< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 4 of 18

Multiple critical vulnerabilities in SenseLive X3050 devices

⚠️ The CISA advisory reports multiple high-severity vulnerabilities in SenseLive X3050 (V1.523) that can allow an attacker on the network to bypass authentication, obtain administrative access, and perform unauthorized firmware operations. Affected issues include hard-coded credentials, missing authentication and authorization, insufficient session handling, cleartext management traffic, CSRF, and unsafe configuration controls that may destabilize device operation. CISA notes no known public exploitation to date; administrators should reduce exposure and contact the vendor.
read more →

Siemens Analytics Toolkit: Certificate Validation Flaw

🔒 Multiple Siemens analytics applications are affected by improper certificate validation in the Siemens Analytics Toolkit, which could allow an unauthenticated remote attacker to conduct man-in-the-middle (MITM) attacks. Affected products include Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge, and Tecnomatix Plant Simulation. Siemens has released vendor fixes; CISA and Siemens recommend applying the updates immediately, minimizing network exposure, and following operational security guidance to isolate control system networks and secure remote access.
read more →

Siemens SCALANCE W-700 Series Multiple Firmware Flaws

⚠️ Siemens SCALANCE W-700 series devices with firmware earlier than V6.6.0 are affected by multiple security vulnerabilities. Siemens released firmware V6.6.0 to address these issues and urges operators to update affected units promptly. Temporary mitigations include reducing Wi‑Fi power, restricting physical access, disabling A‑MSDU if available, and minimizing network exposure of control devices. Several flaws could allow remote attackers to execute actions or cause denial of service; some carry high or critical CVSS scores.
read more →

Siemens RUGGEDCOM CROSSBOW SAC: SQLite Vulnerability

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.
read more →

Siemens SINEC NMS Authorization Bypass Vulnerability

⚠ Siemens ProductCERT reports an authorization bypass in SINEC NMS prior to V4.0 SP3 that permits an authenticated attacker to reset the password of any user account. The vulnerability arises from improper validation of authorization when processing password reset requests. Siemens has released V4.0 SP3 to remediate the flaw and CISA republished the vendor advisory. Until systems are updated, organizations should apply network restrictions, isolate control networks, and require secure remote access.
read more →

ZionSiphon OT Malware Targets Water Treatment Systems

🔎 Darktrace researchers have analyzed a newly identified malware called ZionSiphon that combines typical endpoint compromise techniques with functions tailored to industrial control systems, specifically targeting water treatment and desalination infrastructure. The sample includes privilege escalation, persistence, and USB-based propagation alongside environment and software checks for reverse osmosis and chlorine control. While it can scan OT protocols such as Modbus and attempt register modifications, implementation gaps and a country-validation flaw suggest the strain is an early-stage tool that may fail to activate in many environments.
read more →

ZionSiphon Malware Hits Israeli Water and Desalination

🚨 Darktrace researchers disclosed ZionSiphon, a newly observed malware family tailored to Israeli water treatment and desalination systems. The June 29, 2025 sample establishes persistence, escalates privileges, propagates via removable media, and scans local subnets for OT services, probing Modbus, DNP3 and S7comm devices. It contains routines to alter chlorine dosing and pressure parameters but appears unfinished or misconfigured; non-target hosts trigger a self-destruct sequence.
read more →

ZionSiphon OT Malware Targets Water Treatment Systems

💧 Researchers at Darktrace identified ZionSiphon, a new operational technology malware engineered to sabotage water treatment and desalination environments. The sample includes routines to increase chlorine dosing, force valves open, and raise RO pressure by appending fixed configuration entries, and it propagates via USB as a hidden svchost.exe. A faulty IP verification routine currently prevents activation, but attackers could correct the logic to enable dangerous OT manipulation.
read more →

Critical Weak Password Issue in Horner Automation PLCs

🔒 Horner Automation products contain a weak-password vulnerability (CVE-2026-6284) that allows network attackers to brute-force credentials and gain unauthorized access to PLC systems and services. Affected versions include Cscape v10.0, XL7 v15.60, and XL4 v16.32.0. The vulnerability is scored CVSS 3.1 9.1 (Critical) and is associated with CWE-521: Weak Password Requirements. Horner has released fixes—update to Cscape v10.2 SP2 and the latest XL4/XL7 firmware—and operators should minimize network exposure and use secure remote access.
read more →

Critical Missing Authorization in AVEVA Pipeline Simulation

🔒 A critical authorization vulnerability (CVE-2026-5387) in AVEVA Pipeline Simulation allows an unauthenticated actor to perform actions reserved for Simulator Instructor or Developer roles, with the potential to modify simulation parameters, training configuration, and training records. Affected versions are <=2025_SP1_build_7.1.9497.6351. AVEVA provides a fix: upgrade to 2025 SP1 P01 (build 7.1.9580.8513) or later; interim mitigations include restricting API network access and enforcing TLS.
read more →

Delta ASDA-Soft Stack Buffer Overflow Vulnerability

⚠️ CISA warns of a stack-based buffer overflow (CVE-2026-5726) in Delta Electronics ASDA-Soft affecting versions <=V7.2.2.0 that can enable arbitrary code execution when a specially crafted .par file is parsed. The flaw is rated High (CVSS 3.1 base score 7.8) and requires local access or user interaction to trigger. Delta advises upgrading to ASDA-Soft v7.2.6.0 or later and following network isolation and defense-in-depth practices.
read more →

