[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:iot-ot":3},{"tag":4,"articles":8,"awareness":387,"events":388,"tips":389,"focus_items":390,"total_count":391},{"slug":5,"name":6,"description":7},"iot-ot","IoT\u002FOT","IoT\u002FOT security, industrial control systems, embedded devices",[9,18,27,34,41,49,56,63,70,77,84,91,98,105,112,118,125,132,138,145,154,163,171,178,185,192,199,206,215,223,232,241,250,258,267,275,282,290,297,304,311,317,326,335,344,352,359,366,373,380],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"76343cc5-0302-48ea-8ee1-aec0f1f9a5fc","RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers","rondodox-botnet-exploits-critical-2018-vulnerability-to-hijack-asus-routers-88d656","RondoDox botnet exploits 2018 ASUS router vulnerability to hijack over 1 million devices.","VulnCheck discovered that the RondoDox botnet is actively exploiting CVE-2018-5999, a critical 2018 vulnerability in ASUS routers, to bypass authentication and hijack over 1 million devices. The vulnerability (CVSS 9.8\u002F10) allows unauthenticated attackers to modify router settings by manipulating the ateCommand_flag parameter. Though exploit code has been public since 2018, real-world exploitation only began in May 2026, with RondoDox using the compromised routers to launch DDoS attacks.","https:\u002F\u002Fhackread.com\u002Frondodox-botnet-2018-vulnerability-hijack-asus-routers\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Frondodox-botnet-2018-vulnerability-hijack-asus-routers-2.jpg","2026-05-23T11:16:40+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"ebca1b63-bce5-4bbe-afc6-b4155c8495f6","ABB B&R Automation Runtime","abb-b-r-automation-runtime-bc2b5c","ABB B&R Automation Runtime \u003C6.4 patched for session hijacking, XSS, and CSV injection flaws.","ABB B&R disclosed three vulnerabilities (CVE-2025-3449, CVE-2025-3448, CVE-2025-11498) in Automation Runtime versions before 6.4 affecting the System Diagnostics Manager (SDM) component. The flaws enable unauthenticated attackers to hijack sessions via predictable identifiers, execute arbitrary JavaScript via reflected XSS, and inject malicious formulas into CSV files. Fix is available in Automation Runtime 6.4; SDM is disabled by default and primarily impacts systems where it is explicitly enabled.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-141-04",null,"2026-05-21T12:00:00+00:00",{"id":28,"title":29,"slug":30,"brief":31,"ai_summary":32,"url":33,"image_url":25,"published_at":26},"e3a6e55a-7d15-4999-9554-0ccce67f8b71","Hitachi Energy GMS600","hitachi-energy-gms600-6701cd","Hitachi Energy GMS600 versions 1.3.0–1.3.1 vulnerable to OpenSSL timing attack (CVE-2022-4304)","Hitachi Energy GMS600 grid management system versions 1.3.0 and 1.3.1 are affected by CVE-2022-4304, a timing-based side-channel vulnerability in OpenSSL's RSA decryption implementation. An attacker with network access can recover encrypted pre-master secrets and decrypt TLS application data through a Bleichenbacher-style attack. Hitachi recommends immediate upgrade to version 1.3.2.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-141-01",{"id":35,"title":36,"slug":37,"brief":38,"ai_summary":39,"url":40,"image_url":25,"published_at":26},"1fac00c0-edc1-4e72-9c90-6a663ffd88b4","ABB Terra AC Wallbox","abb-terra-ac-wallbox-f3cf9d","ABB Terra AC Wallbox EV charger has three buffer overflow vulnerabilities affecting firmware versions ≤1.8.33.","ABB disclosed three memory corruption vulnerabilities (CVE-2025-10504, CVE-2025-12142, CVE-2025-12143) in Terra AC Wallbox EV chargers deployed worldwide, affecting versions ≤1.8.33. The vulnerabilities allow heap, BSS, and stack memory pollution via malformed Bluetooth protocol messages, potentially enabling remote firmware alteration. ABB has released a fix in version 1.8.36; exploitation requires prior Bluetooth hijacking due to encrypted BLE communication.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-141-05",{"id":42,"title":43,"slug":44,"brief":45,"ai_summary":46,"url":47,"image_url":25,"published_at":48},"4403ec30-ad68-4d87-bda0-fc7035750d63","Siemens SENTRON 7KT PAC1261 Data Manager","siemens-sentron-7kt-pac1261-data-manager-b26b5e","Siemens SENTRON 7KT PAC1261 Data Manager HTTP request smuggling flaw allows admin token theft","A critical HTTP request smuggling vulnerability (CVE-2025-22871, CVSS 9.1) in the Go net\u002Fhttp package affects Siemens SENTRON 7KT PAC1261 Data Manager versions before 2.1.0. The flaw permits attackers to retrieve authorization tokens and gain administrative control over affected energy infrastructure devices deployed worldwide. Siemens has released version 2.1.0 as the fix and recommends immediate updates.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-14","2026-05-14T12:00:00+00:00",{"id":50,"title":51,"slug":52,"brief":53,"ai_summary":54,"url":55,"image_url":25,"published_at":48},"4f754d85-c8a7-4e76-bc7b-5f21ecaf8585","Siemens Solid Edge","siemens-solid-edge-c7d65f","Siemens Solid Edge SE2026 before Update 5 has two file parsing vulnerabilities in PAR format handling.","Siemens Solid Edge SE2026 versions prior to Update 5 contain two critical vulnerabilities (CVE-2026-44411 and CVE-2026-44412) in PAR file parsing that could allow arbitrary code execution or application crashes. Both vulnerabilities have a CVSS score of 7.8 (HIGH) and affect critical manufacturing infrastructure worldwide. Siemens recommends immediate patching to version 226.0 Update 5 or later.