All news with #daikin tag

Daikin Security Gateway: Weak Password Recovery Flaw

🔓 CISA published an advisory describing an authorization bypass in Daikin Security Gateway devices that abuses a weak password recovery mechanism. The vulnerability, tracked as CVE-2025-10127, is remotely exploitable with low complexity and carries a CVSS v4 score of 8.8; public proof‑of‑concept code exists. Daikin has indicated it will not issue a vendor-wide patch and will handle customer inquiries directly; CISA recommends isolating affected devices, placing them behind firewalls, and using secure, up-to-date VPNs or other hardened remote access controls.

CISA Issues Eleven Industrial Control Systems Advisories

🔔 CISA released eleven Industrial Control Systems (ICS) advisories on September 11, 2025, offering timely technical details about vulnerabilities, exploits, and mitigations. The advisories span multiple vendors and product families, including Siemens (SIMOTION Tools, SIMATIC SIVaaS, SINAMICS, SINEC OS, Industrial Edge, UMC, Apogee PXC/Talon TC), Schneider Electric (EcoStruxure, Modicon M340 variants), and Daikin (Security Gateway). Administrators and asset owners are urged to review the advisories, apply vendor patches or recommended mitigations, and strengthen segmentation and monitoring to reduce operational risk.