< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 7 of 18

Bring the Fight to the Edge: Time-Based OT Defense

🔍 Recent joint research from Palo Alto Networks, Siemens and the Idaho National Laboratory shows that most OT-impacting attacks originate in IT and manifest at the IT–OT edge. Analysts found attackers dwell an average of 185 days in precursor phases, producing detectable signals like credential abuse, reconnaissance and protocol misuse. The paper recommends edge-focused telemetry and an OT SOC-driven active defense to detect and disrupt threats before operational impact.
read more →

InSAT MasterSCADA BUK-TS: Critical RCE Vulnerabilities

⚠️ CISA reports two critical remote code execution vulnerabilities in InSAT MasterSCADA BUK-TS (all versions). CVE-2026-21410 enables SQL injection via the main web interface, and CVE-2026-22553 allows OS command injection through the MMadmServ interface. Both CVEs have CVSS v3.1 base scores of 9.8. CISA recommends minimizing network exposure, isolating control systems behind firewalls, using secure remote access, and contacting the vendor for guidance.
read more →

Record Highs in Industrial Control System Vulnerabilities

🔒 Forescout's new report finds that 2025 saw a record 508 ICS advisories covering 2,155 CVEs and a notable rise in vulnerability severity. The average CVSS for advisories rose to above 8.0 in 2024–2025, with the most affected assets including Purdue Level 1 field controllers, Level 3 operational systems and control-level devices. The vendor warns that reduced CISA advisory coverage and many untracked vulnerabilities increase OT/ICS risk and calls for greater vendor accountability and industry collaboration.
read more →

EnOcean SmartServer IoT: Remote Code Execution Risk

🔒A pair of vulnerabilities in EnOcean SmartServer IoT firmware (<=4.60.009) can be exploited via crafted LON IP-852 management messages to execute arbitrary OS commands or trigger memory corruption. CVE-2026-20761 (command injection) carries a CVSS 3.1 score of 8.1 and permits remote command execution; CVE-2026-22885 is an out-of-bounds read (CVSS 3.1 score 3.7) that can leak memory. EnOcean advises updating to SmartServer 4.6 Update 2 (v4.60.023) or later, and CISA recommends isolating devices, avoiding internet exposure, using secure remote access, and monitoring for suspicious activity.
read more →

Welker OdorEyes XL4 Controller Missing Authentication

🛡️ The Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller contains an authentication vulnerability tracked as CVE-2026-24790 that permits remote influence of the underlying PLC without proper safeguards. Successful exploitation could cause over- or under-odorization events, impacting safety and process control. CISA rates this issue High (CVSS 3.1 8.2) and recommends contacting Welker, minimizing network exposure, isolating control networks, and using secure remote-access methods such as updated VPNs.
read more →

Valmet DNA Engineering Web Tools Vulnerability Overview

🛡️ An unauthenticated attacker can exploit a path traversal vulnerability in Valmet DNA Engineering Web Tools (CVE-2025-15577) by manipulating the web maintenance services URL to obtain arbitrary file read access. The issue is an instance of Improper Limitation of a Pathname to a Restricted Directory (CWE-22) and is rated CVSS 3.1 8.6 (High). Valmet has released a fix and recommends customers contact their automation customer service for remediation assistance. CISA advises reducing internet exposure for control system devices, isolating networks behind firewalls, and applying defense-in-depth controls.
read more →

Good Enough Emulation: Fuzzing a Modbus Thread for Bugs

🔍 This post details emulation-based analysis of the Socomec DIRIS M-70 gateway, where JTAG flash readout protection prevented full hardware debugging. The researcher emulated the Modbus processing thread with Unicorn, integrated AFL for coverage-guided fuzzing across hundreds of message types, and later adopted Qiling for built-in coverage and debugging. The effort uncovered multiple denial-of-service vulnerabilities and six CVEs, showing that a 'good enough' single-thread emulation approach can produce high-impact results.
read more →

Sharp Rise in Ransomware Targeting Industrial Systems

🔐 Researchers at Dragos warn of a marked increase in ransomware groups targeting industrial organizations in 2025, tracking 119 distinct groups — a 49% rise from 2024. The firm reports 3,300 industrial victims last year, with manufacturing and transportation most affected, followed by oil & gas, electricity and communications. Dragos attributes many compromises to abuse of legitimate credentials via VPNs, vendor tunnels and infostealers, and highlights an average OT dwell time of 42 days. The report also names three new threat groups: Sylvanite, Azurite and Pyroxene.
read more →

Delta Electronics ASDA-Soft Stack Overflow (CVE-2026-1361)

⚠ A stack-based buffer overflow has been identified in Delta Electronics ASDA-Soft when parsing .par files, allowing an attacker to write data past a stack buffer and corrupt a structured exception handler (SEH). The issue affects versions <= 7.2.0.0 (CVE-2026-1361) and is assigned a CVSS v3.1 base score of 7.8 (High). Delta released fixed ASDA-Soft version 7.2.2.0 and published advisory Delta-PCSA-2026-00003; CISA reports no known public exploitation and notes the vulnerability is not remotely exploitable.
read more →

Siemens Simcenter Femap and Nastran File Parsing Flaws

⚠️ Siemens has published updates for Simcenter Femap and Simcenter Nastran addressing multiple file‑parsing vulnerabilities in NDB and XDB formats. If a user opens a specially crafted malicious file, affected versions may crash or allow an attacker to achieve arbitrary code execution. Siemens rates the issues as high severity and recommends updating to V2512 or later and avoiding untrusted NDB/XDB files.
read more →