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-03",{"id":57,"title":58,"slug":59,"brief":60,"ai_summary":61,"url":62,"image_url":25,"published_at":48},"1f807db1-a6bb-4fcf-aacd-1ecab22d9b51","Siemens SIMATIC","siemens-simatic-586078","Siemens SIMATIC HMI Unified Comfort Panels before V21.0 vulnerable to unauthenticated web browser access via help link.","A vulnerability (CVE-2026-27662) in Siemens SIMATIC HMI Unified Comfort Panels before version V21.0 allows unauthenticated attackers to access the web browser through the Control Panel's help link, potentially enabling malicious reconfigurations. The vulnerability affects multiple panel models including MTP1000, MTP1200, MTP1500, and MTP1900 series. Siemens has released patches and recommends immediate updates to V21 or later, with CISA recommending network isolation and defensive measures for affected industrial control systems.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-07",{"id":64,"title":65,"slug":66,"brief":67,"ai_summary":68,"url":69,"image_url":25,"published_at":48},"c4d19356-d9e2-4ae6-95b8-a6ddf5206131","Siemens Ruggedcom Rox","siemens-ruggedcom-rox-2fb9ad","Siemens Ruggedcom Rox OS command injection vulnerability allows authenticated RCE with root privileges.","Siemens has disclosed CVE-2025-40947, a critical OS command injection vulnerability in Ruggedcom Rox industrial routers affecting 11 product variants. The flaw exists in the feature key installation process and allows authenticated remote attackers to execute arbitrary commands with root privileges. Siemens recommends immediate patching to version 2.17.1 or later for all affected models deployed worldwide in critical manufacturing environments.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-11",{"id":71,"title":72,"slug":73,"brief":74,"ai_summary":75,"url":76,"image_url":25,"published_at":48},"0c6b86a4-fa83-4d85-a356-08807a366f82","Universal Robots Polyscope 5","universal-robots-polyscope-5-c0567f","Critical OS command injection in Universal Robots Polyscope 5 allows unauthenticated remote code execution.","Universal Robots has released a critical security advisory (CISA ICSA-26-134-17) addressing CVE-2026-8153, an OS command injection vulnerability in Polyscope 5 versions prior to 5.25.1. The flaw allows unauthenticated attackers to execute arbitrary code on the robot's operating system via the Dashboard Server interface, with a CVSS score of 9.8 (critical). Universal Robots has released patched version 5.25.1 to remediate the vulnerability.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-17",{"id":78,"title":79,"slug":80,"brief":81,"ai_summary":82,"url":83,"image_url":25,"published_at":48},"a2d49297-9d1c-4abf-a939-e97c362408f2","Siemens Simcenter Femap","siemens-simcenter-femap-d8aa0f","Siemens Simcenter Femap heap buffer overflow in Datakit library allows RCE via malicious IPT files","Siemens Simcenter Femap contains a heap-based buffer overflow vulnerability (CVE-2025-12659) in its Datakit library that is triggered when parsing specially crafted IPT format files. An attacker could trick a user into opening a malicious file to execute arbitrary code in the process context. Siemens has released version 2512.0003 or later as a patch.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-05",{"id":85,"title":86,"slug":87,"brief":88,"ai_summary":89,"url":90,"image_url":25,"published_at":48},"7fbabda1-e355-4a36-97a7-7a859a8232d3","Siemens gWAP","siemens-gwap-850a8a","Siemens gWAP RCE vulnerability via Axios library prototype pollution gadget chain","Siemens gPROMS Web Applications Publisher (gWAP) versions prior to 3.1.1 are vulnerable to remote code execution through a prototype pollution gadget chain in the Axios HTTP client library (CVE-2026-40175). The vulnerability allows attackers to execute arbitrary code or achieve full cloud compromise via AWS IMDSv2 bypass. Siemens has released version 3.1.1 as a fix and recommends immediate patching for critical manufacturing deployments worldwide.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-01",{"id":92,"title":93,"slug":94,"brief":95,"ai_summary":96,"url":97,"image_url":25,"published_at":48},"5aa55168-04ed-44cb-8e3a-6735d92d4fc7","Siemens Siemens ROS#","siemens-siemens-ros-a78764","Siemens ROS# path traversal vulnerability (CVE-2026-41551) allows arbitrary file access in versions before 2.2.2.","Siemens ROS# versions before 2.2.2 contain a critical path traversal vulnerability (CVE-2026-41551) in the file_server ROS service that allows remote attackers to read and write arbitrary files with the privileges of the service user. The vulnerability stems from improper input sanitization and has a CVSS v3.1 score of 9.1 (Critical). Siemens has released version 2.2.2 as a fix and recommends immediate update, while providing interim mitigations including network isolation and appropriate user rights restrictions.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-08",{"id":99,"title":100,"slug":101,"brief":102,"ai_summary":103,"url":104,"image_url":25,"published_at":48},"5a0159f2-4cc4-4631-9cd9-e7901d8a7f88","Siemens Teamcenter","siemens-teamcenter-721cdd","Siemens Teamcenter affected by multiple critical vulnerabilities including XSS, hardcoded credentials, and PDF.js flaw.","Siemens Teamcenter versions V2312 through V2512 are affected by three vulnerabilities: CVE-2026-33862 (XSS via improper input filtering), CVE-2026-33893 (hardcoded obfuscation keys), and CVE-2024-4367 (PDF.js type check bypass allowing arbitrary JavaScript). These flaws could compromise availability, integrity, and confidentiality across critical manufacturing infrastructure deployed worldwide. Siemens has released patches and recommends immediate updates to the latest versions.