All news with #ot security tag

🔒 GE Vernova released updates for Enervista UR Setup to address two vulnerabilities. The installer is vulnerable to DLL hijacking (CVE-2026-1762), which could allow administrative code execution when run in directories containing untrusted DLLs. A second issue is a path traversal (CVE-2026-1763) that can overwrite files as the logged-in user. Users should update to version 8.70 or later.

🔒 CISA reports a critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products that exposes an unauthenticated API endpoint allowing an attacker to change the forgot password recovery email. Successful exploitation can enable account takeover and unauthorized access to camera feeds, and the issue is scored CVSS v3.1 9.8 (CRITICAL). Affected firmware includes several 2MP and 25M IPC/PTZ variants. Honeywell recommends contacting support for patches; CISA urges reducing Internet exposure, segmenting networks, and using secure remote access.

🔒 Siemens has identified multiple third-party component vulnerabilities in SINEC OS versions prior to V3.3 that affect numerous RUGGEDCOM and SCALANCE industrial network devices worldwide. Siemens ProductCERT published firmware updates (V3.3+) and recommends timely upgrades; CISA republished the vendor advisory. Reported issues originate in libraries such as OpenSSL, libcurl, BusyBox, libpcap and others and include high- and critical-severity flaws (unauthenticated RCEs, buffer overflows, path traversal and improper certificate validation). Administrators should apply vendor patches, restrict network access, isolate control networks, and use secure remote access methods while performing impact analysis.

🔒 CISA released guidance that examines why legacy industrial protocols are often insecure-by-design and why available protections are not widely adopted. Developed with OT equipment manufacturers and standards bodies, the document reports findings from interviews with asset owners and operators about motivations to secure communication and barriers they face. The guidance identifies practical, operational, and technical obstacles and offers recommendations for owners and operators and manufacturers to drive more usable, sustainable security capabilities.

⚠️ Yokogawa's FAST/TOOLS (versions R9.01–R10.04) contains multiple web and cryptographic vulnerabilities tracked across 14 CVEs that could enable redirection to malicious sites, decryption of communications, man-in-the-middle attacks, cross-site request forgery, script execution, and unauthorized file access. Example CVSS v3 scores reach up to 8.2 for some issues. Yokogawa advises updating to R10.04, applying patch CS_e12787, then installing R10.04 SP3. CISA recommends minimizing Internet exposure for control systems, isolating OT networks behind firewalls, and using secure remote access.

⚠ AVEVA's PI Data Archive contains an uncaught-exception vulnerability (CVE-2026-1507) that can allow an unauthenticated remote attacker to crash PI core services and cause denial of service. Affected versions include PI Server <=2018_SP3_Patch_7, 2023 (including 2023_Patch_1), and 2024. The issue has a CVSS 3.1 base score of 7.5 (High). AVEVA recommends upgrading to PI Server 2024 R2 or applying vendor patches and restricting inbound access to TCP port 5450.

⚠️ A cyber actor compromised OT and ICS in Poland's energy sector in December 2025, affecting renewable plants, a combined heat and power facility, and a manufacturing company. Attackers gained access via vulnerable internet-facing edge devices, deployed wiper malware, destroyed HMI data, corrupted firmware, and damaged RTUs, causing loss of view and control. Production continued at some sites, but operators could not monitor or control systems as designed. Stakeholders are urged to enable firmware verification, change default credentials, and replace end-of-support edge devices.

🔒 CISA released Barriers to Secure OT Communications: Why Johnny Can’t Authenticate to help operational technology (OT) owners, operators, integrators, and manufacturers adopt more secure communications. Based on interviews with stakeholders across Water and Wastewater, Transportation, Chemical, Energy, and Food and Agriculture sectors, the guide explains why insecure legacy industrial protocols persist and how threat actors can impersonate devices or alter messages. It identifies practical barriers—cost and complexity, latency and bandwidth, inspection issues from encryption, and interoperability with legacy products—and offers actionable recommendations to reduce friction and improve usability when procuring, deploying, and maintaining secure OT communications.

🏭 The imminent retirement of experienced OT staff is causing a widespread loss of institutional knowledge that directly threatens operational continuity and cybersecurity in industrial environments. Successors often inherit undocumented legacy systems, hidden VLANs, bespoke protocol tweaks and undocumented routing rules that were never captured in official diagrams. That mismatch increases the risk of outages during modernization, lengthens implementation timelines and can unintentionally expand the attack surface through misconfigured segmentation or firewalls. Prioritizing structured knowledge transfer, thorough documentation and OT-aware security practices helps reduce single points of failure and vendor dependence.

🔒 The Synectix LAN 232 TRIO 3‑port serial-to-Ethernet adapter exposes its web management interface without requiring authentication, enabling unauthenticated actors to modify critical device settings or perform a factory reset. Tracked as CVE-2026-1633 and rated CVSS v3.1 10.0 (Critical), the product is end-of-life and Synectix is no longer in business, so firmware fixes are unavailable. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using up-to-date VPNs or other secure remote-access methods while operators pursue replacement or isolation of affected units.