GE Vernova Enervista UR Setup Vulnerabilities Fixed

🔒 GE Vernova released updates for Enervista UR Setup to address two vulnerabilities. The installer is vulnerable to DLL hijacking (CVE-2026-1762), which could allow administrative code execution when run in directories containing untrusted DLLs. A second issue is a path traversal (CVE-2026-1763) that can overwrite files as the logged-in user. Users should update to version 8.70 or later.
read more →

Honeywell CCTV Products: Critical Account Recovery Flaw

🔒 CISA reports a critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products that exposes an unauthenticated API endpoint allowing an attacker to change the forgot password recovery email. Successful exploitation can enable account takeover and unauthorized access to camera feeds, and the issue is scored CVSS v3.1 9.8 (CRITICAL). Affected firmware includes several 2MP and 25M IPC/PTZ variants. Honeywell recommends contacting support for patches; CISA urges reducing Internet exposure, segmenting networks, and using secure remote access.
read more →

Siemens SINEC OS Third-Party Vulnerabilities — Patch Now

🔒 Siemens has identified multiple third-party component vulnerabilities in SINEC OS versions prior to V3.3 that affect numerous RUGGEDCOM and SCALANCE industrial network devices worldwide. Siemens ProductCERT published firmware updates (V3.3+) and recommends timely upgrades; CISA republished the vendor advisory. Reported issues originate in libraries such as OpenSSL, libcurl, BusyBox, libpcap and others and include high- and critical-severity flaws (unauthenticated RCEs, buffer overflows, path traversal and improper certificate validation). Administrators should apply vendor patches, restrict network access, isolate control networks, and use secure remote access methods while performing impact analysis.
read more →

CISA Guidance: Barriers to Secure OT Communication

🔒 CISA released guidance that examines why legacy industrial protocols are often insecure-by-design and why available protections are not widely adopted. Developed with OT equipment manufacturers and standards bodies, the document reports findings from interviews with asset owners and operators about motivations to secure communication and barriers they face. The guidance identifies practical, operational, and technical obstacles and offers recommendations for owners and operators and manufacturers to drive more usable, sustainable security capabilities.
read more →

Yokogawa FAST/TOOLS Multiple Web and Crypto Flaws Reported

⚠️ Yokogawa's FAST/TOOLS (versions R9.01–R10.04) contains multiple web and cryptographic vulnerabilities tracked across 14 CVEs that could enable redirection to malicious sites, decryption of communications, man-in-the-middle attacks, cross-site request forgery, script execution, and unauthorized file access. Example CVSS v3 scores reach up to 8.2 for some issues. Yokogawa advises updating to R10.04, applying patch CS_e12787, then installing R10.04 SP3. CISA recommends minimizing Internet exposure for control systems, isolating OT networks behind firewalls, and using secure remote access.
read more →

AVEVA PI Data Archive: Remote DoS (CVE-2026-1507) Advisory

⚠ AVEVA's PI Data Archive contains an uncaught-exception vulnerability (CVE-2026-1507) that can allow an unauthenticated remote attacker to crash PI core services and cause denial of service. Affected versions include PI Server <=2018_SP3_Patch_7, 2023 (including 2023_Patch_1), and 2024. The issue has a CVSS 3.1 base score of 7.5 (High). AVEVA recommends upgrading to PI Server 2024 R2 or applying vendor patches and restricting inbound access to TCP port 5450.
read more →

Poland Energy Sector Cyber Incident Exposes OT Gaps

⚠️ A cyber actor compromised OT and ICS in Poland's energy sector in December 2025, affecting renewable plants, a combined heat and power facility, and a manufacturing company. Attackers gained access via vulnerable internet-facing edge devices, deployed wiper malware, destroyed HMI data, corrupted firmware, and damaged RTUs, causing loss of view and control. Production continued at some sites, but operators could not monitor or control systems as designed. Stakeholders are urged to enable firmware verification, change default credentials, and replace end-of-support edge devices.
read more →

CISA Guide Helps Critical Infrastructure Adopt Secure OT

🔒 CISA released Barriers to Secure OT Communications: Why Johnny Can’t Authenticate to help operational technology (OT) owners, operators, integrators, and manufacturers adopt more secure communications. Based on interviews with stakeholders across Water and Wastewater, Transportation, Chemical, Energy, and Food and Agriculture sectors, the guide explains why insecure legacy industrial protocols persist and how threat actors can impersonate devices or alter messages. It identifies practical barriers—cost and complexity, latency and bandwidth, inspection issues from encryption, and interoperability with legacy products—and offers actionable recommendations to reduce friction and improve usability when procuring, deploying, and maintaining secure OT communications.
read more →

Retiring OT Experts Create Cybersecurity Knowledge Loss

🏭 The imminent retirement of experienced OT staff is causing a widespread loss of institutional knowledge that directly threatens operational continuity and cybersecurity in industrial environments. Successors often inherit undocumented legacy systems, hidden VLANs, bespoke protocol tweaks and undocumented routing rules that were never captured in official diagrams. That mismatch increases the risk of outages during modernization, lengthens implementation timelines and can unintentionally expand the attack surface through misconfigured segmentation or firewalls. Prioritizing structured knowledge transfer, thorough documentation and OT-aware security practices helps reduce single points of failure and vendor dependence.
read more →

CISA: Synectix LAN 232 TRIO Unauthenticated Web Interface

🔒 The Synectix LAN 232 TRIO 3‑port serial-to-Ethernet adapter exposes its web management interface without requiring authentication, enabling unauthenticated actors to modify critical device settings or perform a factory reset. Tracked as CVE-2026-1633 and rated CVSS v3.1 10.0 (Critical), the product is end-of-life and Synectix is no longer in business, so firmware fixes are unavailable. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using up-to-date VPNs or other secure remote-access methods while operators pursue replacement or isolation of affected units.
read more →