< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 8 of 18

Avation Light Engine Pro: Critical Missing Authentication

🛡️ Avation's Light Engine Pro devices expose configuration and control interfaces without authentication, tracked as CVE-2026-1341. Successful exploitation could allow an attacker to take full control of affected units. Avation has not responded to CISA's coordination request; users should contact the vendor and apply mitigations such as isolating devices from the internet, placing them behind firewalls, and using VPNs for remote access. CISA reports no public exploitation to date.
read more →

MOMA Seismic Station Authentication Bypass Vulnerability

⚠️ MOMA Seismic Station versions v2.4.2520 and earlier expose the device web management interface without requiring authentication, enabling unauthenticated actors to modify configuration, retrieve device data, or remotely reset the device. The vulnerability is tracked as CVE-2026-1632 and classified as Missing Authentication for Critical Function (CWE-306). CISA assigns a CRITICAL severity (CVSS v3.1 Base Score 9.1) and notes that RISS SRL did not provide a vendor-supplied patch in the advisory.
read more →

Mitsubishi FREQSHIP-mini for Windows: Incorrect Permissions

⚠️ A high-severity vulnerability (CVE-2025-10314) affects Mitsubishi Electric FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 due to incorrect default permissions. A local attacker with write access to the installation directory could replace service executables or DLLs and execute code with SYSTEM privileges, potentially modifying or destroying data or causing denial of service. Mitsubishi released version 8.1.0 to address the issue; administrators should install the update and apply vendor mitigations, limit remote access, and maintain endpoint protections.
read more →

Manufacturing Reimagined: Tech Trends and Impact in 2026

🏭 This Enterprise Spotlight outlines how emerging technologies — from AI and extended reality to edge computing and digital twins — are reshaping manufacturing operations, workforce interactions, and product lifecycles. The February 2026 issue brings together editorial insight, case studies, and practical frameworks to guide CIOs and plant leaders through adoption and scaling. It emphasizes data governance, interoperability, and measurable ROI as critical enablers for responsible transformation.
read more →

Emerging Technologies Reshaping Modern Manufacturing

🛠️ Emerging technologies — from AI and quantum computing to extended reality (XR), edge computing and digital twins — are driving profound change in manufacturing, improving efficiency, safety and innovation. This special report examines how these advances will fundamentally alter operations, competitiveness and value creation across industrial sectors. It highlights practical use cases, adoption challenges and strategic considerations for responsible integration.
read more →

Accelerate 2026: Future Directions in Secure Networking

🔒 Fortinet's Accelerate 2026 returns to Las Vegas March 9–13, bringing customers, partners, and industry leaders together at the Mandalay Bay Convention Center for keynotes, technical sessions, and an expansive Tech Expo. The event emphasizes an integrated platform approach to secure networking, unified SASE, cloud and OT protection, and AI-enhanced detection and automation. Customer-led sessions from organizations such as Lowe’s, TJX, and ExxonMobil will share practical implementations, while attendees can pursue certifications, hands-on workshops, and the Fortinet Ultimate Fabric Challenge to translate strategy into operational outcomes.
read more →

Rockwell ArmorStart LT Denial-of-Service Vulnerabilities

⚠ Rockwell Automation's ArmorStart LT devices are affected by multiple vulnerabilities that can cause denial-of-service conditions. Affected models include 290D, 291D, and 294D running firmware versions <=V2.002; each issue is rated CVSS v3.1 7.5 (High). Observed impacts include unresponsive CIP ports, unexpected device reboots, ICMP loss, and web application inaccessibility during fuzzing and active scanning. No patch is available; operators should apply network segmentation and secure remote access best practices to reduce exposure.
read more →

Rockwell ControlLogix 1756-RM2/RM2XT Denial-of-Service

⚠️ Multiple denial-of-service vulnerabilities in Rockwell Automation ControlLogix Redundancy Enhanced Modules (catalogs 1756-RM2 and 1756-RM2XT) can be triggered by crafted inputs, including malformed Class 3 messages and resource exhaustion. Exploitation may render devices unresponsive or cause major nonrecoverable faults, potentially requiring a restart. The issues carry a CVSS 3.1 base score of 7.5 (High). Rockwell recommends upgrading to 1756-RM3 and following advisory SD1769; if immediate upgrade is not possible, apply segmentation, firewalling, and other security best practices to reduce exposure.
read more →

Global survey of 100 energy sites finds widespread OT risks

🔍 A study by OMICRON based on multi-year deployments of its StationGuard IDS across more than 100 substations, power plants, and control centers found pervasive cybersecurity and operational shortcomings. Passive network monitoring exposed unpatched PAC devices, undocumented external connections, weak segmentation, and incomplete asset inventories—issues often visible within 30 minutes of connection. The findings emphasize the need for protocol-aware, network-level detection and automated asset discovery to meet frameworks such as IEC 62443 and NIST.
read more →

Coordinated Cyberattack on Polish Energy Grid Hits 30 Sites

⚠️ A coordinated late-December cyberattack targeted distributed energy resource (DER) sites across Poland, impacting roughly 30 facilities including combined heat and power (CHP) plants and wind and solar dispatch systems. Researchers at Dragos say attackers damaged OT equipment beyond repair and wiped Windows hosts while disabling remote monitoring, though generation continued and no outages occurred. Dragos links the operation with moderate confidence to the cluster it calls Electrum, noting overlaps with Sandworm/APT44 and ties to destructive wipers used in Ukraine.
read more →

Russian ELECTRUM Linked to December 2025 Polish Grid Attack

🔎 Dragos attributes a coordinated late-December 2025 cyber attack on multiple Polish power grid sites to the Russian state-sponsored crew ELECTRUM with medium confidence. The campaign targeted communication and control systems at combined heat and power facilities and systems managing distributed energy resources, including wind and solar dispatch. Although no blackouts were reported, attackers gained access to OT networks and disabled some equipment beyond repair. Dragos notes the operation blended IT-to-OT tradecraft, with KAMACITE enabling access and ELECTRUM executing ICS-focused actions.
read more →

Schneider Electric EcoStruxure Privilege Escalation Fix

⚠️ Schneider Electric has issued a fix for a local privilege escalation vulnerability in EcoStruxure Process Expert (CVE-2025-13905) caused by incorrect default permissions. An attacker with local access could modify executable service binaries and gain elevated privileges when services restart. Version 2025 contains the vendor fix; interim mitigations include application whitelisting and restricting privileged accounts.
read more →

AutomationDirect CLICK PLC Password Storage Vulnerabilities

🔒 AutomationDirect reported two vulnerabilities in CLICK Programmable Logic Controllers (PLCs) — CVE-2025-67652 and CVE-2025-25051 — that expose stored credentials and weak encoding. Both issues carry a CVSS 3.1 base score of 6.1 (Medium) and affect C0-0x, C0-1x, and C2-x product versions. AutomationDirect recommends updating CLICK PLUS and PLC firmware to V3.90; until the update can be applied, implement compensating controls such as network isolation, restricted access, application whitelisting, and enhanced logging and monitoring. CISA notes these vulnerabilities are not exploitable remotely and no public exploitation has been reported.
read more →

Rockwell CompactLogix 5370 DoS Vulnerability Advisory

⚠️ Rockwell Automation's CompactLogix 5370 controllers are affected by a denial-of-service vulnerability (CVE-2025-11743) that can produce a major nonrecoverable fault requiring a restart. The issue is triggered by a malformed CIP Forward Open message and has a CVSS v3.1 base score of 6.5. Affected versions include <=34.013, <=35.012, and 36.011; fixed releases include 37.011, 34.016, 35.015, and 36.012. Rockwell reported the issue to CISA; no known public exploitation has been reported and CISA notes the vulnerability is not exploitable remotely. Users unable to upgrade should follow security best practices to limit exposure.
read more →

Weintek cMT X Series Privilege Escalation Vulnerabilities

🔒 CISA reports two high-severity vulnerabilities in Weintek cMT X Series HMI devices that allow low-privileged users to escalate privileges and potentially take full control of affected units. Both issues (CVE-2025-14750 and CVE-2025-14751) receive a CVSS 3.1 base score of 8.3. Vendor firmware updates are available for specific models; apply vendor-supplied patches and follow network-segmentation mitigations.
read more →

DIAView Command Injection Advisory — CVE-2026-0975

⚠️ DIAView contains a command injection vulnerability (CVE-2026-0975) that allows project scripts to execute shell commands when a malicious project is opened. Successful exploitation can result in arbitrary code execution on affected installations of Delta Electronics DIAView version 4.2.0. Delta recommends updating to DIAView v4.4 or later and following defensive measures such as isolating control networks, avoiding untrusted files or links, and using secure remote access methods.
read more →

Schneider Electric Foxboro DCS Intel Side-Channel Issue

⚠️ Schneider Electric published an advisory about a side‑channel vulnerability disclosed by Intel (CVE-2018-12130) that affects EcoStruxure Foxboro DCS Virtualization Server (V91) and Standard Workstation (H92). An authenticated user with local access could exploit the CPU issue to enable information disclosure, risking loss of system functionality or unauthorized access. Schneider Electric directs customers to migrate to updated server (V95) and workstation (Dell D96) hardware or, if immediate migration is not feasible, to apply BIOS and OS security patches and follow layered defense-in-depth recommendations.
read more →

Rockwell Verve Asset Manager: Two High-Risk Storage Flaws

🔒 Rockwell Automation reported two high-severity vulnerabilities in Verve Asset Manager affecting legacy components: the ADI server and the Ansible playbook. Both issues can result in unencrypted sensitive information being stored in environment variables or during playbook execution and are rated CVSS 7.2 and 7.9. Rockwell states the flaws are resolved in 1.42; organizations should upgrade and contact Rockwell TechConnect for assistance. CISA also recommends minimizing network exposure and using secure remote access such as up-to-date VPNs.
read more →

CODESYS Runtime Vulnerabilities Affecting Schneider Electric

⚠️ Schneider Electric warns that multiple vulnerabilities in the CODESYS Runtime System V3 communication server affect many Schneider products and third-party devices embedding CODESYS. Exploitable issues include denial-of-service and, in some configurations, remote code execution; several CVEs carry CVSS scores up to 8.8. Schneider has published patches and mitigations for many affected product families; operators should apply vendor updates and follow immediate network and access controls to reduce exposure.
read more →

Global Agencies Publish Secure Connectivity Guidance for OT

🔐 The US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC) and the Federal Bureau of Investigation (FBI), alongside international partners, have released principles to secure operational technology (OT) connectivity. Led by NCSC-UK, the guidance offers a shared framework to design and manage secure connectivity across OT environments. It emphasizes embedding cybersecurity into network design to reduce exposure to both state-backed and opportunistic adversaries. The document warns that increased interconnection brings benefits such as real-time analytics and predictive maintenance, but also raises risks that could cause physical harm, environmental damage or service disruption.
read more →