🛡️ Avation's Light Engine Pro devices expose configuration and control interfaces without authentication, tracked as CVE-2026-1341. Successful exploitation could allow an attacker to take full control of affected units. Avation has not responded to CISA's coordination request; users should contact the vendor and apply mitigations such as isolating devices from the internet, placing them behind firewalls, and using VPNs for remote access. CISA reports no public exploitation to date.

⚠️ MOMA Seismic Station versions v2.4.2520 and earlier expose the device web management interface without requiring authentication, enabling unauthenticated actors to modify configuration, retrieve device data, or remotely reset the device. The vulnerability is tracked as CVE-2026-1632 and classified as Missing Authentication for Critical Function (CWE-306). CISA assigns a CRITICAL severity (CVSS v3.1 Base Score 9.1) and notes that RISS SRL did not provide a vendor-supplied patch in the advisory.

⚠️ A high-severity vulnerability (CVE-2025-10314) affects Mitsubishi Electric FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 due to incorrect default permissions. A local attacker with write access to the installation directory could replace service executables or DLLs and execute code with SYSTEM privileges, potentially modifying or destroying data or causing denial of service. Mitsubishi released version 8.1.0 to address the issue; administrators should install the update and apply vendor mitigations, limit remote access, and maintain endpoint protections.

🏭 This Enterprise Spotlight outlines how emerging technologies — from AI and extended reality to edge computing and digital twins — are reshaping manufacturing operations, workforce interactions, and product lifecycles. The February 2026 issue brings together editorial insight, case studies, and practical frameworks to guide CIOs and plant leaders through adoption and scaling. It emphasizes data governance, interoperability, and measurable ROI as critical enablers for responsible transformation.

🛠️ Emerging technologies — from AI and quantum computing to extended reality (XR), edge computing and digital twins — are driving profound change in manufacturing, improving efficiency, safety and innovation. This special report examines how these advances will fundamentally alter operations, competitiveness and value creation across industrial sectors. It highlights practical use cases, adoption challenges and strategic considerations for responsible integration.

🔒 Fortinet's Accelerate 2026 returns to Las Vegas March 9–13, bringing customers, partners, and industry leaders together at the Mandalay Bay Convention Center for keynotes, technical sessions, and an expansive Tech Expo. The event emphasizes an integrated platform approach to secure networking, unified SASE, cloud and OT protection, and AI-enhanced detection and automation. Customer-led sessions from organizations such as Lowe’s, TJX, and ExxonMobil will share practical implementations, while attendees can pursue certifications, hands-on workshops, and the Fortinet Ultimate Fabric Challenge to translate strategy into operational outcomes.

⚠ Rockwell Automation's ArmorStart LT devices are affected by multiple vulnerabilities that can cause denial-of-service conditions. Affected models include 290D, 291D, and 294D running firmware versions <=V2.002; each issue is rated CVSS v3.1 7.5 (High). Observed impacts include unresponsive CIP ports, unexpected device reboots, ICMP loss, and web application inaccessibility during fuzzing and active scanning. No patch is available; operators should apply network segmentation and secure remote access best practices to reduce exposure.

⚠️ Multiple denial-of-service vulnerabilities in Rockwell Automation ControlLogix Redundancy Enhanced Modules (catalogs 1756-RM2 and 1756-RM2XT) can be triggered by crafted inputs, including malformed Class 3 messages and resource exhaustion. Exploitation may render devices unresponsive or cause major nonrecoverable faults, potentially requiring a restart. The issues carry a CVSS 3.1 base score of 7.5 (High). Rockwell recommends upgrading to 1756-RM3 and following advisory SD1769; if immediate upgrade is not possible, apply segmentation, firewalling, and other security best practices to reduce exposure.

🔍 A study by OMICRON based on multi-year deployments of its StationGuard IDS across more than 100 substations, power plants, and control centers found pervasive cybersecurity and operational shortcomings. Passive network monitoring exposed unpatched PAC devices, undocumented external connections, weak segmentation, and incomplete asset inventories—issues often visible within 30 minutes of connection. The findings emphasize the need for protocol-aware, network-level detection and automated asset discovery to meet frameworks such as IEC 62443 and NIST.

⚠️ A coordinated late-December cyberattack targeted distributed energy resource (DER) sites across Poland, impacting roughly 30 facilities including combined heat and power (CHP) plants and wind and solar dispatch systems. Researchers at Dragos say attackers damaged OT equipment beyond repair and wiped Windows hosts while disabling remote monitoring, though generation continued and no outages occurred. Dragos links the operation with moderate confidence to the cluster it calls Electrum, noting overlaps with Sandworm/APT44 and ties to destructive wipers used in Ukraine.