[Control systems] CISA ICS security advisories (AV26–655)
Serial number: AV26–655 Date: July 6, 2026 Between June 29 and July 5, 2026, CISA published ICS advisories to address vulnerabilities in the following products: CubeSpace CW0057 Reaction Wheel – CW0057 Reaction Wheel Delta Electronics DVP12SE PLC – all versions Frangoteam FUXA SCADA/HMI – versions 1.3.1 and prior Gardyn IoT Hub – versions prior to 2.12.2026 Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M – versions 1.000A to versions 1.014Q and prior OFFIS DCMTK Toolkit – versions 3.7.0 and prior Schneider Electric EasyLogic T150 and Saitel DP RTU – multiple versions Schneider Electric EcoStruxure IT Data Center Expert – versions 9.1.1 and prior, 9,12 ST Engineering iDirect iQ-Series Terminals – multiple versions StoneFly Storage Concentrator – multiple versions XZ Utils vulnerability impacting B&R Products – multiple versions The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates if available. CISA ICS Advisories
CSIRTS triage
- What
- CISA published advisories to address vulnerabilities in various ICS products.
- Who is affected
- Users and administrators of affected ICS products.
- Urgency
- Remediation is necessary, but the severity is unknown.
- Action
- Users should review the advisories and apply updates as needed.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-655
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09