All news with #ot security tag

⚠️ A NULL pointer dereference vulnerability (CVE-2025-9166) in Rockwell Automation ControlLogix 5580 version 35.013 can cause the controller to enter a major, nonrecoverable fault resulting in denial of service. CISA reports a CVSS v4 base score of 8.2 and notes remote exploitability with low attack complexity. Rockwell recommends updating to version 35.014 or later and applying security best practices; CISA advises minimizing network exposure, isolating control networks, and using secure remote access methods.

⚠️ Rockwell Automation disclosed an input-validation defect in the FactoryTalk Optix MQTT broker that can enable remote code execution by loading remote Mosquitto plugins due to lack of URI sanitization. The issue affects versions 1.5.0 through 1.5.7; Rockwell recommends upgrading to 1.6.0 or later. CISA assigned CVE-2025-9161, reports a CVSS v4 base score of 7.3, and advises network segmentation and access restrictions; no public exploitation has been reported.

🛡️ ABB has disclosed critical vulnerabilities in its ASPECT, NEXUS, and MATRIX building management and automation products that permit authentication bypass, unauthenticated critical functions, and a classic buffer overflow. Assigned CVEs include CVE-2025-53187, CVE-2025-7677, and CVE-2025-7679 with CVSS v4 scores up to 9.3. ABB resolved CVE-2025-53187 in firmware 3.08.04-s01 and recommends updating affected devices, avoiding direct Internet exposure, restricting network access segments, requiring VPN-based remote access, and changing default credentials to reduce risk.

⚠️ Rockwell Automation has published an advisory for an injection vulnerability in Stratix IOS (≤15.2(8)E5) that could allow an attacker to upload and run malicious configurations without authentication. The issue is tracked as CVE-2025-7350 and carries a CVSS v4 base score of 8.6, with remote exploitability and low attack complexity. Rockwell released an update; users should upgrade to 15.2(8)E6 or later. If updating is not immediately possible, follow vendor best practices and CISA's network-segmentation and access-control recommendations.

🔔 CISA released fourteen Industrial Control Systems (ICS) advisories on September 9, 2025, providing timely information on security issues, vulnerabilities, and potential exploits affecting critical industrial products. The set includes advisories for Rockwell Automation (ThinManager, Stratix IOS, FactoryTalk families, CompactLogix, ControlLogix, Analytics LogixAI, 1783-NATR), Mitsubishi Electric, Schneider Electric, ABB, and others. Administrators are urged to review the advisories for technical details, CVE references, and recommended mitigations, and to prioritize patching, configuration changes, and compensating controls to reduce operational risk.

🔒 Fortinet argues its long-standing, architecture-first approach uniquely positions it to address hybrid enterprise security without the operational overhead of cobbled-together point products. The company highlights early investments in AI, purpose-built ASICs, and a unified FortiOS to deliver integrated networking, SASE, SOC automation, and OT protection. Customers and Gartner Peer Insights recognition are cited as validation of lower total cost of ownership and simpler, high-performance operations.

⚠️ Honeywell's OneWireless Wireless Device Manager (WDM) contains multiple high‑severity vulnerabilities in the Control Data Access (CDA) component — including buffer overread, sensitive resource reuse, integer underflow, and wrong handler deployment (CVE‑2025‑2521, CVE‑2025‑2522, CVE‑2025‑2523, CVE‑2025‑3946). These issues can enable information disclosure, denial of service, or remote code execution. Honeywell advises updating affected WDM releases to R322.5 or R331.1; CISA recommends minimizing network exposure and isolating control networks to reduce exploitation risk.

⚠ CISA released five Industrial Control Systems (ICS) advisories on September 4, 2025, detailing vulnerabilities, impacts, and recommended mitigations for multiple OT products and protocols. The advisories address Honeywell OneWireless WDM, Mitsubishi Electric/ICONICS products, Delta Electronics COMMGR, Honeywell Experion PKS, and the End-of-Train/Head-of-Train Remote Linking Protocol. Several notices are updates (A/B) that include revised technical analysis and vendor-supplied mitigations. Administrators are urged to review the advisories promptly and apply recommended controls.

⚠️ Security firm Armis disclosed 10 vulnerabilities, dubbed Frostbyte10, in Copeland LP E2 and E3 controllers used in heating, cooling, and refrigeration that could let attackers disable or remotely control equipment. Copeland issued firmware 2.31F01; organizations should deploy the update promptly to mitigate exposure. Combined flaws can enable unauthenticated remote code execution with root privileges; specific issues include a predictable default admin account (CVE-2025-6519), API endpoints that expose credential hashes, and unauthenticated file operations. Copeland says engineers acted quickly and that there are no known exploits to date.

⚠️ Mitsubishi Electric's MELSEC iQ-F Series CPU modules are affected by a Missing Authentication for Critical Function vulnerability (CVE-2025-7405) in Modbus/TCP that can allow remote attackers to read and write device values and potentially halt program execution. CISA assigns a CVSS v4 base score of 6.9 and notes the issue is remotely exploitable with low attack complexity. Mitsubishi reports many FX5U/FX5UC/FX5UJ/FX5S variants affected and currently has no fixed version planned. Recommended mitigations include network segmentation, VPNs or firewalls, IP filtering, and restricting physical access.

