sentenced to probation

Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on Instagram under the handle @ihackedthegovernment.

0
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

0
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops

In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. [...]

0
Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery

Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today's cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. [...]

0
Delta Electronics ASDA-Soft

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The following versions of Delta Electronics ASDA-Soft are affected: ASDA-Soft <=V7.2.2.0 CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics ASDA-Soft Stack-based Buffer Overflow Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-5726 A stack-based buffer overflow vulnerability is triggered in ASDA-Soft version 7.2.0.0 during the parsing of malformed .par files. View CVE Details Affected Products Delta Electronics ASDA-Soft Vendor: Delta Electronics Product Version: Delta Electronics ASDA-Soft: <=V7.2.2.0 Product Status: known_affected Remediations Vendor fix Delta Electronics recommends users download and upgrade ASDA-Soft to v7.2.6.0 or later. If you have any product-related support concerns, contact Delta via the portal page at https://www.deltaww.com/en-US/service-support/contact-us?type=1 for any information or materials you may require. https://www.deltaww.com/en-US/service-support/contact-us?type=1 Mitigation Delta Electronics provides the following general recommendations: Do not click on untrusted internet links or open unsolicited attachments in emails. Avoid exposing control systems and equipment to the Internet. Place control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use a secure access method, such as a virtual private network (VPN). Mitigation For more information, see Delta Electronics advisory Delta-PCSA-2026-00007 athttps://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf Relevant CWE: CWE-121 Stack-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Acknowledgments Feng Xiong of TrendAI Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-04-16 Date Revision Summary 2026-04-16 1 Initial Publication Legal Notice and Terms of Use

0
Crypto users targeted in ‘elaborate’ scam using popular notes app

Elastic Security Labs says a multi-step social engineering scam is aimed at those in crypto and finance, using a community plugin feature on a note-taking app to spread malicious device-controlling software.

0
Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. [...]

0
Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. [...]

0
How the rewards app Freecash scammed its way to the top of the app stores

Freecash was removed from Apple's App Store after TechCrunch reached out for comment.

0
Fake Ledger Live app on Apple App Store drained $9.5M from victims: ZachXBT

A Fake Ledger Live app on Apple’s store is tied to $9.5 million in crypto thefts, as ZachXBT links over 50 victims’ funds to a KuCoin-linked mixer and questions Apple’s liability.

0
5 Ways Zero Trust Maximizes Identity Security

Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral movement. [...]

0
Stolen Rockstar Games analytics data leaked by extortion gang

Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. [...]

0
FBI takedown of W3LL phishing service leads to developer arrest

The FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. [...]

0
US President Trump faces renewed backlash as Trump-linked tokens crash

Democratic lawmakers and crypto investors characterized crypto projects launched by or tied to Trump as scams and political corruption.

0
Over 20,000 crypto fraud victims identified in international crackdown

An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]

0
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
0
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]

0
New VENOM phishing attacks steal senior executives' Microsoft logins

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

0
Google Chrome adds infostealer protection against session cookie theft

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]

0
When attackers already have the keys, MFA is just another door to open

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]

0
Contemporary Controls BASC 20T

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls. The following versions of Contemporary Controls BASC 20T are affected: BASControl20 3.1 (CVE-2025-13926) CVSS Vendor Equipment Vulnerabilities v3 9.8 Contemporary Controls Sedona Alliance Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2025-13926 An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. View CVE Details Affected Products Contemporary Controls BASC 20T Vendor: Contemporary Controls Sedona Alliance Product Version: Contemporary Controls Sedona Alliance BASControl20: 3.1 Product Status: known_affected Remediations Mitigation According to Contemporary Controls, the BASC-20T is an obsolete product. It is recommended that users of the affected product contact Contemporary Controls for additional information. https://www.ccontrols.com/support/contacttech.htm Relevant CWE: CWE-807 Reliance on Untrusted Inputs in a Security Decision Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments Joseph Fields of Naval Information Warfare Center Pacific reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-09 Date Revision Summary 2026-04-09 1 Initial Publication Legal Notice and Terms of Use

0
GPL Odorizers GPL750

View CSAF Summary Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line. The following versions of GPL Odorizers GPL750 are affected: GPL750 (XL4) >=v1.0| GPL750 (XL4 Prime) >=v4.0| GPL750 (XL7) >=v13.0| GPL750 (XL7 Prime) >=v18.4| CVSS Vendor Equipment Vulnerabilities v3 8.6 GPL Odorizers GPL Odorizers GPL750 Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-4436 A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line. View CVE Details Affected Products GPL Odorizers GPL750 Vendor: GPL Odorizers Product Version: GPL Odorizers GPL750 (XL4): >=v1.0|<v6.0, GPL Odorizers GPL750 (XL4 Prime): >=v4.0|<v6.0, GPL Odorizers GPL750 (XL7): >=v13.0|<v20.0, GPL Odorizers GPL750 (XL7 Prime): >=v18.4|<v20.0 Product Status: known_affected Remediations Mitigation GPL Odorizers recommends users update to the latest software version of the GPL750 in connection with the latest firmware from Horner Automation for the XL4, XL4 Prime, XL7, and XL7 Prime devices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm. https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm Mitigation GPL Odorizers recommends users clear the old files from their microSD cards, keeping only the LOGS folder and the FIRMWARE.LIC file if they have a WebMI license. The compressed folder downloaded from the link above can then be extracted to the root directory of the microSD card. These files already include the corresponding firmware update. If users do not have IT permissions to access their microSD cards, GPL Odorizers can provide preconfigured SD cards that technicians can simply swap into their odorizers prior to installation. Mitigation For assistance in updating GPL Odorizers to the latest version, users should reach out to GPL Odorizers directly via phone number (303) 697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST. Mitigation Horner Automation offers firmware version 15.76 for their XL Series and version 17.30 for their XL Prime Series controllers https://hornerautomation.com/controller-firmware/. An installation guide is available for both the XL series and the XL Prime series. https://hornerautomation.com/controller-firmware/ Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Acknowledgments An anonymous researcher reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-09 Date Revision Summary 2026-04-09 1 Initial Publication Legal Notice and Terms of Use

0
Fraud Rockets Higher in Mobile-First Latin America

Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.

0
Inside Operation Atlantic’s push to disrupt crypto scams in real time

Operation Atlantic is a cross-border law enforcement effort to detect and disrupt crypto scams in real time, targeting approval phishing before funds are fully drained.