Critical Vulnerabilities in Anviz CX Series & CrossChex

⚠️ CISA published an advisory describing multiple critical vulnerabilities in Anviz products, including CX2 Lite, CX7, and CrossChex Standard. Issues range from unauthenticated firmware uploads and command injection to credential exposure and cleartext administrative sessions, any of which can lead to remote code execution and full device compromise. The advisory lists numerous CVEs with example CVSS up to 9.8 and notes no vendor response; organizations are urged to isolate affected devices and apply defensive mitigations immediately.
read more →

Ransomware Emerges as Top Threat to Automotive Sector

🔒 A new report from Halcyon warns that ransomware has become the fastest-growing and most disruptive cyber threat to the automotive sector, accounting for 44% of attacks on carmakers in 2025 after incidents more than doubled that year. The vendor links the surge to connected vehicle platforms, OTA update mechanisms, cloud services and insecure third-party suppliers. Recommended mitigations include patching edge devices, deploying phishing-resistant MFA, hardening EDR, maintaining immutable offline backups and enforcing supplier security requirements.
read more →

Venice OT intrusion claim and Anthropic source leak risks

🔒 Smashing Security episode 463 examines two incidents that expose operational and AI security weaknesses: a claimed intrusion into Venice’s flood‑defence pump controls and an accidental full‑source disclosure by Anthropic. Hosts Graham Cluley and Tanya Janca discuss the physical risks of compromised legacy OT systems, how packaging/CI misconfigurations can leak high‑value IP and attack surface, and the governance challenges of powerful internal tools like Mythos. They recommend stronger CI/CD defaults, strict access controls for model assets, and reliable out‑of‑band incident communications.
read more →

Rolling Networks: Securing Cyber Risks in Transport

🚚 Modern trucks are "rolling networks" loaded with communications systems, sensors, cloud-connected devices and Wi-Fi, creating expansive attack surfaces. Ben Wilkens of NMFTA warns that cybercriminals exploit the sector’s uptime pressure with ransomware, extortion and cyber-enabled cargo theft. Core hygiene—MFA, network segmentation, social engineering training and timely patching—can significantly reduce risk but must be adapted for small carriers. NMFTA advances research, guidance and an annual conference to help the industry collaborate and strengthen defenses.
read more →

Manufacturing Cybersecurity: Complexity Surges in 2025

🔒 The global manufacturing sector entered 2025 confronting one of the most aggressive cyber threat environments in its history. Digital transformation, smart factories, and interconnected supply chains have expanded operational reach but introduced unprecedented attack surfaces, making ransomware and supply-chain compromises a primary concern. According to the Manufacturing Threat Landscape 2025 report, incidents rose sharply year over year, placing manufacturing at the center of global ransomware activity and forcing organizations to reassess defenses and incident readiness.
read more →

Securing Manufacturing Operations Against Ransomware in 2026

🔒 Modern manufacturing is increasingly targeted by fast, high-impact cyberattacks: Clorox production lines went dark in 2023 and a global automaker halted factories across five countries in 2025 from stolen credentials. Ransomware incidents against manufacturers rose 56% in 2025, with average European demands exceeding $1.16 million. The analysis highlights structural weaknesses—legacy OT, credential sprawl, and inadequate segmentation—and recommends pragmatic, non-disruptive defenses to protect operations without causing downtime.
read more →

Nearly 4,000 US Rockwell PLCs Exposed in Iranian Attacks

🔒 A joint U.S. federal advisory warns that Iranian state-backed hackers have been targeting Rockwell Automation/Allen‑Bradley PLCs since March 2026, extracting project files and manipulating HMI/SCADA displays. Researcher Censys found 5,219 EtherNet/IP hosts exposed online globally, with 3,891 (74.6%) in the United States and a notable share on cellular carrier ASNs. Agencies urge disconnecting or firewalling PLCs, enforcing MFA, applying updates, disabling unused services, and monitoring OT ports and logs for suspicious overseas traffic.
read more →

GPL Odorizers GPL750 Vulnerability Allows Modbus Tampering

🔐 A vulnerability in GPL Odorizers GPL750 controllers (CVE-2026-4436) permits a low-privileged remote attacker to send unauthenticated Modbus packets that alter register values used by the odorant injection logic, potentially causing excessive or insufficient odorant dosing in gas lines. Affected XL4/XL4 Prime/XL7/XL7 Prime firmware ranges are documented and the issue is rated CVSS 3.1 8.6 (High). Vendors provide firmware updates and installation guidance; apply updates, isolate controllers on control networks, and follow ICS security best practices.
read more →

CISA: Critical BASC-20T Vulnerability Allows Remote Control

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) reports a high-severity vulnerability in Contemporary Controls BASC 20T (BASControl20 v3.1, CVE-2025-13926). An unauthenticated attacker who can sniff network traffic may forge packets to enumerate components, reconfigure, rename, delete items, perform file transfers, and invoke remote procedure calls. CISA assigns a CVSS v3.1 base score of 9.8 and notes the product is considered obsolete; users are advised to contact the vendor for guidance and to reduce network exposure.
read more →