🔒 Mitsubishi Electric disclosed a MELSEC iQ-F Series CPU module vulnerability (CVE-2025-7731) that transmits sensitive authentication data in cleartext over SLMP, enabling remote attackers to intercept credentials and read or write device values or halt program execution. Assigned CVSS v4 8.7 and described as remotely exploitable with low attack complexity, the issue affects many FX5U/FX5UC/FX5UJ/FX5S variants — Mitsubishi reports no planned patch. Mitsubishi and CISA recommend mitigations such as encrypting SLMP traffic with a VPN, restricting LAN access, isolating control networks behind firewalls, and following ICS hardening best practices.

⚠️ Schneider Electric disclosed an Improper Input Validation vulnerability in Modicon M340 controllers and several communication modules that can be triggered by a specially crafted FTP command. Tracked as CVE-2025-6625 with a CVSS v4 base score of 8.7, the flaw enables a remote denial-of-service with low attack complexity. Schneider released firmware fixes for the BMXNOE0100 (v3.60) and BMXNOE0110 (v6.80) modules, which require device reboot; remediation for other affected products is planned. CISA recommends disabling FTP when not needed, blocking or segmenting port 21, using VPNs for remote access, applying vendor updates where available, and following ICS hardening and risk-assessment practices before making changes.

🔔 CISA released three Industrial Control Systems advisories on August 26, 2025, detailing vulnerabilities and mitigations for INVT VT‑Designer and HMITool, Schneider Electric Modicon M340 controllers and modules, and an updated advisory for Danfoss AK‑SM 8xxA Series. The alerts provide technical details, risk assessments, and recommended mitigations. Administrators and asset owners should review the advisories and apply vendor guidance promptly.

🛡️ CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting vulnerabilities and potential exploits that could affect operational technology environments. The advisories—ICSA-25-231-01 (Siemens Desigo CC Product Family and SENTRON Powermanager), ICSA-25-231-02 (Siemens Mendix SAML Module), ICSA-25-217-02 (Tigo Energy Cloud Connect Advanced, Update A), and ICSA-25-219-07 (EG4 Electronics EG4 Inverters, Update A)—include technical details and recommended mitigations. Users and administrators are urged to review the advisories and apply vendor guidance and mitigations promptly to reduce exposure.

⚠️ Rockwell Automation's Micro800 family contains multiple high-severity vulnerabilities (CVSS v4 9.3) that could be exploited remotely to achieve code execution or privilege escalation. Affected models include Micro820, Micro850, and Micro870 series on specified firmware versions; impacts stem from flaws in Azure RTOS NetX Duo and ThreadX and malformed CIP packets. Rockwell and CISA advise updating to V23.011+ where available, applying vendor fixes for CVE-2023-48691/48692/48693 and CVE-2025-7693, minimizing network exposure, and performing risk assessments before deployment.

⚠️ Rockwell Automation's FactoryTalk Linx contains an improper access control vulnerability in the Network Browser that can be triggered by changing process.env.NODE_ENV to 'development', which disables FTSP token validation. An attacker with local access could create, modify, or delete Linx drivers on affected systems running versions prior to 6.50. The issue is tracked as CVE-2025-7972 (CVSS v4: 8.4) and Rockwell advises updating to 6.50 or applying recommended mitigations and network isolation.

⚠️ Rockwell Automation has disclosed two improper input validation vulnerabilities in the FLEX 5000 I/O modules (5069-IF8 and 5069-IY8) assigned CVE-2025-7861 and CVE-2025-7862. Successful exploitation can remotely induce a fault state that requires a power cycle to recover, producing a denial-of-service condition. Both issues carry elevated CVSS v4 scores (8.7) and are exploitable with low attack complexity. Rockwell recommends upgrading affected modules to V2.012 or later and following established security best practices.

⚠️ Siemens and CISA published an advisory describing a deserialization of untrusted data flaw in multiple engineering and automation products that has been assigned CVE-2024-54678 and a CVSS v3.1 base score of 8.2. The vulnerability permits a local, authenticated attacker to misuse a Windows Named Pipe to cause type confusion and execute arbitrary code with application privileges. Siemens lists numerous affected SIMATIC, SIMOTION, SINAMICS, SIRIUS, and TIA Portal components and offers mitigations such as running affected software on single-user Windows hosts or restricting OS access to administrators; some products currently have no fix planned and are documented in SSA-693808.

⚠️ Siemens reported an authentication bypass vulnerability in the RUGGEDCOM ROX II family that permits bypassing authentication via the device Built-In-Self-Test (BIST) mode. An attacker with physical serial access could obtain a root shell (CVE-2025-40761); a CVSS v4 base score of 8.6 has been assigned. No patch is available; recommended mitigations include setting secure boot passwords and isolating devices from untrusted networks.

🛡️ Rockwell Automation's FactoryTalk Viewpoint (version 14.00 and earlier) contains a privilege-escalation vulnerability tracked as CVE-2025-7973 that arises from improper handling of MSI repair operations. An attacker who can trigger a repair can hijack the SYSTEM-run cscript.exe console to spawn an elevated command prompt, enabling full privilege escalation; CVSS v4 is 8.5 (low attack complexity). Update to 15.00 or apply vendor-recommended mitigations; the issue is not remotely exploitable and no public exploitation has been reported.