< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles

Monthly security roundup — June 2026 highlights

🔍 ESET Chief Security Evangelist Tony Anscombe reviews key cybersecurity stories from June 2026, assessing implications for defenders. He covers new CISA vulnerability patching rules, attacks on Internet-exposed automatic tank gauge (ATG) systems, rising imposter-scam losses reported by the FTC, and proposed UK and Canada social media bans for under-16s. Tony outlines lessons for organizations beyond federal agencies and practical steps to reduce risk.
read more →

Practical Zero Trust Plan for OT: 90‑Day Roadmap

🔒 The article reframes zero trust for operational technology (OT) by focusing on practical, non‑disruptive steps that align with regulatory requirements and operational realities. It proposes a 90‑day plan: Days 1–30 prioritize mapping assets and identities at IT/OT boundaries; Days 31–60 contain vendor remote access to gain early wins; Days 61–90 build a simple maturity scorecard and narrative. The approach emphasizes targeted controls, governance alignment, and measurable progress rather than abstract architectures.
read more →

Canada’s Spy Agency Uses Court Warrant to Disrupt Botnets

🛡️ The Federal Court authorized the Canadian Security Intelligence Service to reach into infected servers, SOHO routers, and IoT devices on Canadian soil to neutralize two foreign-run botnets. The public ruling, released June 15, confirms CSIS used its threat reduction warrant powers for the first time to alter, degrade, and destroy botnet data while ensuring the operation targeted devices rather than people. The court found the threat imminent and proportional, but redactions leave the precise foreign actor(s) unidentified.
read more →

AzeoTech DAQFactory Type Confusion Advisory

🔒 AzeoTech DAQFactory versions 21.1 and earlier contain a Type Confusion vulnerability that can be triggered by specially crafted .ctl files, potentially enabling arbitrary code execution. Users are advised to avoid opening documents from untrusted sources, store .ctl files in admin-only writable folders, operate in Safe Mode, and apply document editing passwords. CISA notes no known public exploitation and emphasizes network exposure minimization for control systems.
read more →

Schneider Electric Products: Insufficient Entropy Fixes

🔒 Schneider Electric has identified a CWE-331 Insufficient Entropy vulnerability affecting multiple Easergy, EcoStruxure, PowerLogic, and Saitel products that could enable unauthorized access or session compromise. Vendor-supplied fixes and firmware updates are available for numerous models and versions; several updates require a reboot. For models without immediate fixes, Schneider recommends network segmentation and reduced session timeouts as mitigations, and provides general cybersecurity best practices.
read more →

MELSEC iQ-F FX5-ENET/IP Denial-of-Service Risk

🛡️ Mitsubishi Electric reports an Expected Behavior Violation in the MELSEC iQ-F Series FX5-ENET/IP Ethernet Module that can be exploited to cause a denial-of-service by flooding the device's Ethernet port with packets. No patch is planned; vendors recommend network-level mitigations such as firewalls, VPNs, IP filtering, and restricting physical and network access to reduce exploitation risk.
read more →

Path Traversal Vulnerability in Schneider Electric RTUs

🔒 Schneider Electric EasyLogic T150 and Saitel DP devices contain a CWE-22 Path Traversal vulnerability that can allow unauthorized access to sensitive files when server-side file path processing mishandles user input. Affected firmware versions include EasyLogic T150 <=11.06.31 and Saitel DP <=11.06.36. Remediations include firmware updates to 11.06.32 for EasyLogic T150 and 11.06.37 for Saitel DP; contact Schneider Electric Customer Care to obtain downloads and reboot devices after installing. CISA recommends network isolation, strict credential controls, and defensive measures for ICS devices.
read more →

Protecting Legacy OT Systems From Modern Threats

🔒 Manufacturing facilities often rely on long-running operational technology (OT) that was built for stability, not security. As IT and OT converge, previously isolated systems face increased exposure to internet-borne attacks, ransomware, and supply-chain disruption. Effective defenses start with asset visibility, careful deployment choices, network protections for agentless devices, and long-term vendor support to mitigate risks without disrupting production.
read more →

PavilionX Missing Authorization Vulnerability Adviso

🔒 A security issue was identified in Rockwell Automation FactoryTalk Analytics PavilionX due to improper authorization enforcement in API endpoints, allowing unauthorized actors to perform privileged operations such as user and role management. Rockwell Automation recommends updating PavilionX to version 7.01 or later. CISA advises minimizing network exposure of control system devices, isolating them behind firewalls, and using secure remote access methods while performing impact analysis before defensive changes.
read more →

Rockwell FLEX I/O EtherNet/IP Adapter Flaws Fixed

🔒 Rockwell Automation FLEX I/O EtherNet/IP adapters (1794-AENTR) contain vulnerabilities that could enable unauthorized access, account takeover, and denial-of-service. A memory-handling flaw in CIP request processing may cause adapter faults and loss of I/O connectivity, while an embedded web server issue allows unauthenticated password changes via a crafted HTTP GET. Rockwell recommends updating to firmware 2.013 to remediate these issues.
read more →