0
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April 7, 2026 Executive Summary Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays, resulting in operational disruption and financial loss.  U.S. organizations should urgently review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) in this advisory for indications of current or historical activity on their networks, and apply the recommendations listed in the Mitigations section of this advisory to reduce the risk of compromise. Affected Products Rockwell Automation/Allen-Bradley manufactured PLCs Potentially other branded PLCs Key Actions Remove PLCs from direct internet exposure via secure gateway and firewall. Query available logs for the provided IOCs in the corresponding time frames. Check available logs for suspicious traffic on the ports associated with OT devices, including 44818, 2222, 102, and 502, especially traffic originating from overseas hosting providers. For Rockwell Automation devices, place the physical mode switch on the controller into run position. Contact the authoring agencies and Rockwell Automation for guidance if you believe your organization was targeted. Indicators of Compromise For a downloadable copy of IOCs, see: AA26-097A STIX XML (35KB) AA26-097A STIX JSON (12 KB)   Intended Audience Organizations: Critical Infrastructure Sectors: Government Services and Facilities, Water and Wastewater Systems (WWS), and Energy  Roles: Defensive cybersecurity analysts, OT cybersecurity engineers, cybersecurity architects, secure systems developer Introduction The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), and United States Cyber Command – Cyber National Mission Force (CNMF), hereafter referred to as the “authoring agencies,” are urgently warning U.S. organizations of ongoing cyber exploitation of internet-connected operational technology (OT) devices, including Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs), across multiple U.S. critical infrastructure sectors. As a result of this activity, organizations from multiple U.S. critical infrastructure sectors experienced disruptions through malicious interactions with the project files1 and the manipulation of data displayed on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays. In a few cases, this activity has resulted in operational disruption and financial loss.  Due to the widespread use of these PLCs and the potential for additional targeting of other branded OT devices across critical infrastructure, the authoring agencies recommend U.S. organizations urgently review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) in this advisory for indications of current or historical activity on their networks, and apply the recommendations listed in the Mitigations section to reduce the risk of compromise. The authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States. The group has targeted devices spanning multiple U.S. critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors. The authoring agencies previously reported on similar activity targeting PLCs by CyberAv3ngers (aka Shahid Kaveh Group)—a cyber threat actor affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC).  If owners and operators discover an affected internet-accessible device in their environment, additional technical measures may be necessary to evaluate the risk of compromise. Please contact the authoring agencies and applicable vendors through existing support channels available to customers and integrators (see Contact Information) to receive support, mitigation, and investigation assistance, and engage your cyber incident response plans. In addition to contacting the authoring agencies, organizations with Rockwell Automation/Allen-Bradley-manufactured PLCs should review the manufacturer’s previously issued guidance to strengthen the security of their operational technology deployments: PN1550 | CVE-2021-22681: Authentication Bypass Vulnerability Found in Logix Controllers, published in 2021, and SD1771 | Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats, published in 2026. Contact the Rockwell Automation Product Security Incident Response Team (PSIRT) at PSIRT@rockwellautomation.com for questions regarding this guidance, or to report cyber incidents related to Rockwell Automation products. For more information on Iranian malicious cyber activity, see CISA’s Iran Threat Overview and Advisories webpage and the FBI’s Iran Threat webpage. Download the PDF version of this report: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (PDF, 816.90 KB ) For a downloadable copy of IOCs, see: AA26-097A.stix_.xml (XML, 35.97 KB ) AA26-097A.stix_.json (JSON, 11.87 KB ) Background Information Similar Historical Activity Targeting Programmable Logic Controllers During a similar campaign beginning in November 2023, the IRGC CEC-affiliated cyber threat actors known as "CyberAv3ngers” targeted U.S.-based PLCs and HMIs, causing disruptive effects. Private industry and open sources also refer to this group as Hydro Kitten, Storm-0784, APT Iran, Bauxite, Mr. Soul, Soldiers of Solomon, UNC5691, and the Shahid Kaveh Group. These attacks compromised at least 75 devices, targeting U.S.-based Unitronics PLC devices with an HMI used across multiple critical infrastructure sectors, including WWS. For more information on this group’s activity, see the authoring agencies’ Joint Cybersecurity Advisory IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities. Ongoing Threat Actor Activity Against U.S.-Based Programmable Logic Controllers The FBI assesses a group of Iranian-affiliated APT actors are targeting internet-exposed PLCs with the intent to cause disruptions—including maliciously interacting with project files, and manipulating data displayed on HMI and SCADA displays—to U.S. critical infrastructure organizations. Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel.  Since at least March 2026, the authoring agencies identified (through engagements with victim organizations) an Iranian-affiliated APT-group that disrupted the function of PLCs. These PLCs were deployed across multiple U.S. critical infrastructure sectors (including Government Services and Facilities, WWS, and Energy sectors) within a wide variety of industrial automation processes. Some of the victims experienced operational disruption and financial loss. Technical Details Note: This advisory uses the MITRE ATT&CK® Matrix for Enterprise framework, version 18. See the MITRE ATT&CK Tactics and Techniques section of this advisory for tables of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. Initial Access The authoring agencies observed Iranian-affiliated APT actors using several overseas-based IP addresses to access internet-facing Rockwell Automation/Allen-Bradley-manufactured PLCs [T0883]. The actors used leased, third-party hosted infrastructure with configuration software, such as Rockwell Automation’s Studio 5000 Logix Designer software, to create an accepted connection to the victim’s PLC. Targeted devices include CompactLogix and Micro850 PLC devices.  Command and Control Inbound malicious traffic may be directed to devices on any of following ports: 44818, 2222, 102, 22, or 502. The targeting of ports [T0885] associated with other OT vendors’ protocols suggests these actors may also be targeting devices manufactured by companies other than Rockwell Automation/Allen-Bradley, including the Siemens S7 PLC. Additionally, the actors deployed Dropbear Secure Shell (SSH) software on victim endpoints to enable them to gain remote access through port 22 [T1219]. Impact The FBI identified that this activity resulted in the extraction of the device’s project file and data manipulation on HMI and SCADA displays [T1565]. Indicators of Compromise See Table 1 for recent IP addresses used by the Iranian-affiliated APT actors to communicate with Rockwell Automation/Allen-Bradley-manufactured devices (and potentially other branded OT devices) in the United States. Disclaimer: The FBI observed that the threat actors used the IP addresses listed below in the specified time frames. This data is being provided for customers to query against logs for indications of historical targeting by the Iranian-affiliated APT actors. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking. Table 1. Indicators of Compromise Indicator Beginning of Actor Association End of Actor Association 135.136.1[.]133 March 2026 March 2026 185.82.73[.]162 January 2025 March 2026 185.82.73[.]164 January 2025 March 2026 185.82.73[.]165 January 2025 March 2026 185.82.73[.]167 January 2025 March 2026 185.82.73[.]168 January 2025 March 2026 185.82.73[.]170 January 2025 March 2026 185.82.73[.]171 January 2025 March 2026 MITRE ATT&CK Tactics and Techniques See Table 2 to Table 4 for all referenced threat actor tactics and techniques in this advisory. The authoring agencies recommend organizations review historical TTPs for similar Iranian-affiliated cyber actor activity in IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool. Table 2. Initial Access Technique Title ID Use Internet Accessible Device T0883 The actors used Rockwell Automation’s programming software (such as Studio 5000 Logix Designer) to access and interact with publicly exposed, internet-accessible PLCs installed and deployed without sufficient network and/or hardening security controls.  Table 3. Impact Technique Title ID Use Stored Data Manipulation T1565 The actors maliciously interacted with project files and altered data displayed on HMI and SCADA displays Table 4. Command and Control Technique Title ID Use Commonly Used Port T0885 The actors used commonly used OT ports to communicate with PLCs. Remote Access Tools  T1219 The actors deployed Dropbear SSH software on victim endpoints to enable them to gain remote access through port 22. Mitigations The authoring agencies recommend organizations implement the mitigations below to improve your organization’s cybersecurity posture on the basis of the threat actors’ activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals 2.0 (CPGs 2.0) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPG 2.0 webpage for more information on the CPGs, including additional recommended baseline protections. Network Defenders The cyber threat actors accessed Rockwell Automation/Allen-Bradley-manufactured PLCs to cause disruptions to victim systems. To safeguard against this threat and threats to other types of PLCs, the authoring agencies urge organizations to consider the following mitigations. In addition, organizations with these PLCs should view Rockwell Automation’s guidance: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats. Immediate steps to prevent the attack: Disconnect the PLC from the public-facing internet [CPG 3.S]. Follow the joint guidance Secure connectivity principles for OT to safely allow remote access. Specifically, “remove inbound port exposure,” so the OT system is never directly exposed to the internet or external networks, and to ensure all access is mediated, monitored, and controlled. Do this through a secure gateway (jump host) that brokers the connection. Ensure cellular modems, used for remote field connectivity and access, are secured with strong authentication and updated. Enable logs for the connected modems to detect intrusion and improve incident response speed. For controllers with a physical mode switch, place the physical mode switch into run position to prevent remote modification. Devices should only be in the program or remote position when updating or downloading software online and immediately switched back to the run position when complete. (See Rockwell’s2 System Security Design Guidelines for manufacturer’s instructions.) For devices that allow for software key switching, enable programming protection in PLC configuration software (S7 Totally Integrated Automation [TIA] Portal) to limit who can modify PLCs remotely. (See Siemens’ Cybersecurity for Industry Operational Guidelines for the manufacturer’s instructions.) Create and test strong backups of the logic and configurations of PLCs. Store backup files offline and secure the physical removal media to enable fast recovery. Follow-up steps to strengthen security posture: Implement multifactor authentication (MFA) [CPG 3.F] for access to the OT network from an external network. If remote access is required, implement a network proxy, gateway, firewall, and/or virtual private network (VPN) in front of the PLC to control network access. A VPN or gateway device can enable MFA for remote access even if the PLC does not support MFA. Implement security rules on these higher-level network security mechanisms that prevent the type of repeated and sustained login attempts that would be seen during a brute force attack. When possible, implement a device control list for workstations sending messages or connecting to OT components. Use the device control list to monitor for logon activity for unexpected or unusual access to devices from the internet. Keep PLC devices updated with the latest software patches by the manufacturer. Use established downtime windows to install patches. Known Exploited Vulnerabilities may need to be prioritized outside a downtime window. Configure external and internal firewalls to block traffic using common ports associated with network protocols that are unnecessary for the particular network segment. Disable any unused authentication methods, logic, or features, such as default authentication keys, as well as unused or needed services such as Teletype Network (Telnet), File Transfer Protocol (FTP), Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and web services. Monitor asset management systems for device configuration changes, which can be used to understand expected parameter settings. Monitor the content of network traffic for the following: Unusual logins to internet-connected devices or unexpected protocols to/from the internet. Functions of industrial control systems (ICS) management protocols that change an asset’s operating mode or modify programs. In addition, the authoring agencies recommend network defenders apply the following mitigations to limit potential adversarial use of common system and network discovery techniques, as well as reduce the impact and risk of compromise by cyber threat actors: Reduce risk exposure. CISA offers a range of services at no cost, including scanning and testing, to help organizations reduce exposure to threats via mitigating attack vectors. CISA’s Cyber Hygiene Services can help provide additional review of organizations’ internet accessible assets.  Device Manufacturers Note: The following guidance is general in nature and not specific to any OT vendor. Some of the features, settings, and practices may already be offered by certain vendors. The inclusion of this guidance should not be interpreted as an assertion that vendors referenced in this product do not offer such security features. Although critical infrastructure organizations using PLC devices can take steps to mitigate the risks, it is ultimately the responsibility of the device manufacturer to build products that are secure by design and default. The authoring agencies urge device manufacturers to take ownership of their customers’ security outcomes by following the principles in the joint guide Secure by Demand: Priority Considerations for OT Owners and Operators when Selecting Digital Products, primarily: Change the manufacturers’ default settings to prevent exposing administrative interfaces to the internet. Do not charge additional fees for basic security features needed to operate the product securely. Support MFA, including via phishing-resistant methods. By using secure by design tactics, software manufacturers can make product lines secure “out of the box” without requiring customers to spend additional resources making configuration changes, purchasing tiered security software and logs, monitoring, and making routine updates. For more information on common misconfigurations and guidance on reducing their prevalence, see joint advisory NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. For more information on secure by design, see CISA’s Secure by Design webpage and joint guide. Validate Security Controls In addition to applying mitigations, the authoring agencies recommend exercising, testing, and validating your organization's security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. The authoring agencies recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory. To get started: Select an ATT&CK technique described in this advisory (see Table 2 to Table 4). Align your security technologies against the technique. Test your technologies against the technique. Analyze your detection and prevention technologies’ performance. Repeat the process for all security technologies to obtain a set of comprehensive performance data. Tune your security program, including people, processes, and technologies, based on the data generated by this process. The authoring agencies recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory. Resources Authoring Agencies: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities CISA: Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers EPA: Cybersecurity for the Water Sector CISA: Water and Wastewater Systems Sector CISA Alert: Exploitation of Unitronics PLCs used in Water and Wastewater Systems CISA: Iran Threat Overview and Advisories FBI: The Iran Threat CISA, MITRE: Best Practices for MITRE ATT&CK Mapping CISA: Decider Tool CISA: Cross-Sector Cybersecurity Performance Goals 2.0 CISA: No-Cost Cybersecurity Services and Tools CISA: Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products NSA, CISA: NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations CISA: Secure by Design FBI: Primary Mitigations to Reduce Cyber Threats to Operational Technology United Kingdom National Cyber Security Center: Secure connectivity principles for operational technology (OT) Contact Information U.S. organizations are encouraged to report suspicious or criminal activity related to information in this advisory to CISA, FBI, and/or NSA: Contact CISA via CISA’s 24/7 Operations Center at contact@cisa.dhs.gov or 1-844-Say-CISA (1-844-729-2472) or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For NSA cybersecurity guidance inquiries, contact CybersecurityReports@nsa.gov. Entities required to report incidents to DOE should follow established reporting requirements, as appropriate. For other energy sector inquiries, contact EnergySRMA@hq.doe.gov. Contact the Rockwell Automation PSIRT for questions regarding their guidance or for reporting cyber incidents related to Rockwell Automation at PSIRT@rockwellautomation.com. Disclaimer The information in this report is being provided “as is” for informational purposes only. The authoring agencies do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the authoring agencies. Version History April 7, 2026: Initial version. Notes 1Project file refers to the software file that contains ladder logic and configuration settings. On Rockwell Automation devices, it is referred to as an .ACD file. 2 See CompactLogix 5370 Controllers (Chapter 5: "Select the Operating Mode of the Controller") for more information on functions available for the switch.

