industrial control systems Archives • Daily CyberSecurity

ABB Patches Critical T-MAC Plus Terminal System Flaws ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

ABB Patches Critical T-MAC Plus Terminal System Flaws

Do Son June 9, 2026

Understanding the Management Vulnerabilities Industrial operator ABB recently issued an urgent security update to address several ABB...

The Global Surge in Modbus/TCP Probes Targeting Our Physical World Modbus Exploitation ICS Security

The Global Surge in Modbus/TCP Probes Targeting Our Physical World

Do Son April 24, 2026

Between September and November 2025, a massive wave of suspicious activity targeted industrial control systems worldwide, proving...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Critical 9.1 CVSS Flaw in Horner Automation PLCs Invites Industrial Takeovers

Do Son April 17, 2026

A security flaw has been identified in industrial control systems manufactured by Horner Automation, posing a significant...

Industrial Alert: Urgent Apache IoTDB Patches Fix RCE and “Open Door” Default Flaws Apache IoTDB JEXL injection Apache IoTDB, Security Vulnerabilities

Apache IoTDB JEXL injection Apache IoTDB, Security Vulnerabilities

Industrial Alert: Urgent Apache IoTDB Patches Fix RCE and “Open Door” Default Flaws

Do Son March 9, 2026

The Apache Software Foundation has issued an urgent security advisory for Apache IoTDB, the high-performance time-series database...

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks

Do Son February 28, 2026

Electric vehicles are rapidly becoming the new standard on our roads, but the infrastructure powering them is...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Industrial Sabotage Risk: Critical Airleader Flaw (CVSS 9.8) Exposed

Do Son February 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a critical security vulnerability...

CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX

Do Son September 20, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about multiple critical vulnerabilities in ProGauge...

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

Do Son September 4, 2025

Researchers at Armis Labs have uncovered a set of ten severe vulnerabilities in Copeland E2 and E3...

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk Welotec Vulnerability CVE-2025-41702

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk

Do Son August 27, 2025

A critical flaw has been identified in the Welotec egOS WebGUI backend, tracked as CVE-2025-41702, which could...

CVE-2025-40746: Critical Vulnerability Found in Siemens SIMATIC RTLS Locating Manager Siemens RTLS, CVE-2025-40746 CVE-2024-22040 - SINEC Security Monitor Siemens Security Advisory SENTRON 7KT PAC1260

Siemens RTLS, CVE-2025-40746 CVE-2024-22040 - SINEC Security Monitor Siemens Security Advisory SENTRON 7KT PAC1260

CVE-2025-40746: Critical Vulnerability Found in Siemens SIMATIC RTLS Locating Manager

Do Son August 14, 2025

Siemens ProductCERT has issued a high-severity security advisory (SSA-493787) warning of a critical vulnerability in its SIMATIC...

Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks

Do Son August 12, 2025

Security researchers at Unit 42 have issued an urgent warning regarding CVE-2025-32433, a CVSS 10.0-rated vulnerability in...

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Do Son July 24, 2025

In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX...

Rockwell Arena Simulation Flaw: Remote Code Execution Via Malicious DOE Files

Do Son July 12, 2025

Rockwell Automation has issued a security advisory detailing two vulnerabilities affecting its Arena Simulation software. Disclosed by...

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure Emerson ValveLink, Critical Vulnerabilities

Emerson ValveLink, Critical Vulnerabilities

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure

Do Son July 10, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory highlighting multiple critical vulnerabilities...

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Do Son July 9, 2025

iemens has released a critical security advisory detailing multiple high-severity vulnerabilities affecting SINEC NMS, its flagship network...

Critical Frauscher Flaws (CVE-2025-3626 CVSS 9.1, CVE-2025-3705 CVSS 6.8): OS Command Injection Threatens Railway Systems

Do Son July 8, 2025

A newly published security advisory coordinated by CERT@VDE and Frauscher Sensortechnik GmbH reveals two severe OS command...

Power Grid ICS Are Exposed — What Does This Mean for Critical Infrastructure? Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Power Grid ICS Are Exposed — What Does This Mean for Critical Infrastructure?

Do Son July 3, 2025

Before 2010, Industrial Control Systems (ICS) mostly operated within isolated Operational Technology (OT) networks and received little...

Pro-Russian Hacktivists Escalate 2025 Cyber Offensive: Targeting Western Critical Infrastructure & ICS Pro-Russian Hacktivism, Critical Infrastructure Attacks

Pro-Russian Hacktivism, Critical Infrastructure Attacks

Pro-Russian Hacktivists Escalate 2025 Cyber Offensive: Targeting Western Critical Infrastructure & ICS

Do Son July 3, 2025

The cybercrime landscape in 2025 has been dramatically reshaped by the geopolitical upheaval stemming from the Russia-Ukraine...

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software ControlID iDSecure, Access Control Vulnerabilities

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

Do Son June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk advisory on three newly discovered vulnerabilities...

Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks

Do Son June 25, 2025

Hitachi Energy has released a cybersecurity advisory (8DBD000218) disclosing five newly discovered vulnerabilities affecting its MicroSCADA X...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

industrial control systems

ABB Patches Critical T-MAC Plus Terminal System Flaws

The Global Surge in Modbus/TCP Probes Targeting Our Physical World

Critical 9.1 CVSS Flaw in Horner Automation PLCs Invites Industrial Takeovers

Industrial Alert: Urgent Apache IoTDB Patches Fix RCE and “Open Door” Default Flaws

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks

Industrial Sabotage Risk: Critical Airleader Flaw (CVSS 9.8) Exposed

CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk

CVE-2025-40746: Critical Vulnerability Found in Siemens SIMATIC RTLS Locating Manager

Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Rockwell Arena Simulation Flaw: Remote Code Execution Via Malicious DOE Files

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Critical Frauscher Flaws (CVE-2025-3626 CVSS 9.1, CVE-2025-3705 CVSS 6.8): OS Command Injection Threatens Railway Systems

Power Grid ICS Are Exposed — What Does This Mean for Critical Infrastructure?

Pro-Russian Hacktivists Escalate 2025 Cyber Offensive: Targeting Western Critical Infrastructure & ICS

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks