< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 9 of 18

Cyber Threat Actors Intensify Attacks on Industrial ICS

🔒 Cyble's Annual Threat Landscape Report 2025 (published Jan 15, 2026) found a sharp rise in attacks against industrial environments, with ICS vulnerability disclosures nearly doubling to 2,451 across 152 vendors in 2025. The report highlights an August spike (802 disclosures) and Q3 accounting for 45.26% of disclosures. HMI and SCADA systems were increasingly exploited, with Siemens and Schneider among the most affected vendors. Cyble warns threat actors — including ransomware groups and coordinated hacktivists — will focus on exposed HMI/SCADA and VNC takeovers in 2026.
read more →

International Principles for Secure OT Connectivity

🛡️ CISA, the UK’s NCSC, the FBI and international partners published the Secure Connectivity Principles for Operational Technology (OT), a joint guide led by NCSC‑UK to mitigate insecure and exposed connectivity and defend against opportunistic and nation‑state cyber threats. The guidance provides a practical framework and eight key principles to help OT owners and operators design, secure, and manage connectivity. Agencies also urge OT device manufacturers and integrators to embrace secure‑by‑design practices and recommend organizations assess OT connectivity and implement mitigations to strengthen critical infrastructure resilience.
read more →

RUGGEDCOM ROS TLS Certificate Upload Vulnerability

⚠️ Siemens reports a temporary denial-of-service vulnerability in RUGGEDCOM ROS devices that can be triggered via the TLS certificate upload process. Authenticated remote attackers may upload malformed certificate data to cause a crash and an automatic reboot (CVE-2025-40935, CWE-20), producing a brief availability outage. Siemens has published fixed firmware; update affected systems to V5.10.1 or later. CISA advises isolating control networks, minimizing internet exposure, using secure remote access, and performing impact analysis before applying mitigations.
read more →

Siemens Industrial Edge Authorization Bypass Vulnerability

🔒 Siemens and CISA report an authorization bypass in multiple Siemens Industrial Edge and related devices (CVE-2025-40805) that can allow an unauthenticated remote attacker who knows a legitimate user's identity to impersonate that user. Siemens has released firmware and software updates for many affected models and is preparing additional fixes. Where updates are not yet available, Siemens and CISA advise network isolation, minimizing internet exposure, use of secure remote access (VPNs), and other compensating controls to limit risk.
read more →

Schneider Electric EcoStruxure Power Build Vulnerabilities

🔒 Schneider Electric disclosed vulnerabilities in EcoStruxure Power Build Rapsody that can cause memory corruption and buffer overflows when importing project (SSD) files. Two tracked issues — CVE-2025-13844 (double free, CVSS 5.3) and CVE-2025-13845 (use-after-free, CVSS 7.8) — may allow local attackers to execute code if a user opens a malicious file. Schneider released regional fixed builds; users should install the appropriate update, restart services, and follow recommended mitigations if patching is delayed.
read more →

Festo Firmware: Undocumented Remote Functions Risk

⚠️ Festo SE & Co. KG and CISA report that numerous Festo firmware products contain undocumented remote-accessible functions and missing port/protocol documentation, tracked as CVE-2022-3270 with a CVSS v3.1 base score of 9.8. An unauthenticated remote attacker could leverage these undocumented protocol functions to cause full loss of confidentiality, integrity, and availability. Festo intends to address the issue by updating technical user manuals in the next product versions; operators should meanwhile reduce network exposure, enforce firewalls, and use VPNs and encrypted links.
read more →

Secure Connectivity Principles for OT — CISA, NCSC-UK

🔒 CISA and the UK National Cyber Security Centre (NCSC-UK) issued Secure Connectivity Principles for Operational Technology (OT) to help asset owners manage increasing connectivity demands. The guidance provides an eight‑principle framework to design, secure, and operate network access into OT environments. It targets operators of essential services and aligns with federal and international collaboration. Stakeholder feedback is invited through a CISA product survey.
read more →

Siemens SIMATIC/SIPLUS DoS via S7 Disconnect (CVE-2025-40944)

🔒 Siemens SIMATIC and SIPLUS ET 200 family devices contain a denial-of-service vulnerability triggered by a valid S7 protocol Disconnect Request (COTP DR TPDU) received on TCP port 102. Affected modules can enter an improper session state and become unresponsive, requiring a power cycle to recover. Siemens has released firmware updates for multiple affected products and recommends applying vendor-released fixes; where updates are not available, network mitigations such as filtering TCP port 102 to trusted addresses and isolating control networks are advised.
read more →

Siemens TeleControl Server Basic Privilege Escalation

⚠ Siemens disclosed a local privilege escalation vulnerability (CVE-2025-40942) in TeleControl Server Basic affecting product versions earlier than V3.1.2.4. The flaw could allow an attacker with local access to execute arbitrary code with elevated privileges and is rated High under CVSS 3.1 (8.8). Siemens released V3.1.2.4 to remediate the issue. Administrators should apply the update promptly and follow network-segmentation and access-control best practices to reduce exposure.
read more →

Siemens Industrial Edge Device Kit: Authorization Bypass

🔒 Users of Siemens Industrial Edge Device Kit should apply updates immediately. CISA reports an authorization bypass (CVE-2025-40805) that enables unauthenticated attackers to impersonate legitimate users by abusing unsecured API endpoints; the issue is rated CVSS v3.1 10.0. Siemens has published patches for multiple arm64 and x86-64 builds (for example V1.24.2 and V1.25.1) and advises restricting network access where fixes are not yet available.
read more →