0
Drift $280M crypto theft linked to 6-month in-person operation

The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]

0
Traffic violation scams switch to QR codes in new phishing texts

Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]

0
Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]

0
Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]

0
Cambodian lawmakers propose severe prison time for crypto scammers

The draft bill, yet to be signed into law by the king, marked a significant policy change for Cambodia officials in addressing scam centers.

0
Hims & Hers warns of data breach after Zendesk support ticket breach

Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]

0
Die Linke German political party confirms data stolen by Qilin ransomware

The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]

0
Europe’s cyber agency blames hacking gangs for massive data breach and leak

CERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online.

0
Evolution of Ransomware: Multi-Extortion Ransomware Attacks

Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...]

0
X mulls new rules for first-time crypto posts amid tortoise scam

An executive said the social media platform could lock accounts mentioning crypto for the first time and require verification after a scammer faked reports of a tortoise's death.

0
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime

Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]

0
Yokogawa CENTUM VP

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. The following versions of Yokogawa CENTUM VP are affected: CENTUM VP >=R5.01.00| CENTUM VP >=R6.01.00| CENTUM VP vR7.01.00 (CVE-2025-7741) CVSS Vendor Equipment Vulnerabilities v3 4 Yokogawa Yokogawa CENTUM VP Use of Hard-coded Password Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2025-7741 Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker logs in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. If the PROG user's permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. Additionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. View CVE Details Affected Products Yokogawa CENTUM VP Vendor: Yokogawa Product Version: Yokogawa CENTUM VP: >=R5.01.00|<R5.04.20, Yokogawa CENTUM VP: >=R6.01.00|<R6.12.00, Yokogawa CENTUM VP: vR7.01.00 Product Status: known_affected Remediations Mitigation Yokogawa recommends users applying the following mitigations to affected versions: Vendor fix CENTUM VP R5.01.00 to R5.04.20: Change the user authentication mode to Windows Authentication Mode. Vendor fix CENTUM VP R6.01.00 to R6.12.00: Change the user authentication mode to Windows Authentication Mode. Vendor fix CENTUM VP R7.01.00: Apply patch software R7.01.10. Mitigation NOTE:Changing to Windows Authentication Mode requires engineering work. If users wish to make this change, please contact Yokogawa directly https://contact.yokogawa.com/cs/gw?c-id=000498. https://contact.yokogawa.com/cs/gw?c-id=000498 Mitigation For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0003 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0003-E.pdf https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0003-E.pdf Relevant CWE: CWE-259 Use of Hard-coded Password Metrics CVSS Version Base Score Base Severity Vector String 3.1 4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Acknowledgments Yokogawa reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity. Revision History Initial Release Date: 2026-04-02 Date Revision Summary 2026-04-02 1 Initial Republication of YSAR-26-0003 Legal Notice and Terms of Use

0
New CrystalRAT malware adds RAT, stealer and prankware features

A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. [...]