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-04",{"id":106,"title":107,"slug":108,"brief":109,"ai_summary":110,"url":111,"image_url":25,"published_at":48},"fc0a9263-622f-4432-bba0-ad3f1ab8283c","Siemens Industrial Devices","siemens-industrial-devices-77ee27","Siemens industrial devices contain null pointer dereference vulnerability enabling denial of service via crafted IPv4","Siemens disclosed CVE-2025-40833, a null pointer dereference vulnerability affecting 200+ industrial networking and control devices including SCALANCE routers, SIMATIC CPUs, and SINAMICS drives. The flaw allows remote attackers to trigger denial of service by sending specially crafted IPv4 requests, requiring manual system restart for recovery. Patches are available for most products with version updates to 6.6.0, 8.3, or later depending on device family; some products have no fix planned pending further development.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-06",{"id":113,"title":65,"slug":114,"brief":115,"ai_summary":116,"url":117,"image_url":25,"published_at":48},"0dea38f0-9f50-4a45-94ba-5af71037c2a1","siemens-ruggedcom-rox-c2c931","Siemens Ruggedcom Rox improper access control flaw allows authenticated remote file read with root privileges","Siemens Ruggedcom Rox devices contain CVE-2025-40948, an improper input validation vulnerability in the JSON-RPC web interface that allows authenticated remote attackers to read arbitrary files with root privileges. The vulnerability affects multiple Ruggedcom Rox models (MX5000, RX1400–RX1536 series) across worldwide critical manufacturing infrastructure. Siemens recommends updating to version 2.17.1 or later to remediate the issue.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-02",{"id":119,"title":120,"slug":121,"brief":122,"ai_summary":123,"url":124,"image_url":25,"published_at":48},"299b5559-f84f-4a81-a449-d123c065c4df","Siemens Opcenter RDnL","siemens-opcenter-rdnl-5fb307","Siemens Opcenter RDnL affected by missing authentication in ActiveMQ Artemis (CVE-2026-27446)","Siemens Opcenter RDnL is vulnerable to a missing authentication flaw in Apache ActiveMQ Artemis that allows unauthenticated attackers on adjacent networks to force broker federation connections to rogue brokers. The vulnerability (CVE-2026-27446, CVSS 7.1) enables message injection\u002Fexfiltration and availability impacts across all affected versions. Siemens recommends immediate patching to Apache Artemis 2.52.0 or later, with mitigations including Core protocol filtering, acceptor reconfiguration, and two-way SSL enforcement.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-09",{"id":126,"title":127,"slug":128,"brief":129,"ai_summary":130,"url":131,"image_url":25,"published_at":48},"f6105c72-cc97-40b5-991c-3bfeeaf9857c","Siemens SIPROTEC 5","siemens-siprotec-5-21ae88","Siemens SIPROTEC 5 uses weak session IDs vulnerable to brute-force hijacking attacks","A vulnerability (CVE-2024-54017) in Siemens SIPROTEC 5 protective relay devices allows unauthenticated remote attackers to brute-force session identifiers due to insufficient randomness in their generation. This could enable session hijacking and unauthorized read access to limited web server information. Fixes are available by upgrading to V11.0 or later; interim mitigation measures are recommended for devices where updates are not yet available.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-13",{"id":133,"title":65,"slug":134,"brief":135,"ai_summary":136,"url":137,"image_url":25,"published_at":48},"006964ea-040b-4114-84e8-a101ddf93840","siemens-ruggedcom-rox-51f61e","Siemens Ruggedcom Rox input validation flaw allows authenticated RCE with root privileges.","Siemens released a security advisory for Ruggedcom Rox devices (multiple models) disclosing CVE-2025-40949, a critical OS command injection vulnerability in the Scheduler Web UI functionality. An authenticated remote attacker can exploit improper input sanitization to execute arbitrary commands with root privileges on the underlying operating system. Siemens recommends immediate patching to version 2.17.1 or later; the vulnerability affects critical manufacturing infrastructure deployed worldwide.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-12",{"id":139,"title":140,"slug":141,"brief":142,"ai_summary":143,"url":144,"image_url":25,"published_at":48},"601191d2-b358-4abe-a94a-45d4beed700a","Siemens SIMATIC S7 PLC Web Server","siemens-simatic-s7-plc-web-server-ff7824","Siemens SIMATIC S7 PLC web servers contain multiple XSS vulnerabilities requiring urgent patching.","Siemens disclosed three critical cross-site scripting (XSS) vulnerabilities (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) in SIMATIC S7 PLC web servers affecting dozens of CPU models and variants. The vulnerabilities allow authenticated attackers to inject malicious scripts via unsanitized PLC\u002Fstation names, Technology Object names, and firmware filenames. Siemens has released patches for some products (v2.9.9 and v3.1.6) and recommends restricting TIA project download and firmware update access to trusted personnel pending further fixes.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-15",{"id":146,"title":147,"slug":148,"brief":149,"ai_summary":150,"url":151,"image_url":152,"published_at":153},"98d59266-83f6-42ec-b072-acd4999c922a","CI Fortify | CISA","ci-fortify-cisa-8cb51f","CISA launches CI Fortify initiative urging critical infrastructure operators to prepare for geopolitical conflict","CISA has announced the CI Fortify initiative, calling on U.S. critical infrastructure operators to strengthen resilience against nation-state cyberattacks that could disrupt essential services. The guidance emphasizes two core strategies: proactive isolation of vital operational technology systems from third-party networks and comprehensive recovery planning to enable rapid restoration after compromise. The initiative recognizes that adversaries have already pre-positioned within critical infrastructure and could leverage telecommunications access to disable communications during a geopolitical crisis.","https:\u002F\u002Fbit.ly\u002F4eu2Yd6","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIM33CBXgAAF_QD.jpg","2026-05-13T13:00:21+00:00",{"id":155,"title":156,"slug":157,"brief":158,"ai_summary":159,"url":160,"image_url":161,"published_at":162},"d378a243-8ebb-48e3-b1ae-07aab8fa9f85","ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA","ics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa-3f1cb4","Siemens, Schneider Electric, and CISA publish May 2026 Patch Tuesday advisories for ICS vulnerabilities.","Multiple industrial control system (ICS) vendors released security advisories for May 2026 Patch Tuesday, with Siemens publishing 18 advisories covering critical flaws in Sentron, Simatic, Ruggedcom, and other products. Vulnerabilities include device takeover, command execution as root, arbitrary file access, and missing authentication controls. Notable concern: Ruggedcom APE1808 is affected by a recently disclosed Palo Alto Networks PAN-OS vulnerability reportedly exploited by Chinese state-sponsored actors.","https:\u002F\u002Fwww.securityweek.com\u002Fics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F11\u002FICS_Patches.jpg","2026-05-13T06:50:51+00:00",{"id":164,"title":165,"slug":166,"brief":167,"ai_summary":168,"url":169,"image_url":25,"published_at":170},"8eb57f03-3db0-4239-a142-c48d3283ab90","Subnet Solutions PowerSYSTEM Center","subnet-solutions-powersystem-center-1a42b8","Subnet Solutions PowerSYSTEM Center CRLF injection vulnerability affects multiple versions","CISA released an ICS advisory for Subnet Solutions PowerSYSTEM Center detailing CRLF injection vulnerabilities (CWE-93) affecting versions 5.8.x through 7.0.x. Successful exploitation by authenticated attackers could expose sensitive information or cause CRLF injection attacks. No public exploitation has been reported; Subnet Solutions recommends immediate updates to PSC 2020 Update 29, PSC 2024 Update 2, or PSC 2026 GA Hotfix.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-132-02","2026-05-12T12:00:00+00:00",{"id":172,"title":173,"slug":174,"brief":175,"ai_summary":176,"url":177,"image_url":25,"published_at":170},"3bf69e73-44a9-4d97-82f3-5027c523de18","ABB Automation Builder Gateway for Windows","abb-automation-builder-gateway-for-windows-43e003","ABB Automation Builder Gateway for Windows exposes PLC networks via insecure default remote access on port 1217.","ABB disclosed CVE-2024-41975, a medium-severity vulnerability (CVSS 5.3) in Automation Builder Gateway for Windows versions prior to 2.9.0. The gateway listens on all network adapters on port 1217 by default, allowing unauthenticated remote attackers to scan for connected PLCs in critical infrastructure environments. The vulnerability affects Chemical, Critical Manufacturing, Energy, and Water\u002FWastewater sectors worldwide. ABB released version 2.9.0 which defaults to local-only access, and provides a configuration workaround for older versions.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-132-04",{"id":179,"title":180,"slug":181,"brief":182,"ai_summary":183,"url":184,"image_url":25,"published_at":170},"c1a8c39b-908d-4257-91cb-d9da37bb2b92","ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities","abb-webpro-snmp-card-powervalue-multiple-vulnerabilities-ea26b4","ABB WebPro SNMP Card PowerValue contains three critical vulnerabilities enabling authentication bypass and DoS attacks.","ABB disclosed three internally discovered vulnerabilities affecting WebPro SNMP Card PowerValue versions ≤1.1.8.k: improper Modbus protocol implementation causing service unavailability (CVE-2025-4675), authentication bypass via single-character validation allowing brute force (CVE-2025-4676), and missing session timeout on ports 23\u002F502 enabling resource exhaustion DoS (CVE-2025-4677). All vulnerabilities are fixed in version 1.1.8.p, which ABB strongly recommends customers deploy immediately.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-132-06",{"id":186,"title":187,"slug":188,"brief":189,"ai_summary":190,"url":191,"image_url":25,"published_at":170},"135be911-8b50-4c71-b7e1-8c5e1779b9b1","ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax","abb-ac500-v3-stack-buffer-overflow-in-cryptographic-message-syntax-9ca9b2","ABB AC500 V3 PLC critical stack buffer overflow in CMS cryptographic parsing (CVE-2025-15467)","ABB disclosed a critical stack buffer overflow vulnerability (CVE-2025-15467, CVSS 9.8) in AC500 V3 PLCs affecting firmware versions 3.9.0 and 3.9.0_HF1. The flaw occurs when parsing CMS EnvelopedData structures with AEAD ciphers, where an oversized IV is copied into a fixed-size stack buffer without length validation, allowing unauthenticated remote code execution or denial-of-service. Firmware hotfix 3.9.0_HF1 is available and recommended for immediate deployment across critical infrastructure sectors worldwide.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-132-05",{"id":193,"title":194,"slug":195,"brief":196,"ai_summary":197,"url":198,"image_url":25,"published_at":170},"9727331f-9656-477a-a8d4-b1511d29a41d","Fuji Electric Tellus","fuji-electric-tellus-b679a0","Fuji Electric Tellus 5.0.2 kernel driver flaw allows local privilege escalation (CVE-2026-8108)","CISA released an advisory for CVE-2026-8108 affecting Fuji Electric Tellus 5.0.2, a critical manufacturing software used worldwide. The vulnerability exists in a kernel driver that grants all users read and write permissions, allowing local privilege escalation from user to system level, potentially enabling denial of service, file access, or deletion. Fuji Electric recommends installing Tellus only with administrator privileges; no public exploitation has been reported to date.