All news with #ot security tag

⚠️ CISA warns of a stack-based buffer overflow (CVE-2026-5726) in Delta Electronics ASDA-Soft affecting versions <=V7.2.2.0 that can enable arbitrary code execution when a specially crafted .par file is parsed. The flaw is rated High (CVSS 3.1 base score 7.8) and requires local access or user interaction to trigger. Delta advises upgrading to ASDA-Soft v7.2.6.0 or later and following network isolation and defense-in-depth practices.

⚠️ CISA published an advisory describing multiple critical vulnerabilities in Anviz products, including CX2 Lite, CX7, and CrossChex Standard. Issues range from unauthenticated firmware uploads and command injection to credential exposure and cleartext administrative sessions, any of which can lead to remote code execution and full device compromise. The advisory lists numerous CVEs with example CVSS up to 9.8 and notes no vendor response; organizations are urged to isolate affected devices and apply defensive mitigations immediately.

🔒 A new report from Halcyon warns that ransomware has become the fastest-growing and most disruptive cyber threat to the automotive sector, accounting for 44% of attacks on carmakers in 2025 after incidents more than doubled that year. The vendor links the surge to connected vehicle platforms, OTA update mechanisms, cloud services and insecure third-party suppliers. Recommended mitigations include patching edge devices, deploying phishing-resistant MFA, hardening EDR, maintaining immutable offline backups and enforcing supplier security requirements.

🔒 Smashing Security episode 463 examines two incidents that expose operational and AI security weaknesses: a claimed intrusion into Venice’s flood‑defence pump controls and an accidental full‑source disclosure by Anthropic. Hosts Graham Cluley and Tanya Janca discuss the physical risks of compromised legacy OT systems, how packaging/CI misconfigurations can leak high‑value IP and attack surface, and the governance challenges of powerful internal tools like Mythos. They recommend stronger CI/CD defaults, strict access controls for model assets, and reliable out‑of‑band incident communications.

🚚 Modern trucks are "rolling networks" loaded with communications systems, sensors, cloud-connected devices and Wi-Fi, creating expansive attack surfaces. Ben Wilkens of NMFTA warns that cybercriminals exploit the sector’s uptime pressure with ransomware, extortion and cyber-enabled cargo theft. Core hygiene—MFA, network segmentation, social engineering training and timely patching—can significantly reduce risk but must be adapted for small carriers. NMFTA advances research, guidance and an annual conference to help the industry collaborate and strengthen defenses.

🔒 The global manufacturing sector entered 2025 confronting one of the most aggressive cyber threat environments in its history. Digital transformation, smart factories, and interconnected supply chains have expanded operational reach but introduced unprecedented attack surfaces, making ransomware and supply-chain compromises a primary concern. According to the Manufacturing Threat Landscape 2025 report, incidents rose sharply year over year, placing manufacturing at the center of global ransomware activity and forcing organizations to reassess defenses and incident readiness.

🔒 Modern manufacturing is increasingly targeted by fast, high-impact cyberattacks: Clorox production lines went dark in 2023 and a global automaker halted factories across five countries in 2025 from stolen credentials. Ransomware incidents against manufacturers rose 56% in 2025, with average European demands exceeding $1.16 million. The analysis highlights structural weaknesses—legacy OT, credential sprawl, and inadequate segmentation—and recommends pragmatic, non-disruptive defenses to protect operations without causing downtime.

🔒 A joint U.S. federal advisory warns that Iranian state-backed hackers have been targeting Rockwell Automation/Allen‑Bradley PLCs since March 2026, extracting project files and manipulating HMI/SCADA displays. Researcher Censys found 5,219 EtherNet/IP hosts exposed online globally, with 3,891 (74.6%) in the United States and a notable share on cellular carrier ASNs. Agencies urge disconnecting or firewalling PLCs, enforcing MFA, applying updates, disabling unused services, and monitoring OT ports and logs for suspicious overseas traffic.

🔐 A vulnerability in GPL Odorizers GPL750 controllers (CVE-2026-4436) permits a low-privileged remote attacker to send unauthenticated Modbus packets that alter register values used by the odorant injection logic, potentially causing excessive or insufficient odorant dosing in gas lines. Affected XL4/XL4 Prime/XL7/XL7 Prime firmware ranges are documented and the issue is rated CVSS 3.1 8.6 (High). Vendors provide firmware updates and installation guidance; apply updates, isolate controllers on control networks, and follow ICS security best practices.

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) reports a high-severity vulnerability in Contemporary Controls BASC 20T (BASControl20 v3.1, CVE-2025-13926). An unauthenticated attacker who can sniff network traffic may forge packets to enumerate components, reconfigure, rename, delete items, perform file transfers, and invoke remote procedure calls. CISA assigns a CVSS v3.1 base score of 9.8 and notes the product is considered obsolete; users are advised to contact the vendor for guidance and to reduce network exposure.