0
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

0
PX4 Autopilot

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. The following versions of PX4 Autopilot are affected: Autopilot v1.16.0_SITL_latest_stable (CVE-2026-1579) CVSS Vendor Equipment Vulnerabilities v3 9.8 PX4 PX4 Autopilot Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Transportation Systems, Emergency Services, Defense Industrial Base Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-1579 The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level. View CVE Details Affected Products PX4 Autopilot Vendor: PX4 Product Version: PX4 Autopilot: v1.16.0_SITL_latest_stable Product Status: known_affected Remediations Mitigation PX4 recommends enabling MAVLink 2.0 message signing as the authentication mechanism for all non‑USB communication links. PX4 has published a security hardening guide for integrators and manufacturers at https://docs.px4.io/main/en/mavlink/security_hardening. https://docs.px4.io/main/en/mavlink/security_hardening Mitigation Message signing configuration documentation can be found at https://docs.px4.io/main/en/mavlink/message_signing. https://docs.px4.io/main/en/mavlink/message_signing Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments Dolev Aviv of Cyviation reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-31 Date Revision Summary 2026-03-31 1 Initial Publication Legal Notice and Terms of Use

0
OpenCode Systems OC Messaging and USSD Gateway

View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. The following versions of OpenCode Systems OC Messaging and USSD Gateway are affected: OC Messaging 6.32.2 (CVE-2025-70614) USSD Gateway 6.32.2 (CVE-2025-70614) CVSS Vendor Equipment Vulnerabilities v3 8.1 OpenCode Systems OpenCode Systems OC Messaging and USSD Gateway Improper Access Control Background Critical Infrastructure Sectors: Communications Countries/Areas Deployed: Worldwide Company Headquarters Location: Bulgaria Vulnerabilities Expand All + CVE-2025-70614 OpenCode Systems Custom Messaging Gateway 6.32.2 contains a web access vulnerability allowing one authenticated user to gain access to another authenticated user's messages via a crafted identifier parameter. View CVE Details Affected Products OpenCode Systems OC Messaging and USSD Gateway Vendor: OpenCode Systems Product Version: OpenCode Systems OC Messaging: 6.32.2, OpenCode Systems USSD Gateway: 6.32.2 Product Status: known_affected Remediations Mitigation The vulnerability was identified by OpenCode Systems on January 5, 2026 and remediated on January 6, 2026 with the release of version 6.33.11. Mitigation For more information, contact OpenCode: https://opencode.com/about/contact-us https://opencode.com/about/contact-us Relevant CWE: CWE-284 Improper Access Control Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Acknowledgments Hussein Amer reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-26 Date Revision Summary 2026-03-26 1 Initial Publication Legal Notice and Terms of Use