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-132-01",{"id":200,"title":201,"slug":202,"brief":203,"ai_summary":204,"url":205,"image_url":25,"published_at":170},"75ca2c2e-376c-431a-b446-fd15ecf6b487","ABB AC500 V3 Multiple Vulnerabilities","abb-ac500-v3-multiple-vulnerabilities-55b87a","ABB AC500 V3 PLCs patched for three critical vulnerabilities enabling auth bypass, cert theft, and DoS","ABB disclosed three severe vulnerabilities in AC500 V3 PLCs affecting chemical, manufacturing, energy, and water sectors globally. CVE-2025-2595 allows unauthenticated forced-browsing to read visualization files; CVE-2025-41659 permits low-privileged attackers to read\u002Fwrite certificates and keys via CODESYS protocol; CVE-2025-41691 causes DoS via NULL pointer dereference. All are fixed in firmware version 3.9.0.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-132-03",{"id":207,"title":208,"slug":209,"brief":210,"ai_summary":211,"url":212,"image_url":213,"published_at":214},"2ee6dee1-a789-4b3b-ad65-5fc92e2104ec","Cyber Espionage Group Targets Aviation Firms to Steal Map Data","cyber-espionage-group-targets-aviation-firms-to-steal-map-data-833eb0","Cyber espionage group targets aviation firms to steal geospatial and GPS data.","A cyber espionage campaign is actively compromising aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data. The attackers are gathering geospatial intelligence to develop operational awareness of adversary capabilities and geography. The campaign appears designed to support intelligence gathering or military planning.","https:\u002F\u002Fwww.darkreading.com\u002Fvulnerabilities-threats\u002Fcyber-espionage-group-aviation-firms-steal-map-data","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltcdb68c050b92d44f\u002F69fe24d5757b4d3f64b57d8a\u002Fdrone-mapping-system-DC_Studio-shutterstock.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-11T12:00:00+00:00",{"id":216,"title":217,"slug":218,"brief":219,"ai_summary":220,"url":221,"image_url":25,"published_at":222},"564f3759-ebef-4711-8dd4-04f20e63411f","MAXHUB Pivot Client Application","maxhub-pivot-client-application-cd5929","MAXHUB Pivot client application CVE-2026-6411 uses hardcoded AES key allowing email disclosure","CISA released ICS Advisory ICSA-26-127-01 detailing CVE-2026-6411 in MAXHUB Pivot client application versions prior to v1.36.2. The vulnerability stems from a hardcoded AES encryption key that allows attackers to decrypt tenant email addresses and metadata, with a CVSS 3.1 score of 7.3 (HIGH). Additionally, attackers can perform denial-of-service attacks by enrolling unauthorized devices via MQTT.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-127-01","2026-05-07T12:00:00+00:00",{"id":224,"title":225,"slug":226,"brief":227,"ai_summary":228,"url":229,"image_url":230,"published_at":231},"7dda3a6e-23b5-4835-ac59-7428959849d8","Why Outdated Maintenance Software Is a Growing Ransomware Risk","why-outdated-maintenance-software-is-a-growing-ransomware-risk-d01504","Outdated maintenance software exposes companies to ransomware via weak access controls and unpatched systems.","Maintenance software platforms, often neglected in security reviews, have become high-value targets for ransomware groups due to their access to critical operational data, asset maps, and schedules. Outdated systems create multiple attack vectors through weak authentication, lack of security patches, poor visibility, and connections to enterprise systems. Attackers exploit this intelligence to time extortion campaigns with maximum operational pressure and use stolen maintenance data for enhanced extortion threats.","https:\u002F\u002Fhackread.com\u002Foutdated-maintenance-software-growing-ransomware-risk\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Foutdated-maintenance-software-growing-ransomware-risk.png","2026-05-07T11:36:00+00:00",{"id":233,"title":234,"slug":235,"brief":236,"ai_summary":237,"url":238,"image_url":239,"published_at":240},"e2cd7cb4-4a1c-4a05-a95a-5ba2bef9c580","Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion","claude-ai-guided-hackers-toward-ot-assets-during-water-utility-intrusion-c56b25","Threat actors used Claude AI to guide attack on Mexican water utility's OT systems in January 2026.","Dragos reported that an unidentified threat actor leveraged Anthropic's Claude and OpenAI's GPT models during an intrusion into a municipal water and drainage utility in Monterrey, Mexico as part of a broader campaign targeting Mexican government organizations. Claude independently identified a vNode SCADA\u002FIIoT management interface during network reconnaissance and recommended password-spray attacks, though all attempts failed and no control systems were compromised. The incident highlights how general-purpose AI tools can make OT assets more visible to attackers and accelerate attack development timelines.","https:\u002F\u002Fwww.securityweek.com\u002Fclaude-ai-guided-hackers-toward-ot-assets-during-water-utility-intrusion\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F10\u002FWater-Utility-Cyberattack.jpg","2026-05-07T07:35:25+00:00",{"id":242,"title":243,"slug":244,"brief":245,"ai_summary":246,"url":247,"image_url":248,"published_at":249},"31f3f0d0-ad74-4ef8-9798-0f19ebd90a84","Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks","mirai-based-xlabs-v1-botnet-exploits-adb-to-hijack-iot-devices-for-ddos-attacks-3a5aed","New Mirai-derived xlabs_v1 botnet exploits exposed ADB to hijack IoT devices for DDoS attacks.","Researchers discovered xlabs_v1, a Mirai-based botnet that targets internet-exposed Android Debug Bridge (ADB) services on IoT devices including Android TV boxes, set-top boxes, and smart TVs to enlist them in a DDoS-for-hire operation. The malware supports 21 flood variants across TCP, UDP, and raw protocols, profiles device bandwidth to assign pricing tiers, and includes a killer subsystem to eliminate competing botnets. The operator, identified by the ChaCha20-encrypted moniker \"Tadashi,\" primarily targets game servers and Minecraft hosts.