{"total":43,"page":1,"count":43,"advisories":[{"id":"73d9d291-848b-404f-aee7-5debe9dfcfb5","num":222264,"source_id":"cisa","external_id":"/node/25143","title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","summary":"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/10/cisa-adds-two-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48939","CVE-2026-56291"],"exploited":true,"has_exploit":true,"published_at":"2026-07-10T12:00:00+00:00"},{"id":"859e9632-1395-4265-b105-8b6e0733bedf","num":191128,"source_id":"cisa","external_id":"/node/25139","title":"Schneider Electric Easergy MiCOM Px40 Series","summary":"View CSAF Summary Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The Easergy MiCOM Px40 is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol. The following versions of Schneider Electric Easergy MiCOM Px40 Series are affected: Easergy MiCOM P14x All versions prior to B4A Easergy MiCOM P24x All versions prior to D3A Easergy MiCOM P341 All versions prior to E3F Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F Easergy MiCOM P442, P444 All versions prior to E3A Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All versions prior to H6A Easergy MiCOM P841 All versions prior to G6A Easergy MiCOM P643 All versions prior to B3F Easergy MiCOM P642, P645 All versions prior to B4A Easergy MiCOM P741, P742, P743 All versions prior to B2A Easergy MiCOM P746 All versions prior to B4E Easergy MiCOM P746 All versions prior to C4E Easergy MiCOM P849 All versions prior to B4A CVSS Vendor Equipment Vulnerabilities v3 5.3 Schneider Electric Schneider Electric Easergy MiCOM Px40 Series Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. View CVE Details Affected Products Schneider Electric Easergy MiCOM Px40 Series Vendor: Schneider Electric Product Version: Easergy MiCOM P14x All versions prior to B4A, Easergy MiCOM P24","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03","severity":"critical","cvss":null,"cves":["CVE-2026-4832"],"exploited":false,"has_exploit":false,"published_at":"2026-07-09T12:00:00+00:00"},{"id":"77078515-5828-4a1a-8709-0d6b205583a9","num":191127,"source_id":"cisa","external_id":"/node/25137","title":"OpenPLC v3","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user. The following versions of OpenPLC v3 are affected: OpenPLC v3 CVSS Vendor Equipment Vulnerabilities v3 9.9 OpenPLC OpenPLC v3 External Control of File Name or Path Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-14480 OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attacker‑controlled absolute paths, an authenticated user can write arbitrary files anywhere writable by the OpenPLC webserver process. In the default build pipeline, all C++ source files within the OpenPLC runtime core directory are automatically compiled into the executable runtime binary. By writing a malicious .cpp file into this directory, an authenticated attacker can escalate the arbitrary file write into arbitrary native code execution when the operator triggers a normal program compilation and runtime start. View CVE Details Affected Products OpenPLC v3 Vendor: OpenPLC Product Version: OpenPLC OpenPLC: v3 Product Status: known_affected Remediations Vendor fix OpenPLC recommends users upgrade to OpenPLC v4 as OpenPLC v3 is end-of-life and is no longer receiving patches, bug fixes, or security updates. Relevant CWE: CWE-73 External Control of File Name or","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01","severity":"critical","cvss":null,"cves":["CVE-2026-14480"],"exploited":false,"has_exploit":false,"published_at":"2026-07-09T12:00:00+00:00"},{"id":"0fe2c748-7818-4f6e-92f8-0cb2a7d20d3d","num":191126,"source_id":"cisa","external_id":"/node/25138","title":"Schneider Electric PowerChute Serial Shutdown","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown <=1.4 CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdow","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02","severity":"critical","cvss":null,"cves":["CVE-2026-2399","CVE-2026-2404","CVE-2026-2405","CVE-2026-2403","CVE-2026-2400","CVE-2026-2401","CVE-2026-2402"],"exploited":false,"has_exploit":false,"published_at":"2026-07-09T12:00:00+00:00"},{"id":"795dfb73-cd8e-4e63-8c89-dc2e690c1999","num":138736,"source_id":"cisa","external_id":"/node/25133","title":"CISA Adds One Known Exploited Vulnerability to Catalog","summary":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-one-known-exploited-vulnerability-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48282"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"58a6c2d7-f7bc-4bc9-930a-eb8dca7c8e27","num":129264,"source_id":"cisa","external_id":"/node/25121","title":"Siemens SINEC OS","summary":"View CSAF Summary SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/<4.0 CVSS Vendor Equipment Vulnerabilities v3 9.8 Siemens Siemens SINEC OS Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Resource Shutdown or Release, Integer Overflow or Wraparound, Stack-based Buffer Overflow, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Uncontrolled Recursion, Out-of-bounds Read, Covert Timing Channel, Improper Input Validation, Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Improper Update of Reference Count, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Multiple Releases of Same Resource or Handle, Permissive Regular Expression, Expired Pointer Dereference, Incorrect Bitwise Shift of Integer, Out-of-bounds Write, User Interface (UI) Misrepresentation of Critical Information, Improper Access Control, Insertion of Sensitive Information Into Sent Data, Inefficient Algorithmic Complexity, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Authentication Bypass by Primary Weakness, NULL Pointer Dereference, Active Debug Code, Loop with Unreachable Exit Condition ('Infinite Loop'), Missing Synchronization, External Control of File Name or Path, Privilege Dropping / Lowering Errors, Use of Web Browser Cache Containing Sensitive Information Background Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2025-1352 A vulnerability has been found in GNU elfut","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05","severity":"critical","cvss":null,"cves":["CVE-2025-1352","CVE-2025-1376","CVE-2025-6052","CVE-2025-6141","CVE-2025-6170","CVE-2025-7039","CVE-2025-8732","CVE-2025-9086","CVE-2025-9230","CVE-2025-9231","CVE-2025-9232","CVE-2025-10966","CVE-2025-13465","CVE-2025-13601","CVE-2025-39913","CVE-2025-40214","CVE-2025-40248","CVE-2025-40250","CVE-2025-40251","CVE-2025-40252","CVE-2025-40254","CVE-2025-40257","CVE-2025-40258","CVE-2025-40261","CVE-2025-40262","CVE-2025-40263","CVE-2025-40264","CVE-2025-40271","CVE-2025-40278","CVE-2025-40280","CVE-2025-40281","CVE-2025-40345","CVE-2025-46394","CVE-2025-49794","CVE-2025-49795","CVE-2025-49796","CVE-2025-60876","CVE-2025-66035","CVE-2025-66382","CVE-2025-66412","CVE-2025-69720","CVE-2025-71185","CVE-2025-71186","CVE-2025-71188","CVE-2025-71189","CVE-2025-71190","CVE-2025-71191","CVE-2026-1484","CVE-2026-1489","CVE-2026-3784","CVE-2026-22610","CVE-2026-22976","CVE-2026-22977","CVE-2026-23025","CVE-2026-23026","CVE-2026-23030","CVE-2026-23031","CVE-2026-23032","CVE-2026-23033","CVE-2026-23037","CVE-2026-23038","CVE-2026-23111","CVE-2026-23112","CVE-2026-23220","CVE-2026-23222","CVE-2026-23228","CVE-2026-23229","CVE-2026-23230","CVE-2026-23231","CVE-2026-23236","CVE-2026-23238","CVE-2026-24515","CVE-2026-25210","CVE-2026-26157","CVE-2026-26158","CVE-2026-35535","CVE-2026-41918"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"c9909ff1-bf57-4d69-aad5-7a3aee9d624d","num":133986,"source_id":"cisa","external_id":"/node/25116","title":"CISA Adds Three Known Exploited Vulnerabilities to Catalog","summary":"CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-three-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48908","CVE-2026-55255","CVE-2026-56290"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"1d621c46-1aa8-40eb-842e-7c76056ecb24","num":129263,"source_id":"cisa","external_id":"/node/25118","title":"Hitachi Energy PROMOD V","summary":"View CSAF Summary Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access. The following versions of Hitachi Energy PROMOD V are affected: PROMOD V vers:PROMOD_V/<=1.0.10 CVSS Vendor Equipment Vulnerabilities v3 7.1 Hitachi Energy Hitachi Energy PROMOD V Reliance on HTTP instead of HTTPS Background Critical Infrastructure Sectors: Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-10763 PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. View CVE Details Affected Products Hitachi Energy PROMOD V Vendor: Hitachi Energy Product Version: PROMOD V versions 1.0.10 and prior Product Status: known_affected Remediations Vendor fix Upgrade to version 1.0.11 and enable HTTPS on Digipede server. [2] Refer to “1.0.11 PROMOD V User Guide”, Section 2 Essential Skills->Running PROMOD V->Digipede Grid. Alternatively, refer to the same section in the online help contained in the application. Mitigation Apply general mitigation factors Relevant CWE: CWE-1428 Reliance on HTTP instead of HTTPS Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 4.0 7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Acknowledgments Hitachi Energy Internal Team Notice The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for an","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-02","severity":"critical","cvss":null,"cves":["CVE-2026-10763"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"5f82783b-486e-4b47-91b3-6a2a1ec23bb7","num":129258,"source_id":"cisa","external_id":"/node/25117","title":"Hydro-Québec