Home/Tag/Ics

Ics

10 articles tagged with "Ics"

Vulnerabilities4 min read

AVEVA Pipeline Simulation Flaw Lets Attackers Manipulate Oil and Gas Training Systems

CVE-2026-5387 gives unauthenticated attackers admin access to pipeline simulation environments. CVSS 9.3 - affects oil, gas, and chemical sectors.

Marcus ChenApr 19, 2026

Malware4 min read

ZionSiphon Malware Targets Israeli Water Treatment Systems

Darktrace researchers expose ZionSiphon, OT malware designed to sabotage chlorine levels and pressure controls at Israeli desalination plants. A coding error currently prevents activation.

James RiveraApr 17, 2026

Threat Intelligence5 min read

FBI, CISA Warn Iran Is Attacking US Water and Energy PLCs

Joint advisory AA26-097A details Iranian APT targeting Rockwell Allen-Bradley controllers across critical infrastructure. Attacks caused operational disruptions since March 2026.

Alex KowalskiApr 8, 2026

Vulnerabilities4 min read

Honeywell BMS Controllers Ship With No Authentication by Design

CVE-2026-3611 exposes Honeywell IQ4x building management controllers with CVSS 10 severity. Default configuration allows anyone to create admin accounts.

Marcus ChenMar 19, 2026

Vulnerabilities3 min read

Atop EHG2408 Industrial Switch RCE Hits CVSS 9.3

CVE-2026-3823 allows unauthenticated attackers to execute code on Atop Technologies industrial switches. Firmware 3.36 patches the critical buffer overflow.

Marcus ChenMar 9, 2026

Vulnerabilities3 min read

Delta Electronics COMMGR2 Flaws Score CVSS 9.8

Two critical vulnerabilities in Delta Electronics COMMGR2 enable remote code execution without authentication. ICS operators should patch to v2.11.1 immediately.

Marcus ChenMar 9, 2026

Vulnerabilities4 min read

CISA Adds Hikvision and Rockwell CVSS 9.8 Flaws to KEV Catalog

Federal agencies must patch CVE-2017-7921 and CVE-2021-22681 by March 26. Hikvision cameras face active exploitation; Rockwell PLCs at risk.

Marcus ChenMar 6, 2026

Vulnerabilities5 min read

Talos Fuzzes Industrial Gateway, Finds Six DoS Vulnerabilities

Cisco Talos researcher uses 'good enough' emulation to fuzz Socomec DIRIS M-70 energy gateway, discovering CVE-2025-54848 through CVE-2025-55222 in Modbus protocol handling.

Marcus ChenFeb 18, 2026

Vulnerabilities4 min read

Iconics SCADA Flaw Allows System File Corruption

CVE-2025-0921 enables privileged file system operations that can disrupt industrial control systems in automotive, energy, and manufacturing environments.

Marcus ChenFeb 1, 2026

Vulnerabilities3 min read

CISA Releases 10 ICS Advisories for Siemens, Schneider, Others

Industrial control system vulnerabilities disclosed in Siemens RUGGEDCOM, Industrial Edge devices, Schneider EcoStruxure, AVEVA, and Festo products.

Marcus ChenJan 18, 2026