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fmirai-based-xlabsv1-botnet-exploits-adb.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhHPb4dDONnDMbu5rdNKex39FCs_4elspTEwE3dJbDsEBn1OdHrNS_0oI2V2mKCG4PjUGsBy5T4ZCec8kSdK2hTXkaq3fIIDX5XLBKfU9X4dNamC0zGfgcZ5dxPy1PNGKtAIye5IpODYmyzgMYBSRfyUcAnLhOBsHSitLujoCQABiz9b2KfYnzUhPN8rqPK\u002Fs1600\u002Fbotnet-malware.jpg","2026-05-06T20:21:00+00:00",{"id":251,"title":252,"slug":253,"brief":254,"ai_summary":255,"url":256,"image_url":25,"published_at":257},"d5c6bdab-7123-4fbe-8909-302e9b34a097","Rowhammer Attack Against NVIDIA Chips https:\u002F\u002Ft.co\u002FxYv2kEnOHD","rowhammer-attack-against-nvidia-chips-https-t-co-xyv2kenohd-9fb978","Researchers demonstrate Rowhammer attack against NVIDIA GPU chips.","Security researchers have successfully demonstrated a Rowhammer attack targeting NVIDIA GPU chips, exploiting DRAM bit-flip vulnerabilities to potentially compromise GPU memory integrity. This attack highlights a hardware-level vulnerability that could be leveraged to escape GPU sandboxes or gain unauthorized access to sensitive data processed on NVIDIA accelerators.","https:\u002F\u002Fx.com\u002Fschneierblog\u002Fstatus\u002F2051974696774877445","2026-05-06T10:37:46+00:00",{"id":259,"title":260,"slug":261,"brief":262,"ai_summary":263,"url":264,"image_url":265,"published_at":266},"198e05fb-e6aa-42dc-be5e-1c42e080df89","CISA: Critical Infrastructure Must Master Isolation, Recovery","cisa-critical-infrastructure-must-master-isolation-recovery-ac8632","CISA issues CI Fortify guidance for critical infrastructure to master isolation and recovery against nation-state","CISA has released new guidance warning US critical infrastructure operators of relentless intrusion attempts from nation-state actors positioned to disrupt operational technology networks. The CI Fortify initiative emphasizes two core capabilities: isolation (severing connections to prevent attack spread) and recovery (documentation, backups, and manual operation rehearsal). The guidance assumes that during geopolitical conflict, internet access and third-party services may become unreliable while hostile actors remain embedded in OT networks.","https:\u002F\u002Fwww.securityweek.com\u002Fcisa-critical-infrastructure-must-master-isolation-recovery\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F03\u002FIndustrial-Network.jpeg","2026-05-06T10:15:34+00:00",{"id":268,"title":269,"slug":270,"brief":271,"ai_summary":272,"url":273,"image_url":25,"published_at":274},"f141daf6-0ef8-496c-91ce-7e42b4ca1db7","CVE-2026-0073: Zero-Click RCE Flaw in Android's Wireless ADB Bypasses Authentication\n\nhttps:\u002F\u002Ft.c...","cve-2026-0073-zero-click-rce-flaw-in-android-s-wireless-adb-bypasses-authenticat-c3ef3a","CVE-2026-0073 zero-click RCE in Android Wireless ADB bypasses authentication.","A critical zero-click remote code execution vulnerability (CVE-2026-0073) has been discovered in Android's Wireless ADB (Android Debug Bridge) that allows attackers to bypass authentication and gain full device control without user interaction. The flaw enables unauthenticated remote access to affected Android devices, posing a severe threat to millions of users. Immediate patching is recommended for all affected Android versions.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2051682204170813918","2026-05-05T15:15:30+00:00",{"id":276,"title":147,"slug":277,"brief":149,"ai_summary":278,"url":279,"image_url":280,"published_at":281},"90c9c344-45de-4a56-9311-17d7c5b4c771","ci-fortify-cisa-5a388f","CISA has released the CI Fortify initiative, warning that U.S. critical infrastructure operators face persistent nation-state intrusion attempts with objectives beyond espionage—adversaries aim to disrupt operational technology (OT) systems during geopolitical conflict. The guidance emphasizes two core emergency planning objectives: isolation (proactively disconnecting from third-party networks to sustain essential services) and recovery (documenting systems, backing up critical data, and practicing failover procedures). CISA is offering targeted assessments and updated guidance while calling on vendors, service providers, and security professionals to support infrastructure resilience efforts.","https:\u002F\u002Fwww.cisa.gov\u002Ffortify","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHj2T3wWAAYMzaB.jpg","2026-05-05T13:49:09+00:00",{"id":283,"title":284,"slug":285,"brief":286,"ai_summary":287,"url":288,"image_url":25,"published_at":289},"fa3ff5bf-3e3e-4f3f-a7bb-7fbe80c0dcce","ABB B&R Automation Studio","abb-b-r-automation-studio-71bd29","ABB B&R Automation Studio certificate validation flaw allows server spoofing.","ABB B&R Automation Studio versions before 6.5 contain an improper certificate validation vulnerability (CVE-2025-11043) in OPC-UA and ANSL over TLS clients that allows unauthenticated attackers on the network to spoof trusted servers and intercept data exchanges. The vulnerability has a CVSS score of 7.4 (HIGH) and affects critical manufacturing infrastructure worldwide. A patch is available in version 6.5, and ABB recommends immediate deployment.