Rockwell CompactLogix CIP Sequence and Info Leak

🔒 A security advisory details vulnerabilities in Rockwell Automation CompactLogix 1769 controllers where missing validation of CIP sequence numbers and source IPs and exposure of CIP Connection IDs on the device web diagnostics page can be abused to trigger denial-of-service conditions. Rockwell recommends updating affected devices to firmware V38.011 and refers users to advisory SD1776 for mitigation steps. CISA advises minimizing network exposure, placing control systems behind firewalls, using secure remote access like VPNs, and following standard ICS defensive practices and reporting procedures.
read more →

Rockwell Logix 5370/5570 CIP Denial-of-Service Fixes

🛡️ A denial-of-service vulnerability in Rockwell Automation Logix 5370 and 5570 controllers can cause a major nonrecoverable fault (MNRF) when a crafted CIP message is processed, with devices having less memory at greater risk. Rockwell advises updating to specific firmware versions: CompactLogix 5370 (34.016+), Compact GuardLogix 5370 (35.015+), ControlLogix 5570 (36.012+), and GuardLogix 5570 (37.011+). CISA recommends minimizing network exposure, isolating control networks behind firewalls, using secure remote access methods such as VPNs, and following ICS defensive best practices to reduce exploitation risk.
read more →

RSLinx Classic vulnerability advisory and mitigations

🔒 This advisory describes a stack-based buffer overflow and an out-of-bounds read in Rockwell Automation RSLinx Classic Third-Party components that can cause denial of service or enable remote code execution. Rockwell recommends upgrading to version 4.60.00 or later or applying patch BF31213 where upgrades are not possible. CISA urges minimizing network exposure, isolating control systems behind firewalls, and using secure remote access methods such as updated VPNs while performing impact analysis and risk assessments.
read more →

2026 OT Security Report: Maturity Rising, Risks Persist

🔒 The 2026 Fortinet State of Operational Technology and Cybersecurity Report examines how OT security has moved to board-level attention as connectivity increases risk. Based on a global survey of over 700 OT professionals, the report finds improved visibility and governance but uneven maturity across organizations. Key gaps remain in segmentation, secure remote access, incident response, and regulation readiness.
read more →

KACO Blueplanet Inverters: Credential and SQL Injection Risk

🔒 KACO blueplanet inverters contain vulnerabilities that can expose service credentials and allow SQL injection against management components. Siemens and KACO new energy have released updates for some models and recommend updating to the latest firmware where fixes exist. Operators should minimize network exposure, segment control networks, and apply vendor security updates after validation and supervised deployment.
read more →

EcoStruxure Panel Server insecure default credentials

🔒 Schneider Electric disclosed a CWE-1188 vulnerability in EcoStruxure Panel Server products that may cause credentials to revert to insecure defaults in rare circumstances, permitting unauthorized authentication and disclosure of sensitive information. A vendor firmware update (version 002.006.000) is available for affected PAS400/PAS600/PAS800 and V2 variants and requires a reboot. Users are advised to apply the update and follow recommended ICS segmentation and hardening best practices.
read more →

RADIUS Message Integrity Flaw in Modicon Switches

🔒 Schneider Electric disclosed a RADIUS protocol vulnerability (CVE-2024-3596) affecting Modicon Network Managed Switches when the RADIUS Server Message Authenticator option is disabled. The flaw can allow forged RADIUS responses, potentially causing denial of service and loss of confidentiality or integrity for devices connected to the switch. Default configurations are not vulnerable; vendors provide CLI and MIB guidance to ensure msgauth remains enabled. CISA republished the advisory to increase visibility and recommends standard ICS network hardening practices.
read more →

Malware threats imperil automated tank gauges

🔒 CISA warns that ongoing cyber-attacks on automated tank gauges (ATGs) could allow attackers to drain fuel tanks or hide theft and leaks, affecting gas stations, military bases, hospitals, and industrial sites. The attacks exploit authentication bypasses, hardcoded credentials, OS command execution, SQL injection, and privilege escalation to gain full control. Administrators are urged to remove public serial connections, change default passwords, apply patches, report incidents to CISA, and push supply-chain partners to adopt defenses.
read more →

Hitachi Energy RTU500: Multiple Denial‑of‑Service Flaws

🔒 Hitachi Energy has disclosed multiple vulnerabilities affecting RTU500 devices that primarily enable Denial of Service, with potential secondary impacts to confidentiality and integrity. Affected components include PKCS#12 handling, libexpat, and IEC protocol implementations, with issues such as NULL pointer dereferences, integer overflows, and infinite loops. Vendor fixes are available in CMU Firmware versions 13.7.9/13.8.2 (13.7.9 when available), and CISA recommends minimizing network exposure and applying vendor updates and standard mitigations.
read more →

B&R PPT30 OPC‑UA Resource Exhaustion Fix

🔒 B&R has identified a resource exhaustion vulnerability in the OPC‑UA Server used in PPT30 Operating System versions before 1.8.0 that can render the OPC‑UA service inaccessible. The vendor corrected the issue in PPT30 Operating System 1.8.0 and notes the OPC‑UA server is not enabled by default. B&R and CISA recommend updating affected devices, restricting OPC‑UA activation to required systems, and segmenting and firewalling networks to limit access.
read more →