0
WAGO GmbH & Co. KG Industrial Managed Switches

View CSAF Summary An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. The following versions of WAGO GmbH & Co. KG Industrial Managed Switches are affected: WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1812 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1813 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.3.S0 WAGO_Hardware_852-1813/000-001 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1816 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.8.S0 WAGO_Hardware_852-303 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1305 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1305/000-001 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1505/000-001 (CVE-2026-3587) WAGO Firmware versions prior to V1.1.9.S0 WAGO_Hardware_852-1505 (CVE-2026-3587) WAGO Firmware versions prior to V1.0.6.S0 WAGO_Hardware_852-602 (CVE-2026-3587) WAGO Firmware versions prior to V1.0.6.S0 WAGO_Hardware_852-603 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.5.S0 WAGO_Hardware_852-1605 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1812/010-000 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1813/010-000 (CVE-2026-3587) WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1816/010-000 (CVE-2026-3587) WAGO Firmware version V1.0.6.S0 WAGO_Hardware_852-602 (CVE-2026-3587) WAGO Firmware version V1.0.6.S0 WAGO_Hardware_852-603 (CVE-2026-3587) WAGO Firmware version V1.1.9.S0 WAGO_Hardware_852-1505 (CVE-2026-3587) WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1305 (CVE-2026-3587) WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1305/000-001 (CVE-2026-3587) WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1505/000-001 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1812 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1816 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1812/010-000 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813/010-000 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1816/010-000 (CVE-2026-3587) WAGO Firmware version V1.2.3.S0 WAGO_Hardware_852-1813/000-001 (CVE-2026-3587) WAGO Firmware version V1.2.5.S0 WAGO_Hardware_852-1605 (CVE-2026-3587) WAGO Firmware version V1.2.8.S0 WAGO_Hardware_852-303 (CVE-2026-3587) WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813/010-001 (CVE-2026-3587) WAGO Firmware version V1.2.1.S1 WAGO_Hardware_852-1813/010-001 (CVE-2026-3587) CVSS Vendor Equipment Vulnerabilities v3 10 WAGO WAGO GmbH & Co. KG Industrial Managed Switches Hidden Functionality Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-3587 An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. View CVE Details Affected Products WAGO GmbH & Co. KG Industrial Managed Switches Vendor: WAGO Product Version: WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1812, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1813, WAGO WAGO Firmware versions prior to V1.2.3.S0: WAGO_Hardware_852-1813/000-001, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1816, WAGO WAGO Firmware versions prior to V1.2.8.S0: WAGO_Hardware_852-303, WAGO WAGO Firmware versions prior to V1.2.0.S0: WAGO_Hardware_852-1305, WAGO WAGO Firmware versions prior to V1.2.0.S0: WAGO_Hardware_852-1305/000-001, WAGO WAGO Firmware versions prior to V1.2.0.S0: WAGO_Hardware_852-1505/000-001, WAGO WAGO Firmware versions prior to V1.1.9.S0: WAGO_Hardware_852-1505, WAGO WAGO Firmware versions prior to V1.0.6.S0: WAGO_Hardware_852-602, WAGO WAGO Firmware versions prior to V1.0.6.S0: WAGO_Hardware_852-603, WAGO WAGO Firmware versions prior to V1.2.5.S0: WAGO_Hardware_852-1605, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1812/010-000, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1813/010-000, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1816/010-000, WAGO WAGO Firmware version V1.0.6.S0: WAGO_Hardware_852-602, WAGO WAGO Firmware version V1.0.6.S0: WAGO_Hardware_852-603, WAGO WAGO Firmware version V1.1.9.S0: WAGO_Hardware_852-1505, WAGO WAGO Firmware version V1.2.0.S0: WAGO_Hardware_852-1305, WAGO WAGO Firmware version V1.2.0.S0: WAGO_Hardware_852-1305/000-001, WAGO WAGO Firmware version V1.2.0.S0: WAGO_Hardware_852-1505/000-001, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1812, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1813, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1816, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1812/010-000, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1813/010-000, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1816/010-000, WAGO WAGO Firmware version V1.2.3.S0: WAGO_Hardware_852-1813/000-001, WAGO WAGO Firmware version V1.2.5.S0: WAGO_Hardware_852-1605, WAGO WAGO Firmware version V1.2.8.S0: WAGO_Hardware_852-303, WAGO WAGO Firmware version V1.2.1.S0: WAGO_Hardware_852-1813/010-001, WAGO WAGO Firmware version V1.2.1.S1: WAGO_Hardware_852-1813/010-001 Product Status: known_affected Remediations Mitigation WAGO has identified the following specific workarounds and mitigations users can apply to reduce risk: Product Group: WAGO Firmware installed on WAGO Hardware 852-1812, WAGO Firmware installed on WAGO Hardware 852-1813, WAGO Firmware installed on WAGO Hardware 852-1813/000-001, WAGO Firmware installed on WAGO Hardware 852-1816, WAGO Firmware installed on WAGO Hardware 852-303, WAGO Firmware installed on WAGO Hardware 852-1305, WAGO Firmware installed on WAGO Hardware 852-1305/000-001, WAGO Firmware installed on WAGO Hardware 852-1505/000-001, WAGO Firmware installed on WAGO Hardware 852-1505, WAGO Firmware installed on WAGO Hardware 852-602, WAGO Firmware installed on WAGO Hardware 852-603, WAGO Firmware installed on WAGO Hardware 852-1605, WAGO Firmware installed on WAGO Hardware 852-1812/010-000, WAGO Firmware installed on WAGO Hardware 852-1813/010-000, WAGO Firmware installed on WAGO Hardware 852-1816/010-000, WAGO Firmware installed on WAGO Hardware 852-602, WAGO Firmware installed on WAGO Hardware 852-603, WAGO Firmware installed on WAGO Hardware 852-1505, WAGO Firmware installed on WAGO Hardware 852-1305, WAGO Firmware installed on WAGO Hardware 852-1305/000-001, WAGO Firmware installed on WAGO Hardware 852-1505/000-001, WAGO Firmware installed on WAGO Hardware 852-1812, WAGO Firmware installed on WAGO Hardware 852-1813, WAGO Firmware installed on WAGO Hardware 852-1816, WAGO Firmware installed on WAGO Hardware 852-1812/010-000, WAGO Firmware installed on WAGO Hardware 852-1813/010-000, WAGO Firmware installed on WAGO Hardware 852-1816/010-000, WAGO Firmware installed on WAGO Hardware 852-1813/000-001, WAGO Firmware installed on WAGO Hardware 852-1605, WAGO Firmware installed on WAGO Hardware 852-303, WAGO Firmware installed on WAGO Hardware 852-1813/010-001, WAGO Firmware installed on WAGO Hardware 852-1813/010-001): Please update your devices to the specified fixed Firmware version. Mitigation Lean Managed Switch 852-1812, Lean Managed Switch 852-1813, Lean Managed Switch 852-1813/000-001, Lean Managed Switch 852-1816, Lean Managed Switch 852-1812/010-000, Lean Managed Switch 852-1813/010-000, Lean Managed Switch 852-1816/010-000, Lean Managed Switch 852-1813/010-001: To eliminate the attack vector deactivate ssh and telnet on the device. Mitigation Industrial Managed Switch 852-303, Industrial Managed Switch 852-1305, Industrial Managed Switch 852-1305/000-001, Industrial Managed Switch 852-1505/000-001, Industrial Managed Switch 852-1505, Industrial Managed Switch 852-602, Industrial Managed Switch 852-603, Industrial Managed Switch 852-1605: To reduce the attack vector deactivate ssh and telnet on the devices. This ensures that the CLI is only accessible locally via RS232. Mitigation The following product versions have been fixed: Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1812 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1813 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.3.S1 installed on Lean Managed Switch 852-1813/000-001 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1816 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.8.S1 installed on Industrial Managed Switch 852-303 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.0.S1 installed on Industrial Managed Switch 852-1305 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.0.S1 installed on Industrial Managed Switch 852-1305/000-001 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.0.S1 installed on Industrial Managed Switch 852-1505/000-001 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.1.9.S1 installed on Industrial Managed Switch 852-1505 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.0.6.S1 installed on Industrial Managed Switch 852-602 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.0.6.S1 installed on Industrial Managed Switch 852-603 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.5.S1 installed on Industrial Managed Switch 852-1605 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1812/010-000 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1813/010-000 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1816/010-000 are fixed versions for CVE-2026-3587 Mitigation Firmware V1.2.1.S1 installed on Lean Managed Switch 852-1813/010-001 are fixed versions for CVE-2026-3587 Mitigation For more information see the associated WAGO GmbH & Co. KG security advisory VDE-2026-020 WAGO PSIRT: https://www.wago.com/de-en/automation-technology/psirt. VDE-2026-020: WAGO: Vulnerability in managed switches - HTML: https://certvde.com/en/advisories/VDE-2026-020. VDE-2026-020: WAGO: Vulnerability in managed switches - CSAF: https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json. https://www.wago.com/de-en/automation-technology/psirt Mitigation For more information see the associated WAGO GmbH & Co. KG security advisory VDE-2026-020 WAGO PSIRT: https://www.wago.com/de-en/automation-technology/psirt. VDE-2026-020: WAGO: Vulnerability in managed switches - HTML: https://certvde.com/en/advisories/VDE-2026-020. VDE-2026-020: WAGO: Vulnerability in managed switches - CSAF: https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json. https://certvde.com/en/advisories/VDE-2026-020 Mitigation For more information see the associated WAGO GmbH & Co. KG security advisory VDE-2026-020 WAGO PSIRT: https://www.wago.com/de-en/automation-technology/psirt. VDE-2026-020: WAGO: Vulnerability in managed switches - HTML: https://certvde.com/en/advisories/VDE-2026-020. VDE-2026-020: WAGO: Vulnerability in managed switches - CSAF: https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json. https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json Relevant CWE: CWE-912 Hidden Functionality Metrics CVSS Version Base Score Base Severity Vector String 3.1 10 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Acknowledgments CERT@VDE coordination reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-26 Date Revision Summary 2026-03-26 1 Initial Republication of WAGO GmbH & Co. KG VDE-2026-020 Legal Notice and Terms of Use