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-125-04","2026-05-05T12:00:00+00:00",{"id":291,"title":292,"slug":293,"brief":294,"ai_summary":295,"url":296,"image_url":25,"published_at":289},"ccb000b2-9a97-4dca-b2f6-c92c0ded388b","Johnson Controls CEM AC2000","johnson-controls-cem-ac2000-ec2397","Johnson Controls CEM AC2000 DLL hijacking vulnerability (CVE-2026-21661) allows privilege escalation across multiple","A high-severity DLL hijacking vulnerability (CVE-2026-21661, CVSS 8.7) has been discovered in Johnson Controls CEM AC2000 versions 12.0, 11.0, and 10.6. The flaw allows standard users to escalate privileges on affected systems through uncontrolled search path exploitation (CWE-427). Johnson Controls has released patched versions (12.0 Release 10, 11.0 Release 9, 10.6 Release 3) and CISA recommends organizations isolate control systems behind firewalls and apply mitigations immediately.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-125-05",{"id":298,"title":299,"slug":300,"brief":301,"ai_summary":302,"url":303,"image_url":25,"published_at":289},"40404da9-030a-4170-b45f-522986c5f0de","ABB B&R PVI","abb-b-r-pvi-e6f942","ABB B&R PVI vulnerability allows authenticated local attackers to read credentials from client logs.","ABB disclosed CVE-2026-0936, a medium-severity (CVSS 5.0) insertion of sensitive information into log file vulnerability in B&R PVI client versions prior to 6.5.0. An authenticated local attacker could exploit this to gather credential information processed by the PVI client application, though logging is disabled by default. ABB has released version 6.5.0 as a fix and recommends immediate patching for organizations deploying this industrial control system software.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-125-02",{"id":305,"title":306,"slug":307,"brief":308,"ai_summary":309,"url":310,"image_url":25,"published_at":289},"93e1a956-2863-4b71-a067-c43b82b38f60","Hitachi Energy PCM600","hitachi-energy-pcm600-7058bf","Hitachi Energy PCM600 path traversal vulnerability (Zip-Slip) affects energy infrastructure worldwide.","Hitachi Energy disclosed CVE-2018-1002208, a path traversal vulnerability in SharpZipLib affecting PCM600 versions 2.11 and earlier (legacy) and 3.0–3.1 SP3 (current). The vulnerability allows attackers to write arbitrary files via directory traversal in maliciously crafted Zip archives, impacting product integrity. A vendor fix (PCM600 3.1 SP4) is planned; users are advised to migrate to supported versions and follow cybersecurity deployment guidelines.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-125-01",{"id":312,"title":20,"slug":313,"brief":314,"ai_summary":315,"url":316,"image_url":25,"published_at":289},"9f88ed7c-5a0f-4ee2-9234-6b13165a308c","abb-b-r-automation-runtime-549754","ABB B&R Automation Runtime DoS vulnerability (CVE-2025-11044) in ANSL-Server component patched.","ABB released a security advisory for CVE-2025-11044, an allocation-of-resources vulnerability in B&R Automation Runtime versions prior to 6.5 and R4.93. An unauthenticated network attacker can exploit a race condition in the ANSL-Server component to cause permanent denial-of-service on affected industrial control devices. Patches are available; affected customers should update or implement firewall-based traffic throttling as immediate mitigation.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-125-03",{"id":318,"title":319,"slug":320,"brief":321,"ai_summary":322,"url":323,"image_url":324,"published_at":325},"839ae3b9-e894-40ea-abe9-b5d82b2f5957","New AirSnitch attack techniques target the Wi-Fi infrastructure itself. We show how attackers can...","new-airsnitch-attack-techniques-target-the-wi-fi-infrastructure-itself-we-show-h-219b1d","AirSnitch attack techniques enable packet interception and injection on Wi-Fi infrastructure, bypassing encryption.","Security researchers have disclosed AirSnitch, a new class of attacks that directly target Wi-Fi infrastructure by intercepting and injecting packets while circumventing encryption protections. These techniques represent a fundamental shift in wireless security assumptions, allowing attackers to compromise communication at the infrastructure layer rather than relying on endpoint vulnerabilities. The attack challenges the security guarantees previously attributed to modern Wi-Fi protocols.","https:\u002F\u002Fx.com\u002FUnit42_Intel\u002Fstatus\u002F2050328934449881139","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHQ7SL1XAAE5aI9.jpg","2026-05-01T21:38:05+00:00",{"id":327,"title":328,"slug":329,"brief":330,"ai_summary":331,"url":332,"image_url":333,"published_at":334},"29442548-2adf-49c2-88f8-77fc9284b783","‼️ Interesting claim... A threat actor operating under the alias paws is selling root-level remot...","interesting-claim-a-threat-actor-operating-under-the-alias-paws-is-selling-root--81620a","Threat actor 'paws' offers root RCE access to compromised Linux firewall for $1,500 in Monero.","A threat actor operating under the alias 'paws' is publicly selling root-level remote code execution and shell access to a Linux-based firewall device belonging to an unnamed DDoS protection vendor. The access is being marketed for $1,500 USD, payable in Monero cryptocurrency. The incident suggests either a zero-day vulnerability or successful compromise of critical infrastructure protecting DDoS mitigation services.