All news with #ot security tag

🔒Siemens has disclosed multiple vulnerabilities affecting RUGGEDCOM APE1808 devices, tied to cross-site scripting and a path traversal flaw (CVE-2025-40891, CVE-2025-40892, CVE-2025-40893, CVE-2025-40898). The issues include stored HTML/JavaScript injection in Time Machine Snapshot Diff, Reports, and Asset List features, and an authenticated path traversal in Arc data import that can enable arbitrary file writes. Siemens is preparing fixes and advises contacting Siemens ProductCERT, segregating and protecting device networks, and following Siemens operational security guidance until patches are available.

🔒 Siemens has released a security update for SINEC Security Monitor addressing two vulnerabilities (CVE-2025-40830, CVE-2025-40831) in versions before V4.10.0. The flaws allow an authenticated user to read or write arbitrary files via the ssmctl-client file_transfer feature and to cause a report-generation denial-of-service. Siemens recommends updating to V4.10.0 or later and reducing network exposure per operational guidance.

🚨 On Saturday, 10 January, the city of Halle (Saale) experienced a widespread false alarm when all sirens sounded around 10:00 p.m., accompanied by an English announcement: “Active shooter. Lockdown now.” City officials, including Mayor Alexander Vogt and security head Tobias Teschner, said the alert was likely triggered by external access to the siren system and not by local, state, or federal authorities. Authorities have secured the system, filed a police report, and are investigating; the municipal website was briefly unavailable due to high visitor traffic rather than a targeted DDoS, and resilience measures have been implemented.

🔒 A SQL injection vulnerability (CVE-2025-12807) in Rockwell Automation's FactoryTalk DataMosaix Private Cloud could allow low-privilege users to perform unauthorized, sensitive database operations through exposed API endpoints. Affected versions include 7.11, 8.00, and 8.01; vendor updates are available. Rockwell Automation and CISA advise updating to Version 8.01.02 or later and applying network isolation and secure remote access mitigations.

⚠️ CISA warns of a high-severity denial-of-service vulnerability in Rockwell Automation 432ES-IG3 Series A (CVE-2025-9368) that can render the device unresponsive and requires a manual power cycle to recover. The issue affects firmware V1.001 and has a CVSS v3.1 base score of 7.5 (High). Rockwell Automation has released a firmware update; CISA advises implementing network segmentation, firewalling, and secure remote access while planning the upgrade.

🔒 Edge-deployed rugged IoT enables real-time decision-making in defense, utilities and public safety, but operates beyond traditional IT perimeters and assumptions. Devices face harsh environments, intermittent connectivity and limited physical access, which extend exposure windows and complicate patching and monitoring. CIOs must adopt adaptive, decentralized security that blends device hardening, zero-trust networking, physical protections and offline update workflows to preserve continuity, compliance and safety.

⚠️ Columbia Weather Systems’ MicroServer firmware contains multiple vulnerabilities that could let an attacker redirect SSH connections, expose vendor and user secrets stored on an unencrypted SD card, and obtain a limited interactive shell with elevated file privileges. Affected devices run firmware versions prior to MS_4.1_14142. Columbia Weather Systems recommends updating to MS_4.1_14142 or later and contacting support for assistance; CISA advises minimizing network exposure, isolating control networks, and using secure remote access such as up-to-date VPNs. No known targeted public exploitation has been reported; UsrPacific reported these issues to CISA.

🔐 The convergence of operational technology (OT) and information technology (IT) creates major business opportunities but also introduces significant cybersecurity complexity and risk. Legacy OT equipment, cultural divides between OT and IT teams, and a historical focus on uptime over security increase exposure as organisations digitise critical infrastructure. Leaders must embed security by design, address compliance such as NIS2, and unite teams to manage cloud, AI and device proliferation.

🔔 CISA published two Industrial Control Systems (ICS) Advisories: ICSA-25-364-01 for WHILL C2 Wheelchairs and ICSA-25-345-03 for AzeoTech DAQFactory (Update A). The advisories describe identified vulnerabilities and recommended mitigations. Administrators and users are encouraged to review the technical details and apply mitigations promptly to reduce exposure.

🔒 ServiceNow will pay $7.8bn to acquire OT and IoT security specialist Armis, aiming to extend and enhance its security, risk and operational technology portfolios. The all-cash deal, expected to close in the second half of 2026, is positioned to more than triple ServiceNow’s security market opportunity. ServiceNow said Armis telemetry and asset insights will be integrated into its AI Control Tower to bolster AI governance and deliver automated remediation at scale. Executing on integration — notably tying Armis data into ServiceNow’s CMDB and workflows — is seen as the critical determinant of value realization.

🔐 ServiceNow announced a $7.75 billion cash acquisition of cybersecurity vendor Armis, its largest deal to date, aiming to integrate device and asset visibility into its AI-driven workflow platform. Executives say the purchase will create an end-to-end security exposure and operations stack that ties discovery, governance, and remediation across IT, OT, IoT and edge. Analysts welcomed the move but warned it may push organizations from best-of-breed tools toward suite consolidation, and that full integration will take time.