Siemens RUGGEDCOM APE1808 Vulnerabilities and Mitigations

🔒Siemens has disclosed multiple vulnerabilities affecting RUGGEDCOM APE1808 devices, tied to cross-site scripting and a path traversal flaw (CVE-2025-40891, CVE-2025-40892, CVE-2025-40893, CVE-2025-40898). The issues include stored HTML/JavaScript injection in Time Machine Snapshot Diff, Reports, and Asset List features, and an authenticated path traversal in Arc data import that can enable arbitrary file writes. Siemens is preparing fixes and advises contacting Siemens ProductCERT, segregating and protecting device networks, and following Siemens operational security guidance until patches are available.
read more →

Siemens SINEC Security Monitor: Update Recommended

🔒 Siemens has released a security update for SINEC Security Monitor addressing two vulnerabilities (CVE-2025-40830, CVE-2025-40831) in versions before V4.10.0. The flaws allow an authenticated user to read or write arbitrary files via the ssmctl-client file_transfer feature and to cause a report-generation denial-of-service. Siemens recommends updating to V4.10.0 or later and reducing network exposure per operational guidance.
read more →

Cyberattack Suspected After False Active-Shooter Siren

🚨 On Saturday, 10 January, the city of Halle (Saale) experienced a widespread false alarm when all sirens sounded around 10:00 p.m., accompanied by an English announcement: “Active shooter. Lockdown now.” City officials, including Mayor Alexander Vogt and security head Tobias Teschner, said the alert was likely triggered by external access to the siren system and not by local, state, or federal authorities. Authorities have secured the system, filed a police report, and are investigating; the municipal website was briefly unavailable due to high visitor traffic rather than a targeted DDoS, and resilience measures have been implemented.
read more →

Rockwell Automation FactoryTalk DataMosaix SQL Injection

🔒 A SQL injection vulnerability (CVE-2025-12807) in Rockwell Automation's FactoryTalk DataMosaix Private Cloud could allow low-privilege users to perform unauthorized, sensitive database operations through exposed API endpoints. Affected versions include 7.11, 8.00, and 8.01; vendor updates are available. Rockwell Automation and CISA advise updating to Version 8.01.02 or later and applying network isolation and secure remote access mitigations.
read more →

Rockwell Automation 432ES-IG3 Series A DoS Advisory

⚠️ CISA warns of a high-severity denial-of-service vulnerability in Rockwell Automation 432ES-IG3 Series A (CVE-2025-9368) that can render the device unresponsive and requires a manual power cycle to recover. The issue affects firmware V1.001 and has a CVSS v3.1 base score of 7.5 (High). Rockwell Automation has released a firmware update; CISA advises implementing network segmentation, firewalling, and secure remote access while planning the upgrade.
read more →

Securing Rugged IoT at the Edge for Mission-Critical Ops

🔒 Edge-deployed rugged IoT enables real-time decision-making in defense, utilities and public safety, but operates beyond traditional IT perimeters and assumptions. Devices face harsh environments, intermittent connectivity and limited physical access, which extend exposure windows and complicate patching and monitoring. CIOs must adopt adaptive, decentralized security that blends device hardening, zero-trust networking, physical protections and offline update workflows to preserve continuity, compliance and safety.
read more →

Columbia Weather Systems MicroServer Vulnerabilities

⚠️ Columbia Weather Systems’ MicroServer firmware contains multiple vulnerabilities that could let an attacker redirect SSH connections, expose vendor and user secrets stored on an unencrypted SD card, and obtain a limited interactive shell with elevated file privileges. Affected devices run firmware versions prior to MS_4.1_14142. Columbia Weather Systems recommends updating to MS_4.1_14142 or later and contacting support for assistance; CISA advises minimizing network exposure, isolating control networks, and using secure remote access such as up-to-date VPNs. No known targeted public exploitation has been reported; UsrPacific reported these issues to CISA.
read more →

Strategic Imperative for OT/IT Convergence and Security

🔐 The convergence of operational technology (OT) and information technology (IT) creates major business opportunities but also introduces significant cybersecurity complexity and risk. Legacy OT equipment, cultural divides between OT and IT teams, and a historical focus on uptime over security increase exposure as organisations digitise critical infrastructure. Leaders must embed security by design, address compliance such as NIS2, and unite teams to manage cloud, AI and device proliferation.
read more →

CISA Releases Two ICS Advisories on WHILL and DAQFactory

🔔 CISA published two Industrial Control Systems (ICS) Advisories: ICSA-25-364-01 for WHILL C2 Wheelchairs and ICSA-25-345-03 for AzeoTech DAQFactory (Update A). The advisories describe identified vulnerabilities and recommended mitigations. Administrators and users are encouraged to review the technical details and apply mitigations promptly to reduce exposure.
read more →

ServiceNow to Buy OT and IoT Security Firm Armis $7.8bn

🔒 ServiceNow will pay $7.8bn to acquire OT and IoT security specialist Armis, aiming to extend and enhance its security, risk and operational technology portfolios. The all-cash deal, expected to close in the second half of 2026, is positioned to more than triple ServiceNow’s security market opportunity. ServiceNow said Armis telemetry and asset insights will be integrated into its AI Control Tower to bolster AI governance and deliver automated remediation at scale. Executing on integration — notably tying Armis data into ServiceNow’s CMDB and workflows — is seen as the critical determinant of value realization.
read more →