All news with #ot security tag

🔒 The energy sector faces a high and growing cyber threat, with attackers targeting OT systems, grid sensors and IoT endpoints to create cascading societal impacts. Critical vulnerabilities — notably in Siemens products — and increasing IT‑OT coupling widen the attack surface. The article stresses the need for end-to-end visibility, AI-driven early warning and anomaly detection, and stronger international cooperation, including NIS 2-aligned practices and active CERT coordination to build resilience.

🔔 CISA released six Industrial Control Systems (ICS) advisories detailing current security issues, vulnerabilities, and potential exploits affecting multiple vendors and products. The advisories cover Schneider Electric products (including EcoStruxure Machine SCADA Expert, Pro-face BLUE Open Studio, and PowerChute Serial Shutdown), Shelly Pro devices, and METZ CONNECT hardware. One advisory is an update (B) to a prior Schneider Electric notice. Users and administrators are encouraged to review the technical details and apply recommended mitigations promptly.

⚠ A vulnerability in Shelly Pro 4PM (CVE-2025-11243) can cause device reboots and denial-of-service conditions. Due to insufficient input bounds checking in the device's JSON parser, specially crafted RPC requests can trigger memory overallocation and force a reboot. Devices running firmware prior to v1.6 are affected; CISA notes the exploit is reachable from adjacent networks with low attack complexity. Operators should update to v1.6.0 or later and limit network exposure.

🔒 Rockwell Automation disclosed an Incorrect Authorization vulnerability in Verve Asset Manager that allows unauthorized read‑only users to read, update, and delete user accounts via the product API. The issue is tracked as CVE-2025-11862 and CISA reports a CVSS v4 base score of 8.4, noting remote exploitability and low attack complexity. Affected releases include versions 1.33 through 1.41.3; Rockwell fixed the flaw in 1.41.4 and 1.42. Administrators should prioritize updates and apply network mitigations to limit exposure.

🔒 Rockwell Automation disclosed multiple vulnerabilities in FactoryTalk DataMosaix Private Cloud that can enable MFA bypass and persistent cross-site scripting. The issues, tracked as CVE-2025-11084 and CVE-2025-11085, affect 7.11 and selected 8.x releases and carry CVSS v4 scores up to 8.6, indicating high severity. Rockwell has released patches and CISA advises applying updates, minimizing network exposure, and isolating control networks to reduce remote exploitation risk.

⚠️ Siemens disclosed an improper certificate validation vulnerability in Solid Edge SE2025 that could enable unauthenticated remote man-in-the-middle attacks against the product's license service connections. The issue is tracked as CVE-2025-40744 and carries a CVSS v3.1 base score of 7.5 and a CVSS v4 base score of 8.7, indicating high impact and low attack complexity. Siemens recommends updating to V225.0 Update 11 or later and restricting network access to licensing endpoints; CISA also advises network segmentation, use of secure remote access, and standard anti-phishing protections. No known public exploitation targeting this vulnerability has been reported.

🔒 Siemens disclosed multiple vulnerabilities in Spectrum Power 4 that allow privilege escalation and remote command execution in affected versions prior to V4.70 SP12 Update 2. Several issues carry high severity ratings (CVSS v4 up to 8.7) and include weaknesses such as incorrect privilege and permission assignments (CWE-266, CWE-732), incorrect use of privileged APIs (CWE-648), and inclusion of untrusted control-sphere functionality (CWE-829). Siemens recommends updating to V4.70 SP12 Update 2 and limiting network exposure; CISA reiterates defensive best practices.

⚠ Rockwell Automation reported a remotely exploitable vulnerability (CVE-2024-22019) in FactoryTalk Policy Manager that can lead to resource exhaustion and denial of service. The issue stems from Node.js HTTP handling of chunked transfer encoding (CWE-404) that permits unbounded reads from a single connection. Affected releases include Version 6.51.00 and earlier; Rockwell corrected the issue in Version 6.60.00. CISA assigns a high severity rating (CVSS v4 8.7) and recommends upgrading, minimizing network exposure, and isolating control networks behind firewalls.

⚠ AVEVA reported a basic cross-site scripting vulnerability (CVE-2025-8386) in the Application Server IDE affecting versions 2023 R2 SP1 P02 and earlier. An authenticated user with the aaConfigTools privilege can modify App Objects' help files to persist XSS that may execute in other users' sessions, potentially enabling horizontal or vertical privilege escalation. AVEVA provides a fix in System Platform 2023 R2 SP1 P03; CISA advises auditing permissions, minimizing network exposure, and using secure remote access methods.

⚠️ CISA reports multiple high-severity vulnerabilities affecting General Industrial Controls Lynx+ Gateway, including weak password requirements, missing authentication for critical functions, and cleartext transmission of sensitive data. These issues carry CVSS v4 scores up to 9.2 and permit remote exploitation with low attack complexity, potentially enabling unauthorized access, device resets, information disclosure, or denial-of-service. Affected firmware versions include R08, V03, V05, and V18; the findings were disclosed in November 2025. CISA recommends minimizing network exposure, isolating control devices behind firewalls, and using secure remote access methods such as updated VPNs while coordinating with the vendor.