0
PTC Windchill Product Lifecycle Management

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. The following versions of PTC Windchill Product Lifecycle Management are affected: Windchill PDMLink 11.0_M030 (CVE-2026-4681) Windchill PDMLink 11.1_M020 (CVE-2026-4681) Windchill PDMLink 11.2.1.0 (CVE-2026-4681) Windchill PDMLink 12.0.2.0 (CVE-2026-4681) Windchill PDMLink 12.1.2.0 (CVE-2026-4681) Windchill PDMLink 13.0.2.0 (CVE-2026-4681) Windchill PDMLink 13.1.0.0 (CVE-2026-4681) Windchill PDMLink 13.1.1.0 (CVE-2026-4681) Windchill PDMLink 13.1.2.0 (CVE-2026-4681) Windchill PDMLink 13.1.3.0 (CVE-2026-4681) FlexPLM 11.0_M030 (CVE-2026-4681) FlexPLM 11.1_M020 (CVE-2026-4681) FlexPLM 11.2.1.0 (CVE-2026-4681) FlexPLM 12.0.0.0 (CVE-2026-4681) FlexPLM 12.0.2.0 (CVE-2026-4681) FlexPLM 12.0.3.0 (CVE-2026-4681) FlexPLM 12.1.2.0 (CVE-2026-4681) FlexPLM 12.1.3.0 (CVE-2026-4681) FlexPLM 13.0.2.0 (CVE-2026-4681) FlexPLM 13.0.3.0 (CVE-2026-4681) CVSS Vendor Equipment Vulnerabilities v3 10 PTC PTC Windchill Product Lifecycle Management Improper Control of Generation of Code ('Code Injection') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-4681 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0. View CVE Details Affected Products PTC Windchill Product Lifecycle Management Vendor: PTC Product Version: PTC Windchill PDMLink: 11.0_M030, PTC Windchill PDMLink: 11.1_M020, PTC Windchill PDMLink: 11.2.1.0, PTC Windchill PDMLink: 12.0.2.0, PTC Windchill PDMLink: 12.1.2.0, PTC Windchill PDMLink: 13.0.2.0, PTC Windchill PDMLink: 13.1.0.0, PTC Windchill PDMLink: 13.1.1.0, PTC Windchill PDMLink: 13.1.2.0, PTC Windchill PDMLink: 13.1.3.0, PTC FlexPLM: 11.0_M030, PTC FlexPLM: 11.1_M020, PTC FlexPLM: 11.2.1.0, PTC FlexPLM: 12.0.0.0, PTC FlexPLM: 12.0.2.0, PTC FlexPLM: 12.0.3.0, PTC FlexPLM: 12.1.2.0, PTC FlexPLM: 12.1.3.0, PTC FlexPLM: 13.0.2.0, PTC FlexPLM: 13.0.3.0 Product Status: known_affected Remediations Mitigation PTC is aware of the issue and is actively developing a fix. In the meantime, PTC recommends applying the recommended workaround. Until official patches are available, customers must take urgent steps to safeguard their environments. Specifically: Protect any publicly accessible Windchill systems Vendor fix While publicly accessible Windchill and FlexPLM systems are at higher risk and require immediate attention, PTC strongly recommends applying the mitigation steps to all deployments, regardless of Internet exposure Vendor fix Apply the same precautions to FlexPLM deployments Vendor fix The following Apache and IIS HTTP Server configuration update should be IMMEDIATELY applied to every Windchill or FlexPLM system: Customers using Apache HTTP Server should only follow "Apache HTTP Server Configuration – Workaround Steps" section steps Mitigation Customers using Microsoft IIS should only follow "IIS Configuration - Workaround Steps" section steps Mitigation Please explicitly note that the same mitigation steps must also be applied on File Server / Replica Server configurations where applicable Mitigation For Windchill releases prior to 11.0 M030, workarounds may need to be altered to apply to unsupported previous releases Mitigation For Apache HTTP Server and IIS configuration workaround steps, please refer to the official advisory at:https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability. https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability Mitigation If immediate remediation is not feasible, additional guidance and remediation options are available:https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability. https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability Relevant CWE: CWE-94 Improper Control of Generation of Code ('Code Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 10 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Acknowledgments An anonymous source reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-26 Date Revision Summary 2026-03-26 1 Initial Republication of PTC's CS466318 Legal Notice and Terms of Use

0
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles.

0
Grassroots DICOM (GDCM)

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. The following versions of Grassroots DICOM (GDCM) are affected: Grassroots DICOM (GDCM) 3.2.2 (CVE-2026-3650) CVSS Vendor Equipment Vulnerabilities v3 7.5 Grassroots Grassroots DICOM (GDCM) Missing Release of Memory after Effective Lifetime Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-3650 A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it. View CVE Details Affected Products Grassroots DICOM (GDCM) Vendor: Grassroots Product Version: Grassroots Grassroots DICOM (GDCM): 3.2.2 Product Status: known_affected Remediations Mitigation The maintainer of Grassroots DICOM (GDCM) has not responded to requests to work with CISA to mitigate this vulnerability. For update information refer to the software page on SourceForge. Mitigation https://sourceforge.net/projects/gdcm/. https://sourceforge.net/projects/gdcm/ Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Acknowledgments Volodymyr Bihunenko, Mykyta Mudryi, and Markiian Chaklosh of ARIMLABS reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-24 Date Revision Summary 2026-03-24 1 Initial Publication. Legal Notice and Terms of Use

0
Pharos Controls Mosaic Show Controller

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. The following versions of Pharos Controls Mosaic Show Controller are affected: Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417) CVSS Vendor Equipment Vulnerabilities v3 9.8 Pharos Controls Pharos Controls Mosaic Show Controller Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: United Kingdom Vulnerabilities Expand All + CVE-2026-2417 A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. View CVE Details Affected Products Pharos Controls Mosaic Show Controller Vendor: Pharos Controls Product Version: Pharos Controls Mosaic Show Controller Firmware: 2.15.3 Product Status: known_affected Remediations Mitigation Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later. Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Acknowledgments James Tully reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-24 Date Revision Summary 2026-03-24 1 Initial Publication Legal Notice and Terms of Use

0
Schneider Electric Plant iT/Brewmaxx

View CSAF Summary Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution. The following versions of Schneider Electric Plant iT/Brewmaxx are affected: Plant iT/Brewmaxx 9.60_and_above (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819) CVSS Vendor Equipment Vulnerabilities v3 9.9 Schneider Electric Schneider Electric Plant iT/Brewmaxx Use After Free, Integer Overflow or Wraparound, Improper Control of Generation of Code ('Code Injection') Background Critical Infrastructure Sectors: Energy, Critical Manufacturing, Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2025-49844 The affected product uses Redis, an open-source, in-memory database. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution. View CVE Details Affected Products Schneider Electric Plant iT/Brewmaxx Vendor: Schneider Electric Product Version: Schneider Electric Plant iT/Brewmaxx: 9.60_and_above Product Status: known_affected Remediations Mitigation Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploit: Mitigation Install Patch ProLeiT-2025-001 via ProLeiT Support https://www.proleit.com/support/ Mitigation After installing ProLeiT-2025-001, disable the eval commands in Redis on the application server, VisuHub, engineering workstations, and workstations with emergency mode functionality Mitigation Force usage of secure Redis configuration templates in system settings as documented in the patch manual Mitigation Restart all patched servers and workstations Mitigation Schneider Electric strongly recommends the following industry cybersecurity best practices. Mitigation Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Mitigation Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. Mitigation Place all controllers in locked cabinets and never leave them in the "Program" mode. Mitigation Never connect programming software to any network other than the network intended for that device. Mitigation Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. Mitigation Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. Mitigation Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. Mitigation When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. Mitigation For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. https://www.se.com/us/en/download/document/7EN52-0390/ Vendor fix For more information, see Schneider Electric security notification "SEVD-2026-013-01 Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx" https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-01.pdf Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2025-46817 The affected product uses Redis, an open-source, in-memory database. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution View CVE Details Affected Products Schneider Electric Plant iT/Brewmaxx Vendor: Schneider Electric Product Version: Schneider Electric Plant iT/Brewmaxx: 9.60_and_above Product Status: known_affected Remediations Mitigation Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploit: Mitigation Install Patch ProLeiT-2025-001 via ProLeiT Support https://www.proleit.com/support/ Mitigation After installing ProLeiT-2025-001, disable the eval commands in Redis on the application server, VisuHub, engineering workstations, and workstations with emergency mode functionality Mitigation Force usage of secure Redis configuration templates in system settings as documented in the patch manual Mitigation Restart all patched servers and workstations Mitigation Schneider Electric strongly recommends the following industry cybersecurity best practices. Mitigation Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Mitigation Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. Mitigation Place all controllers in locked cabinets and never leave them in the "Program" mode. Mitigation Never connect programming software to any network other than the network intended for that device. Mitigation Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. Mitigation Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. Mitigation Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. Mitigation When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. Mitigation For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. https://www.se.com/us/en/download/document/7EN52-0390/ Vendor fix For more information, see Schneider Electric security notification "SEVD-2026-013-01 Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx" https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-01.pdf Relevant CWE: CWE-190 Integer Overflow or Wraparound Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-46818 The affected product uses Redis, an open-source, in-memory database. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. View CVE Details Affected Products Schneider Electric Plant iT/Brewmaxx Vendor: Schneider Electric Product Version: Schneider Electric Plant iT/Brewmaxx: 9.60_and_above Product Status: known_affected Remediations Mitigation Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploit: Mitigation Install Patch ProLeiT-2025-001 via ProLeiT Support https://www.proleit.com/support/ Mitigation After installing ProLeiT-2025-001, disable the eval commands in Redis on the application server, VisuHub, engineering workstations, and workstations with emergency mode functionality Mitigation Force usage of secure Redis configuration templates in system settings as documented in the patch manual Mitigation Restart all patched servers and workstations Mitigation Schneider Electric strongly recommends the following industry cybersecurity best practices. Mitigation Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Mitigation Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. Mitigation Place all controllers in locked cabinets and never leave them in the "Program" mode. Mitigation Never connect programming software to any network other than the network intended for that device. Mitigation Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. Mitigation Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. Mitigation Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. Mitigation When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. Mitigation For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. https://www.se.com/us/en/download/document/7EN52-0390/ Vendor fix For more information, see Schneider Electric security notification "SEVD-2026-013-01 Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx" https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-01.pdf Relevant CWE: CWE-94 Improper Control of Generation of Code ('Code Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2025-46819 The affected product uses Redis, an open-source, in-memory database. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. View CVE Details Affected Products Schneider Electric Plant iT/Brewmaxx Vendor: Schneider Electric Product Version: Schneider Electric Plant iT/Brewmaxx: 9.60_and_above Product Status: known_affected Remediations Mitigation Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploit: Mitigation Install Patch ProLeiT-2025-001 via ProLeiT Support https://www.proleit.com/support/ Mitigation After installing ProLeiT-2025-001, disable the eval commands in Redis on the application server, VisuHub, engineering workstations, and workstations with emergency mode functionality Mitigation Force usage of secure Redis configuration templates in system settings as documented in the patch manual Mitigation Restart all patched servers and workstations Mitigation Schneider Electric strongly recommends the following industry cybersecurity best practices. Mitigation Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Mitigation Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. Mitigation Place all controllers in locked cabinets and never leave them in the "Program" mode. Mitigation Never connect programming software to any network other than the network intended for that device. Mitigation Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. Mitigation Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. Mitigation Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. Mitigation When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. Mitigation For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. https://www.se.com/us/en/download/document/7EN52-0390/ Vendor fix For more information, see Schneider Electric security notification "SEVD-2026-013-01 Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx" https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-01.pdf Relevant CWE: CWE-190 Integer Overflow or Wraparound Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H Acknowledgments Schneider Electric reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-24 Date Revision Summary 2026-03-24 1 Initial Republication of SEVD-2026-013-01 Legal Notice and Terms of Use