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2049978378116055059","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHL8chUW0AAwpjE.jpg","2026-04-30T22:25:06+00:00",{"id":336,"title":337,"slug":338,"brief":339,"ai_summary":340,"url":341,"image_url":342,"published_at":343},"ff840f69-d27f-4016-8c26-80c5cd217d3a","Anti-DDoS Firm Heaped Attacks on Brazilian ISPs","anti-ddos-firm-heaped-attacks-on-brazilian-isps-c521ba","Brazilian DDoS protection firm's infrastructure breached, enabling botnet attacks on ISPs.","Huge Networks, a Brazilian ISP specializing in DDoS protection, had its infrastructure compromised by an attacker who built a Mirai-variant botnet from vulnerable TP-Link routers to launch extended DDoS campaigns against Brazilian ISPs. The breach, first detected in January 2026, exposed the CEO's SSH keys and Python attack scripts targeting CVE-2023-1389. The CEO claims the intrusion was likely a competitor sabotage attempt and says the company has engaged forensics teams to investigate.","https:\u002F\u002Fkrebsonsecurity.com\u002F2026\u002F04\u002Fanti-ddos-firm-heaped-attacks-on-brazilian-isps\u002F","https:\u002F\u002Fkrebsonsecurity.com\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002Ftpllink-ax21.png","2026-04-30T14:04:26+00:00",{"id":345,"title":346,"slug":347,"brief":348,"ai_summary":349,"url":350,"image_url":25,"published_at":351},"d2c76151-a3b4-4695-98fe-3233065efb48","ABB AWIN Gateways","abb-awin-gateways-acbe0e","ABB AWIN Gateways contain three high-severity authentication bypass flaws affecting critical manufacturing","ABB released security advisories for three vulnerabilities in AWIN Gateways (GW100 and GW120 models) affecting critical manufacturing infrastructure globally. The flaws allow unauthenticated attackers to bypass session validation, remotely reboot devices, and extract sensitive system configuration details. Patches are available in firmware versions 2.1-0 (GW100) and 2.0-0 (GW120).","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-120-05","2026-04-30T12:00:00+00:00",{"id":353,"title":354,"slug":355,"brief":356,"ai_summary":357,"url":358,"image_url":25,"published_at":351},"148a13dc-f36b-4ed9-a545-a321aa30ecd5","ABB PCM600","abb-pcm600-321117","ABB PCM600 path traversal vulnerability allows arbitrary code execution via crafted messages.","CISA disclosed CVE-2018-1002208, a path traversal vulnerability in ABB PCM600 versions 1.5 through 2.13 that allows local attackers with low privileges to execute arbitrary code by sending specially crafted messages. The flaw exists in the bundled SharpZip.dll library and affects critical manufacturing infrastructure worldwide. ABB released version 2.14 as a fix, though RE_630 protection relays are incompatible with this patched version.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-120-02",{"id":360,"title":361,"slug":362,"brief":363,"ai_summary":364,"url":365,"image_url":25,"published_at":351},"5364ea44-d041-4b4c-ba06-dc990508cfa3","ABB Ability OPTIMAX","abb-ability-optimax-eab714","ABB Ability OPTIMAX authentication bypass vulnerability in Azure AD SSO integration.","CISA disclosed CVE-2025-14510, a high-severity (CVSS 8.1) authentication bypass vulnerability in ABB Ability OPTIMAX affecting versions 6.1–6.4, where incorrect implementation of Azure Active Directory Single Sign-On integration allows attackers to bypass user authentication. The vulnerability impacts critical infrastructure systems in energy and water\u002Fwastewater sectors worldwide. Patches are available for versions 6.3.1-251120 and 6.4.1-251120; versions 6.1 and 6.2 are end-of-life.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-120-04",{"id":367,"title":368,"slug":369,"brief":370,"ai_summary":371,"url":372,"image_url":25,"published_at":351},"bbec5703-d1d0-45e8-9df0-7896d9f8921a","ABB System 800xA, Symphony Plus IEC 61850","abb-system-800xa-symphony-plus-iec-61850-276da0","CVE-2025-3756 in ABB System 800xA and Symphony Plus IEC 61850 allows DoS via crafted packets.","ABB released a security advisory for CVE-2025-3756 affecting multiple IEC 61850 communication stack implementations in System 800xA, Symphony Plus, and related automation control products. The vulnerability allows attackers with network access to send specially crafted packets causing device faults or denial-of-service conditions in CI868, CI850, PM 877, and S+ Operations modules. Patches are planned for Q1–Q2 2026, with CVSS score 6.5 (Medium) and no active exploitation reported.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-120-01",{"id":374,"title":375,"slug":376,"brief":377,"ai_summary":378,"url":379,"image_url":25,"published_at":351},"ce0740ac-6ffa-4588-a4f1-5f4a64c99da0","ABB Ability Symphony Plus Engineering","abb-ability-symphony-plus-engineering-fee860","ABB Ability Symphony Plus Engineering affected by four high-severity PostgreSQL vulnerabilities enabling arbitrary code","ABB disclosed four high-severity vulnerabilities (CVE-2023-5869, CVE-2023-39417, CVE-2024-7348, CVE-2024-0985) in ABB Ability Symphony Plus Engineering versions 2.2 through 2.4 SP2, stemming from PostgreSQL 13.11 and earlier. These flaws allow authenticated attackers with network access to the S+ Client\u002FServer to execute arbitrary code, potentially compromising critical infrastructure systems in chemical, manufacturing, energy, and water sectors worldwide. ABB released patched version 2.4 SP2 RU1 in December 2024 and recommends immediate upgrade or network isolation as mitigation.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-120-06",{"id":381,"title":382,"slug":383,"brief":384,"ai_summary":385,"url":386,"image_url":25,"published_at":351},"743d0659-fc70-4067-90b8-997143279c97","ABB Edgenius Management Portal","abb-edgenius-management-portal-0bc023","Critical authentication bypass in ABB Edgenius Management Portal allows arbitrary code execution.","ABB has released a security advisory for CVE-2025-10571, a critical authentication bypass vulnerability in Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1 (CVSS 9.6). An attacker with network access could exploit the vulnerability to install arbitrary code, uninstall applications, and modify configurations. ABB recommends immediate upgrade to version 3.2.2.0 or disabling the portal until patching is possible.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-120-03",[],[],[],[],50]