🔒 AVEVA has released advisory ICSA-25-317-03 addressing a cryptographic weakness in AVEVA Edge (formerly InduSoft Web Studio) that could allow a local actor with read access to project or offline cache files to brute-force user or Active Directory passwords. The issue is tracked as CVE-2025-9317 and carries a CVSS v4 base score of 8.3. AVEVA provides a 2023 R2 P01 Security Update and recommends project migration, password resets, and tightened file access controls. This vulnerability is not remotely exploitable according to CISA.

⚠️ CISA published an advisory on November 13, 2025, warning that Brightpick AI devices — Mission Control and Internal Logic Control — contain multiple high-severity weaknesses that are remotely exploitable. Tracked as CVE-2025-64307, CVE-2025-64308, and CVE-2025-64309, the issues include missing authentication, hardcoded credentials in client-side JavaScript, and an unauthenticated WebSocket endpoint. Calculated scores reach up to CVSS v4 8.7, and CISA advises isolating affected systems, minimizing network exposure, and using secure remote access while conducting impact assessments.

⚠️ Siemens published an advisory for LOGO! 8 and SIPLUS LOGO! devices detailing three vulnerabilities (CVE-2025-40815, CVE-2025-40816, CVE-2025-40817) that could enable remote code execution, denial-of-service, or unauthenticated device manipulation. CVE-2025-40815 is a buffer overflow (CVSSv4 8.6) caused by improper TCP packet validation; the others are missing-authentication issues affecting IP and time configuration. Siemens is preparing fixes; interim mitigations include protecting LSC access with a strong password and restricting UDP port 10006 to trusted IPs while CISA recommends impact analyses before changes.

⚠️ Rockwell Automation's AADvance-Trusted SIS Workstation has a directory traversal vulnerability (CWE-22) in DotNetZip (v1.16.0 and earlier) that can enable remote code execution if a user opens a crafted file. The issue is tracked as CVE-2024-48510 and has a CVSS v4 base score of 8.6 (CVSS v3.1 8.8). Affected versions are 2.00.00 through 2.00.04; Rockwell reports the defect is corrected in Version 2.01.00. Users unable to immediately upgrade should follow vendor guidance, minimize network exposure of control devices, isolate control networks, use secure remote access, and contact Rockwell support for assistance.

⚠ Siemens warns that COMOS contains two high‑severity vulnerabilities — CVE-2023-45133 (CVSS 9.3) and CVE-2024-0056 (CVSS 8.7) — which can enable remote code execution or expose sensitive information. Siemens has released a patch in COMOS V10.4.5 and advises operators to update promptly. Implement network segmentation, avoid direct internet exposure of control systems, and follow Siemens and CISA guidance for secure remote access and system hardening.

⚠️ Siemens Altair Grid Engine contains multiple local vulnerabilities that can enable privilege escalation and arbitrary code execution with superuser rights. One issue discloses password hashes in error messages (CWE-209, CVE-2025-40760, CVSS 5.5) and another allows library path hijacking via uncontrolled environment variables (CWE-427, CVE-2025-40763, CVSS 7.8). Siemens and CISA recommend updating to V2026.0.0 and applying mitigations such as removing setuid bits from affected binaries where appropriate.

🚨 Mitsubishi Electric disclosed a TCP communication vulnerability (CVE-2025-10259) in the MELSEC iQ-F Series CPU modules that can be triggered remotely to disconnect a session and cause a denial-of-service condition. The issue is remotely exploitable with low attack complexity and carries a CVSS v3.1 base score of 5.3. Mitsubishi recommends using VPNs and limiting physical and LAN access while applying vendor guidance and assessing risk.

🔒 Siemens reported Cross-Site Request Forgery and incorrect permission assignment vulnerabilities affecting SICAM P850 and P855 devices (versions prior to 3.11). Exploitation could allow attackers to perform actions as authenticated users or impersonate sessions. Siemens recommends updating to v3.11+, restricting TCP/443 to trusted IPs, and hardening network access; CISA advises isolating control networks and avoiding internet exposure.

⚠️ Rockwell Automation disclosed two local vulnerabilities in Studio 5000 Simulation Interface (version 2.02 and earlier) that allow path traversal–based local code execution (CVE-2025-11696) and a local SSRF that can trigger outbound SMB requests for NTLM hash capture (CVE-2025-11697). Both issues carry high severity (CVSS v4: 9.3 and 8.8) and are exploitable by low-complexity local attackers. Rockwell recommends upgrading to version 3.0.0 or later; CISA advises isolating control system networks, minimizing exposure, and following secure remote-access practices.

🔔 CISA released 18 Industrial Control Systems (ICS) advisories addressing security flaws across a broad set of vendors and product families. The advisories cover firmware, application software, and cloud services used in operational technology and industrial environments, including products from Siemens, Rockwell Automation, AVEVA, and Mitsubishi Electric. Administrators should review the advisories for technical details and apply vendor mitigations, patches, and compensating controls promptly to reduce risk to availability and safety.