0
‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.

0
Russian Intelligence Services Target Commercial Messaging Application Accounts

CISA and the Federal Bureau of Investigation released a Public Service Announcement (PSA) warning about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services targeting commercial messaging applications (CMAs). These campaigns aim to bypass encryption to compromise to individual user accounts with targets including current and former U.S. government officials, military personnel, political figures, and journalists.   Evidence shows that cyber actors have been able to compromise individual CMA accounts, but not encryption of the applications themselves. The actors’ global campaigns have resulted in unauthorized access to thousands of individual CMA accounts to view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts.   CISA and FBI urge CMA users to review the PSA, follow recommended cybersecurity practices, and remain vigilant for suspicious activity.

0
Schneider Electric Modicon M241, M251, and M262

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. The following versions of Schneider Electric Modicon M241, M251, and M262 are affected: Modicon M241 versions prior to 5.4.13.12 Modicon_Controller_M241 Modicon M251 versions prior to 5.4.13.12 Modicon_Controller_M251 Modicon M262 versions prior to 5.4.10.12 Modicon_Controller_M262 CVSS Vendor Equipment Vulnerabilities v3 5.3 Schneider Electric Schneider Electric Modicon M241, M251, and M262 Improper Resource Shutdown or Release Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2025-13901 CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. View CVE Details Affected Products Schneider Electric Modicon M241, M251, and M262 Vendor: Schneider Electric Product Version: Schneider Electric Modicon M241 versions prior to 5.4.13.12: Modicon_Controller_M241, Schneider Electric Modicon M251 versions prior to 5.4.13.12: Modicon_Controller_M251, Schneider Electric Modicon M262 versions prior to 5.4.10.12: Modicon_Controller_M262 Product Status: known_affected Remediations Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/ Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. https://www.se.com/ww/en/download/document/EIO0000005500/ Mitigation Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M251 to the latest Firmware and perform reboot. For instructions refer to Modicon M251 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/ Mitigation Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M251 to the latest Firmware and perform reboot. For instructions refer to Modicon M251 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. https://www.se.com/ww/en/download/document/EIO0000005500/ Mitigation Modicon Controller M262 Firmware version 5.4.10.12 delivered with EcoStruxure™ Machine Expert v2.5 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M262 to the latest Firmware and perform reboot. For instructions refer to Modicon M262 Logic/Motion Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/ Mitigation Modicon Controller M262 Firmware version 5.4.10.12 delivered with EcoStruxure™ Machine Expert v2.5 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M262 to the latest Firmware and perform reboot. For instructions refer to Modicon M262 Logic/Motion Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. https://www.se.com/ww/en/download/document/EIO0000005500/ Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-01 Improper Resource Shutdown or Release vulnerability in Multiple Products - SEVD-2026-069-01 PDF Version: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-01.pdf. Improper Resource Shutdown or Release vulnerability in Multiple Products - SEVD-2026-069-01 CSAF Version: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-069-01.json. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-01.pdf Mitigation All affected products: If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. Filter ports and IP through the embedded firewall. Use encrypted communication links. Use VPN (Virtual Private Networks) tunnels if remote access is required. The "Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment" provide product specific hardening guidelines: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242 Relevant CWE: CWE-404 Improper Resource Shutdown or Release Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Acknowledgments Amir Zaltzman of Claroty Team82 reported this vulnerability to Schneider Electric Schneider Electric reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-19 Date Revision Summary 2026-03-19 1 Initial Republication of Schneider Electric CPCERT SEVD-2026-069-01 Legal Notice and Terms of Use

0
Automated Logic WebCTRL Premium Server

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. The following versions of Automated Logic WebCTRL Premium Server are affected: WebCTRL Premium Server CVSS Vendor Equipment Vulnerabilities v3 9.1 Automated Logic Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port, Authentication Bypass by Spoofing, Cleartext Transmission of Sensitive Information Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-25086 Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software. View CVE Details Affected Products Automated Logic WebCTRL Premium Server Vendor: Automated Logic Product Version: Automated Logic WebCTRL Premium Server: <v8.5 Product Status: known_affected Remediations Mitigation Automated Logic notes that WebCTRL 7 is End of Life (EOL) and has been out of support since January 27, 2023. Users are advised to upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet/SC. Mitigation For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments; BACnet Secure Connect (BACnet/SC) support, which introduces TLS encryption and mutual authentication; and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available at: https://www.automatedlogic.com/en/company/security-commitment/. https://www.automatedlogic.com/en/company/security-commitment/ Relevant CWE: CWE-605 Multiple Binds to the Same Port Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-32666 WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated AutomatedLogic controllers. Spoofed packets may be processed as legitimate. View CVE Details Affected Products Automated Logic WebCTRL Premium Server Vendor: Automated Logic Product Version: Automated Logic WebCTRL Premium Server: <v8.5 Product Status: known_affected Remediations Mitigation Automated Logic notes that WebCTRL 7 is End of Life (EOL) and has been out of support since January 27, 2023. Users are advised to upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet/SC. Mitigation For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments; BACnet Secure Connect (BACnet/SC) support, which introduces TLS encryption and mutual authentication; and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available at: https://www.automatedlogic.com/en/company/security-commitment/. https://www.automatedlogic.com/en/company/security-commitment/ Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2026-24060 Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered. View CVE Details Affected Products Automated Logic WebCTRL Premium Server Vendor: Automated Logic Product Version: Automated Logic WebCTRL Premium Server: <v8.5 Product Status: known_affected Remediations Mitigation Automated Logic notes that WebCTRL 7 is End of Life (EOL) and has been out of support since January 27, 2023. Users are advised to upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet/SC. Mitigation For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments; BACnet Secure Connect (BACnet/SC) support, which introduces TLS encryption and mutual authentication; and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available at: https://www.automatedlogic.com/en/company/security-commitment/. https://www.automatedlogic.com/en/company/security-commitment/ Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Acknowledgments Jonathan Lee, Thuy D. Nguyen and Neil C. Rowe of the Naval Postgraduate School reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-19 Date Revision Summary 2026-03-19 1 Initial Publication Legal Notice and Terms of Use