⚠️Six US agencies warn an Iranian-affiliated group has compromised internet-exposed programmable logic controllers at water, energy, and government facilities since at least March 2026. The actors used leased overseas infrastructure and legitimate Rockwell Automation configuration tools to access CompactLogix and Micro850 controllers. Victims suffered operational disruption, project file theft, altered SCADA/HMI data, and persistent remote access.

⚠ Iranian-affiliated threat actors have been exploiting internet-facing operational technology (OT) assets to target US critical national infrastructure (CNI) providers since late March, according to a CISA advisory. Attackers used vendor configuration tools such as Rockwell Automation's Studio 5000 Logix Designer to create accepted connections to PLCs and manipulated HMI/SCADA displays. Observed inbound traffic used ports 44818, 2222, 102, 22 and 502 and included deployment of Dropbear SSH for remote access. Agencies urge immediate log review, segmentation, and removal of direct internet exposure for PLCs.

🔒 Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across U.S. critical infrastructure, including energy, water and government facilities. U.S. agencies warn attackers used third-party hosted infrastructure and Rockwell Automation tools to connect to CompactLogix and Micro850 PLCs, deploy Dropbear SSH, extract project files, and manipulate HMI/SCADA displays, causing degraded functionality and disruption. Organizations are advised to remove internet exposure, enforce multi-factor authentication, place firewalls or proxies in front of PLCs, disable unused features, keep devices up to date, and monitor for anomalous traffic.

⚠️ U.S. agencies warn that Iranian-affiliated APT actors are actively targeting Internet-exposed Rockwell/Allen-Bradley and other PLCs on networks supporting critical infrastructure sectors such as Water, Energy, and Government Services. The joint advisory from the FBI, CISA, NSA, DOE, EPA, and U.S. Cyber Command states intrusions since March 2026 have caused operational disruption, extraction of device project files, and manipulation of HMI/SCADA displays. Organizations are advised to disconnect PLCs from the Internet or protect them behind firewalls, apply the latest firmware, enable multifactor authentication for OT access, disable unused services and default keys, and monitor OT ports and logs for the advisory's indicators of compromise.

🔒 The UK’s National Cyber Security Centre (NCSC) warns that Russian-linked APT28 has been compromising vulnerable SOHO routers to redirect DNS traffic through attacker-controlled servers and harvest credentials. The actor has modified a list of VPS-hosted DNS servers since 2024 and exploited models including TP-Link (notably the WR841N via CVE-2023-50224) and MikroTik. The campaigns use DHCP DNS tampering and adversary-in-the-middle techniques; the NCSC and Microsoft advise firmware updates, multifactor authentication and network hardening.

🔒 CISA reports two high‑severity vulnerabilities (CVE‑2025‑14815, CVE‑2025‑14816) in Mitsubishi Electric GENESIS64, ICONICS Suite, and related products that may expose SQL Server credentials stored in local caches or displayed in the Hyper Historian Splitter GUI. Successful exploitation could enable disclosure, tampering, or denial of service on affected systems. Vendor updates are available (10.98+ for GENESIS64/ICONICS products and 11.03+ for GENESIS); administrators should disable local cache, delete cache files, prefer Windows authentication, and restrict administrative and remote access until patches are applied.

🚨 CISA, the FBI, NSA and partner agencies warn that Iranian-affiliated APT actors are actively exploiting internet-facing operational technology controllers, notably Rockwell Automation/Allen-Bradley PLCs. The actors used vendor configuration software and leased overseas hosting to access exposed PLCs, extracted project files, and altered data shown on HMIs and SCADA displays, causing operational disruption and financial loss. Organizations should urgently apply the advisory's IOCs and mitigations: remove PLCs from direct internet exposure, enforce access controls and MFA, and contact vendor and federal incident contacts if targeted.

🔒 Operational technology (OT) is rapidly moving online, creating new cyber-physical risks as industrial control systems connect to corporate IT. In a Fortinet Brass Tacks podcast, KPMG’s Hossain Alshedoki explains how visibility, culture, and measured extension of IT controls into OT are essential. He stresses resilience over replication of IT models, and prioritizes asset discovery before automation.

🔒 A survey by e2e-assure of 250 UK critical national infrastructure (CNI) cybersecurity decision-makers found 80% of organisations expect operational technology (OT) downtime costs between £100,000 and £5m, with 23% reporting incidents exceeding £1m and 6% above £5m. Nearly two-thirds said they fear nation-state attacks, and the vendor warned attackers commonly pivot from IT into exposed OT environments. Respondents also highlighted limited OT visibility and supply-chain risks that hinder detection, response and remediation efforts.

🔒 New ESET polling of 500 senior IT, OT, operations, risk and security leaders shows 78% of UK manufacturers experienced a serious cyber incident in the past year. Most (95%) saw direct business impact and 53% reported financial losses, with supply chain disruption and missed commitments common. Respondents flagged AI-enabled attacks as the top production threat, yet only 22% assign cyber accountability to the board.