🔒 Romanian Waters (Administrația Națională Apele Române) reported a ransomware incident over the weekend that affected roughly 1,000 computer systems across the national authority and 10 of its 11 regional offices. Investigators said servers running GIS, databases, email, web services, Windows workstations and DNS were impacted, while operational technology and water infrastructure controls remained operational. Authorities reported attackers used the built-in Windows BitLocker feature to lock files and left a ransom note demanding contact within seven days; the investigation is ongoing.

⚠️Siemens warns of a TCP sequence validation flaw in the Interniche IP-Stack (CVE-2025-40820) that can allow unauthenticated remote actors to interfere with TCP connection setup and cause denial of service. The defect accepts a broad range of sequence values, permitting precisely timed spoofed packets to disrupt TCP-based services. Siemens has released fixes for many affected SKUs and recommends updating to the published firmware versions; where fixes are not yet available, follow the vendor’s countermeasures and apply network controls to limit exposure.

🔒 CISA warns of two denial-of-service vulnerabilities in Rockwell Automation Micro820, Micro850, and Micro870 controllers (CVE-2025-13823, CVE-2025-13824) that can render devices unresponsive. One flaw is in the IPv6 stack and the other stems from improper handling of malformed CIP packets; both can cause faults that impact availability. Rockwell Automation has released firmware updates (Micro820 L20E V23.011 or later; Micro850/870 V12.013 or later) and advises disabling IPv6 if not required. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using secure remote access methods.

🔒 CISA disclosed multiple vulnerabilities in Advantech WebAccess/SCADA affecting version 9.2.1 that could allow an authenticated attacker to read, modify, or delete remote database files. Reported issues include path traversal, unrestricted file upload, absolute path traversal, and SQL injection across several CVEs. Advantech has released WebAccess/SCADA 9.2.2 to address these flaws; operators should prioritize applying the update and hardening network access.

⚠️ Schneider Electric warns that a Microsoft WSUS vulnerability (CVE-2025-59287, CWE-502) impacts EcoStruxure™ Foxboro DCS Advisor and may allow remote code execution with system-level privileges (CVSS 3.1 9.8). Microsoft fixes (KB5070882, KB5070884) are available via WSUS and may require a reboot to complete installation. Apply the patches promptly, verify installation with Schneider Electric Global Customer Support, and follow recommended network isolation and access-control measures to reduce exposure.

⚠️ Inductive Automation Ignition contains a Python scripting vulnerability (CVE-2025-13911) that can allow direct SYSTEM-level code execution on Windows hosts running the Ignition Gateway. The issue stems from insufficient controls on which Python libraries and scripts can be imported and executed, and the Ignition service account running with excessive SYSTEM privileges. A malicious project uploaded by an authenticated administrator can execute bind shells or similar payloads with Gateway process privileges. Inductive Automation identifies affected releases as 8.1.x and 8.3.x and provides mitigations on its Trust Portal; CISA rates the flaw CVSS 3.1 6.4 and recommends network segmentation and reduced exposure.

⚠️ CISA reports CVE-2025-11774, a high-severity vulnerability in the software 'keypad' function of ICONICS Suite, GENESIS64, MobileHMI, and MC Works64. An attacker who tampers with the keypad configuration file can trigger execution of arbitrary EXE files when a legitimate user uses the keypad, enabling information disclosure, tampering, deletion, or a denial-of-service. The issue is rated CVSS 3.1 8.2 (CWE-78). Upgrade affected ICONICS products to GENESIS64 v10.97.3 or V11; MC Works64 users should migrate per vendor guidance.

🔒 Mitsubishi Electric's GT Designer3 (Version1 for GOT2000 and GOT1000) stores project credentials in cleartext (CVE-2025-11009), allowing an attacker with access to a project file to recover plaintext credentials and illegitimately operate affected GOT devices. The issue is classified as Cleartext Storage of Sensitive Information (CWE-312) and has a CVSS v3.1 base score of 5.1 (Medium). Mitsubishi recommends limiting use to trusted LANs, blocking remote logins, using firewalls, VPNs, and antivirus, and avoiding untrusted files or links; CISA advises isolating control networks and minimizing internet exposure.

🔒 CISA warns that multiple vulnerabilities in Johnson Controls PowerG implementations could let attackers read, modify, or replay encrypted wireless traffic. Affected devices include IQPanel 4, legacy IQPanel 2/2+, and IQHub with referenced CVEs CVE-2025-61738, CVE-2025-61739, CVE-2025-26379, and CVE-2025-61740. Vendor fixes (IQPanel 4.6.1, PowerG v53.05+) and secure enrollment practices are recommended, and end-of-life hardware should be replaced.