0
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058

View CSAF Summary Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an account takeover scenario or the execution of code in the user browser. The following versions of Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 are affected: Modicon M241 versions prior to 5.4.13.12 Modicon_Controller_M241 Modicon M251 versions prior to 5.4.13.12 Modicon_Controller_M251 Modicon Controllers M258 all firmware versions Modicon_Controllers_M258 Modicon Controllers LMC058 all firmware versions Modicon_Controllers_LMC058 CVSS Vendor Equipment Vulnerabilities v3 5.4 Schneider Electric Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2025-13902 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim's browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload. View CVE Details Affected Products Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 Vendor: Schneider Electric Product Version: Schneider Electric Modicon M241 versions prior to 5.4.13.12: Modicon_Controller_M241, Schneider Electric Modicon M251 versions prior to 5.4.13.12: Modicon_Controller_M251, Schneider Electric Modicon Controllers M258 all firmware versions: Modicon_Controllers_M258, Schneider Electric Modicon Controllers LMC058 all firmware versions: Modicon_Controllers_LMC058 Product Status: known_affected Remediations Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/EIO0000003059/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/ Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/EIO0000003059/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/EIO0000005500/ Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/EIO0000003059/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/EIO0000003059/ Mitigation Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/EIO0000003059/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER Mitigation Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M251 to the latest Firmware and perform reboot. For instructions refer to Modicon M251 Logic Controller, Programming Guide: https://www.se.com/us/en/download/document/EIO0000003089/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/ Mitigation Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M251 to the latest Firmware and perform reboot. For instructions refer to Modicon M251 Logic Controller, Programming Guide: https://www.se.com/us/en/download/document/EIO0000003089/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/EIO0000005500/ Mitigation Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M251 to the latest Firmware and perform reboot. For instructions refer to Modicon M251 Logic Controller, Programming Guide: https://www.se.com/us/en/download/document/EIO0000003089/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/us/en/download/document/EIO0000003089/ Mitigation Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M251 to the latest Firmware and perform reboot. For instructions refer to Modicon M251 Logic Controller, Programming Guide: https://www.se.com/us/en/download/document/EIO0000003089/, https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER. https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER Mitigation If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. Deactivate the Webserver after use when not needed. Use encrypted communication links. Setup network segmentation and implement a firewall to block all unauthorized access to ports 80/HTTP and 443/HTTPS. Use VPN (Virtual Private Networks) tunnels if remote access is required. The "Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment" provide product specific hardening guidelines: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242 Mitigation Modicon Controllers M258 and Modicon Controllers LMC058: Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. Deactivate the Webserver after use when not needed. Use encrypted communication links. Setup network segmentation and implement a firewall to block all unauthorized access to ports 80/HTTP and 443/HTTPS. Use VPN (Virtual Private Networks) tunnels if remote access is required. The "Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment" provide product specific hardening guidelines: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242 Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-02 Improper Neutralization in Multiple Products - PDF Version: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-02.pdf. Improper Neutralization in Multiple Products - SEVD-2026-069-02 CSAF Version: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-069-02.json. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-02.pdf Mitigation For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-02 Improper Neutralization in Multiple Products - PDF Version: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-02.pdf. Improper Neutralization in Multiple Products - SEVD-2026-069-02 CSAF Version: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-069-02.json. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-069-02.json Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Acknowledgments Amir Zaltzman of Claroty Team82 reported this vulnerability to Schneider Electric Schneider Electric reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-19 Date Revision Summary 2026-03-19 1 Initial Republication of Schneider Electric CPCERT SEVD-2026-069-02 Legal Notice and Terms of Use

0
CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions. To defend against similar malicious activity that misuses legitimate endpoint management software, CISA urges organizations to implement Microsoft’s newly released best practices for securing Microsoft Intune; the principles of these recommendations can be applied to Intune and more broadly to other endpoint management software:  Use principles of least privilege when designing administrative roles. Leverage Microsoft Intune’s role-based access control (RBAC) to assign the minimum permissions necessary to each role for completing day-to-day operations—permissions include what actions the role can take, and what users and devices it can apply that action to. Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene. Use Microsoft Entra ID capabilities (including Conditional Access, MFA, risk signals, and privileged access controls) to block unauthorized access to privileged actions in Microsoft Intune. Configure access policies to require Multi Admin Approval in Microsoft Intune. Set up policies that require a second administrative account’s approval to allow changes to sensitive or high-impact actions (such as device wiping), applications, scripts, RBAC, configurations, etc.   Additionally, CISA recommends reviewing the following resources to strengthen defenses against similar malicious cyber activity: Microsoft resources: For recommendations on securing Microsoft Intune, see Best practices for securing Microsoft Intune. For guidance on implementing Multi Admin Approval in Microsoft Intune, see Use Access policies to implement Multi Admin Approval. For recommendations on configuring Microsoft Intune using zero trust principles, see Configure Microsoft Intune for increased security. For guidance on implementing Microsoft Intune RBAC policies, see Role-based access control (RBAC) with Microsoft Intune. For guidance on deploying Privileged Identity Management (PIM) across Microsoft Intune, Entra ID, and other Microsoft software, see Plan a Privileged Identity Management deployment.   CISA resources: For guidance on implementing phishing-resistant multifactor authentication (MFA), see Implementing Phishing-Resistant MFA.  Disclaimer The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.   Acknowledgements Microsoft and Stryker contributed to this alert.  Notes 1 For updates from Stryker on the incident, see “Customer Updates: Stryker Network Disruption,” Stryker, last modified March 15, 2026, https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html.

0
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses.

0
Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. FortiClient for Windows is a unified endpoint security solution that provides a range of security features, including a VPN client for secure remote access to corporate networks, antivirus protection, web filtering, and vulnerability assessment. FortiExtender is a device from Fortinet that provides secure 5G/LTE and Ethernet connectivity to extend a network's edge. FortiMail is a secure email gateway from Fortinet that protects against email-borne threats like spam, phishing, and malware, and prevents data loss.  FortiPAM provides privileged account management, session monitoring and management, and role-based access control to secure access to sensitive assets and mitigate data breaches. FortiSandbox is an advanced threat detection solution from Fortinet that uses sandboxing to analyze suspicious files and network traffic for advanced threats like zero-day malware and ransomware. FortiADC is an application delivery controller (ADC) that improves the availability, performance, and security of web applications.  FortiWeb is a web application firewall (WAF) that protects web applications and APIs from cyberattacks like SQL injection and cross-site scripting, while also helping to meet compliance requirements. FortiVoice is a unified communications solution that combines voice, chat, conferencing, and fax into a single, secure platform for businesses and schools. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web gateway product from Fortinet that protects users from internet-borne attacks, enforces compliance, and improves network performance.   Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

0
State of the SaaS Security Union

Two threat groups are exploiting SaaS at scale: one with phishing and data theft, the other with nation-state level tactics exploiting integrations and credentials. Here’s what you need to know and how to protect against the next wave.

Vote on articles to boost the important ones to the top