Le Circuit Electrique charging station backend","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected: Le Circuit Electrique charging station backend CVSS Vendor Equipment Vulnerabilities v3 9.8 Hydro-Québec Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration Background Critical Infrastructure Sectors: Transportation Systems Countries/Areas Deployed: Canada Company Headquarters Location: Canada Vulnerabilities Expand All + CVE-2026-20744 The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation. View CVE Details Affected Products Hydro-Québec Le Circuit Electrique charging station backend Vendor: Hydro-Québec Product Version: Hydro-Québec Le Circuit Electrique charging station backend: <June_2026 Product Status: known_affected Remediations Mitigation Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions. Relevant CWE: CWE-284 Improper Access Control Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-42952 Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a Denial-of-Service attack. View CVE Details Affected Products Hydro-Québec Le Circuit Electrique charging station backend Vendor: Hydro-Québec Product Version: Hydro-Québec Le Circui","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01","severity":"critical","cvss":null,"cves":["CVE-2026-20744","CVE-2026-42952","CVE-2026-44383"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"749adae4-89ee-439d-85db-53b8cce120ab","num":129259,"source_id":"cisa","external_id":"/node/25120","title":"Siemens Mendix Studio Pro","summary":"View CSAF Summary Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Mendix Studio Pro are affected: Mendix Studio Pro 10.11 vers:all/* Mendix Studio Pro 10.12 vers:all/* Mendix Studio Pro 10.13 vers:all/* Mendix Studio Pro 10.14 vers:all/* Mendix Studio Pro 10.15 vers:all/* Mendix Studio Pro 10.16 vers:all/* Mendix Studio Pro 10.17 vers:all/* Mendix Studio Pro 10.18 vers:all/* Mendix Studio Pro 10.19 vers:all/* Mendix Studio Pro 10.20 vers:all/* Mendix Studio Pro 10.21 vers:all/* Mendix Studio Pro 10.22 vers:all/* Mendix Studio Pro 10.23 vers:all/* Mendix Studio Pro 10.24 vers:intdot/<10.24.21 Mendix Studio Pro 11.0 vers:all/* Mendix Studio Pro 11.1 vers:all/* Mendix Studio Pro 11.10 vers:all/* Mendix Studio Pro 11.11 vers:all/* Mendix Studio Pro 11.2 vers:all/* Mendix Studio Pro 11.3 vers:all/* Mendix Studio Pro 11.4 vers:all/* Mendix Studio Pro 11.5 vers:all/* Mendix Studio Pro 11.6 vers:intdot/<11.6.7 Mendix Studio Pro 11.7 vers:all/* Mendix Studio Pro 11.8 vers:all/* Mendix Studio Pro 11.9 vers:all/* CVSS Vendor Equipment Vulnerabilities v3 5.4 Siemens Siemens Mendix Studio Pro Improper Control of Generation of Code ('Code Injection') Background Critical Infrastructure Sectors: Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-48192 Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could a","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-04","severity":"critical","cvss":null,"cves":["CVE-2026-48192"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"66a2a453-dfc2-4e60-bf9d-d7b325118059","num":129262,"source_id":"cisa","external_id":"/node/25122","title":"Labcenter Proteus 9","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations. The following versions of Labcenter Proteus 9 are affected: Proteus 9.1_SP4_Build_42914 CVSS Vendor Equipment Vulnerabilities v3 7.8 Labcenter Electronics Labcenter Proteus 9 Out-of-bounds Write, Stack-based Buffer Overflow, Use After Free Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Defense Industrial Base, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United Kingdom Vulnerabilities Expand All + CVE-2026-42953 The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution. View CVE Details Affected Products Labcenter Proteus 9 Vendor: Labcenter Electronics Product Version: Labcenter Electronics Proteus: 9.1_SP4_Build_42914 Product Status: known_affected Remediations Vendor fix Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly. Mitigation If you have questions or need help please contact Labcenter or your local distributor. Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-49033 The application contains a stack-based buffer overflow vulnerability that can be explo","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06","severity":"critical","cvss":null,"cves":["CVE-2026-42953","CVE-2026-49033","CVE-2026-42958"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"7397fb74-b88c-40db-9900-322a2147c178","num":129261,"source_id":"cisa","external_id":"/node/25119","title":"Hitachi Energy e-mesh EMS","summary":"View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy e-mesh EMS are affected: Hitachi Energy e-mesh EMS 4.1.6, 4.4.2, 4.7.0 CVSS Vendor Equipment Vulnerabilities v3 8.1 Hitachi Energy Hitachi Energy e-mesh EMS Heap-based Buffer Overflow Background Critical Infrastructure Sectors: Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-42945 NGINX Plus and NGINX Open Source used in e-mesh EMS have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. e-mesh EMS versions using NGINX v1.30.0 and below are affected. View CVE Details Affected Products Hitachi Energy e-mesh EMS Vendor: Hitachi Energy Product Version: e-mesh EMS versions 4.1.6, e-mesh EMS versions 4.4.2, e-mesh EMS versions 4.7.0 Product Status: known_affected Remediations Vendor fix Apply hotfix for respective e-mesh EMS versions to update NGINX to either v1.30.2 or latest Mitigation Ensure rewrite configuration does","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-03","severity":"critical","cvss":null,"cves":["CVE-2026-42945"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"5752f6f4-6abf-4029-87d2-6aea61f09f73","num":129260,"source_id":"cisa","external_id":"/node/25123","title":"Digi International PortServer TS, Digi One SP IA","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts. The following versions of Digi International PortServer TS, Digi One SP IA are affected: PortServer TS Digi One SP Digi One SP IA Digi One IA CVSS Vendor Equipment Vulnerabilities v3 5.9 Digi International Digi International PortServer TS, Digi One SP IA Incorrect Authorization, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Critical Manufacturing, Communications, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12352 The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device. View CVE Details Affected Products Digi International PortServer TS, Digi One SP IA Vendor: Digi International Product Version: Digi International PortServer TS: <Firmware_2025, Digi International Digi One SP: <Firmware_2025, Digi International Digi One SP IA: <Firmware_2025, Digi International Digi One IA: <Firmware_2025 Product Status: known_affected Remediations Mitigation Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken: Vendor fix For Digi PortServer TS: Enable HTTPS on the web server. Mitigation Alternatively, disable the web server when it is not actively being used for configuration. Mitigation Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN. Vendor fix For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN. Mitigation The fo","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07","severity":"critical","cvss":null,"cves":["CVE-2026-12352","CVE-2026-12948"],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"9121cac2-9738-482b-9e57-11da6a1ec33b","num":487,"source_id":"cisa","external_id":"/node/25107","title":"CubeSpace CW0057 Reaction Wheel","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas Deployed: Worldwide Company Headquarters Location: South Africa Vulnerabilities Expand All + CVE-2026-13743 CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication. View CVE Details Affected Products CubeSpace CW0057 Reaction Wheel Vendor: CubeSpace Product Version: CubeSpace CW0057 Reaction Wheel: <firmware_5.0.20 Product Status: known_affected Remediations Vendor fix CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed‑boot functionality, particularly the fully immutable mode, to achieve full security. Mitigation CubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, Cube","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-02","severity":"critical","cvss":null,"cves":["CVE-2026-13743"],"exploited":false,"has_exploit":false,"published_at":"2026-07-02T12:00:00+00:00"},{"id":"b1f066fe-320c-4eb5-8d9e-ab4a705d6bb9","num":292,"source_id":"cisa","external_id":"/node/25106","title":"ST Engineering iDirect iQ-Series Terminals","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 3315‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) 9‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057) CVSS Vendor Equipment Vulnerabilities v3 8.1 ST Engineering iDirect ST Engineering iDirect iQ-Series Terminals Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) Background Critical Infrastructure Sectors: Communications, Defense Industrial Base, Energy, Government Services and Facilities, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-38059 The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance. View CVE Details Affected Products ST Engineering iDirect iQ-Series Terminals Vendor: ST Engineering iDirect Product Version: ST Engineering iDirect Evolution iQ‑Series terminals: <=4.5.2.1, ST Engineering iDirect 3315‑Series terminals: <=4.5.2.1, ST Engineering iDirect 9‑Series terminals: <=4.5.2.1 Product Status: known_affected Remediations Mitigation ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer. Mitigation Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","severity":"critical","cvss":null,"cves":["CVE-2026-38059","CVE-2026-38057"],"exploited":false,"has_exploit":false,"published_at":"2026-07-02T12:00:00+00:00"},{"id":"4207adb6-ab77-41c9-b77f-7e2b6759a74b","num":232,"source_id":"cisa","external_id":"/node/25108","title":"Gardyn IoT Hub","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) CVSS Vendor Equipment Vulnerabilities v3 10 Gardyn Gardyn IoT Hub Use of Hard-coded Credentials, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improper Neutralization of HTTP Headers for Scripting Syntax Background Critical Infrastructure Sectors: Food and Agriculture Countries/Areas Deployed: United States Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-13768 Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network. View CVE Details Affected Products Gardyn IoT Hub Vendor: Gardyn Product Version: Gardyn Home Firmware: <master.627, Gardyn Studio Firmware: <master.627, Gardyn Cloud API: <2.12.2026 Product Status: known_affected Remediations Mitigation Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities. Mitigation Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App. Mitigation Further information on Gardyn security can be found here: ht","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03","severity":"critical","cvss":null,"cves":["CVE-2026-13768","CVE-2026-55726","CVE-2026-54477"],"exploited":false,"has_exploit":true,"published_at":"2026-07-02T12:00:00+00:00"},{"id":"33287946-ef9b-4dea-95e3-139bb8070493","num":226,"source_id":"cisa","external_id":"/node/25105","title":"CISA Adds One Known Exploited Vulnerability to Catalog","summary":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog","severity":"high","cvss":null,"cves":["CVE-2026-45659"],"exploited":true,"has_exploit":true,"published_at":"2026-07-01T12:00:00+00:00"},{"id":"7895195a-ffc8-4f1a-a95c-6386aff2f5b5","num":248,"source_id":"cisa","external_id":"/node/25096","title":"Schneider Electric EasyLogic T150 and Saitel DP RTU","summary":"View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected: EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.30 (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.31 (CVE-2026-9651) Saitel DP Remote Terminal Unit & Controller <=11.06.35 (CVE-2026-9650) Saitel DP Remote Terminal Unit & Controller <=11.06.37 (CVE-2026-9651) CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electric EasyLogic T150 and Saitel DP RTU Insufficiently Protected Credentials, Incorrect Permission Assignment for Critical Resource Background Critical Infrastructure Sectors: Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-9650 CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files.With this credential an attacker could subsequently compromise the device if they have physical access to the device. View CVE Details Affected Products Schneider Electric EasyLogic T150 and Saitel DP RTU Vendor: Schneider Electric Product Version: Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller: <=11.06.30, Schneider Electric Saitel DP Remote Terminal Unit & Controller: <=11.06.35 Product Status: known_affected Remediations Vendor fix Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Firmware (<=1","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-04","severity":"critical","cvss":null,"cves":["CVE-2026-9650","CVE-2026-9651"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"474ab57f-636b-4552-8dfe-a88b8adf4504","num":407,"source_id":"cisa","external_id":"/node/25098","title":"StoneFly Storage Concentrator","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions of StoneFly Storage Concentrator are affected: Storage Concentrator <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator Virtual Machine <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator <8.0.4.26 (CVE-2026-50110) Storage Concentrator Virtual Machine <8.0.4.26 (CVE-2026-50110) Storage Concentrator <8.0.4.29 (CVE-2026-56413) Storage Concentrator Virtual Machine <8.0.4.29 (CVE-2026-56413) CVSS Vendor Equipment Vulnerabilities v3 10 StoneFly StoneFly Storage Concentrator Use of Hard-coded Credentials, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Defense Industrial Base, Energy, Financial Services, Healthcare and Public Health, Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-50110 Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems. View CVE Details Affected Products StoneFly Storage Concentrator Vendor:","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06","severity":"critical","cvss":null,"cves":["CVE-2026-56415","CVE-2026-55721","CVE-2026-50040","CVE-2026-50110","CVE-2026-56413"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"b77d0bf4-b953-4685-aa1e-b19a88cdc673","num":266,"source_id":"cisa","external_id":"/node/25097","title":"XZ Utils vulnerability impacting B&R Products","summary":"View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impacting B&R Products are affected: PPC3100 <1.8.1, 1.8.1 (CVE-2025-31115) C50 <1.8.0, 1.8.0 (CVE-2025-31115) C80 <1.8.0, 1.8.0 (CVE-2025-31115) FT50 <1.8.1, 1.8.1 (CVE-2025-31115) MT50 <1.8.1, 1.8.1 (CVE-2025-31115) T30 <1.8.0, 1.8.0 (CVE-2025-31115) T80 <1.8.0, 1.8.0 (CVE-2025-31115) T50 <1.8.1, 1.8.1 (CVE-2025-31115) CVSS Vendor Equipment Vulnerabilities v3 7.5 B&R Industrial Automation GmbH XZ Utils vulnerability impacting B&R Products Race Condition within a Thread Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-31115 XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. View CVE Details Affected Products XZ Utils vulnerability impacting B&R Products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH PPC3100 <1.8.1, B&R Industrial Automation GmbH C50 <1.8.0, B&R Industrial Automation GmbH C80 <1.8.0, B&R Industrial Automation GmbH FT50 <1.8.1, B&R Industrial Automation G","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-05","severity":"critical","cvss":null,"cves":["CVE-2025-31115"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"a0600254-addb-486d-9082-d3183d8be4a4","num":1543,"source_id":"cisa","external_id":"/node/25099","title":"Delta Electronics DVP12SE PLC","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. The following versions of Delta Electronics DVP12SE PLC are affected: DVP12SE PLC vers:all/* (CVE-2026-12819, CVE-2026-12818) CVSS Vendor Equipment Vulnerabilities v3 9.8 Delta Electronics Delta Electronics DVP12SE PLC Missing Authentication for Critical Function, Allocation of Resources Without Limits or Throttling Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12819 The Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. The device accepts Modbus commands from any reachable network source without requiring credentials, privilege validation, or operator approval, allowing unauthorized read and write access to coils, holding registers, operational memory, relay states, and process control functions. View CVE Details Affected Products Delta Electronics DVP12SE PLC Vendor: Delta Electronics Product Version: Delta Electronics DVP12SE PLC: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of these vulnerabilities and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Enable the IP Filter feature: Configure and enable the PLC's built-in IP Filter function via the programming software. Restrict access exclusively to the IP addresses of trusted devices (such as designated HMI panels or SCADA hosts) to block unauthorized network access.Set up PLC password protection: Enable password protection for the PLC within the programming software to e","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-07","severity":"critical","cvss":null,"cves":["CVE-2026-12819","CVE-2026-12818"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"91794aa4-56b8-4c3e-8f67-920d2e02f626","num":265,"source_id":"cisa","external_id":"/node/25093","title":"Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected: MELSOFT Update Manager SW1DND-UDM-M >=1.000A|<=1.014Q (CVE-2025-53816, CVE-2025-53817, CVE-2025-55188, CVE-2025-11001) CVSS Vendor Equipment Vulnerabilities v3 8.8 Mitsubishi Electric Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Heap-based Buffer Overflow, NULL Pointer Dereference, Improper Link Resolution Before File Access ('Link Following'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2025-53816 A heap-based buffer overflow vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a buffer overflow that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixe","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-01","severity":"critical","cvss":null,"cves":["CVE-2025-53816","CVE-2025-53817","CVE-2025-55188","CVE-2025-11001"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"a79339a0-8a03-4181-8c56-c9a9f05ea8c1","num":328,"source_id":"cisa","external_id":"/node/25092","title":"OFFIS DCMTK Toolkit","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. The following versions of OFFIS DCMTK Toolkit are affected: DCMTK <=3.7.0 (CVE-2026-50003, CVE-2026-50254, CVE-2026-35505, CVE-2026-52868, CVE-2026-44628) CVSS Vendor Equipment Vulnerabilities v3 9.8 OFFIS OFFIS DCMTK Toolkit Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Release of Memory after Effective Lifetime, Access of Resource Using Incompatible Type ('Type Confusion') Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-50003 A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths. View CVE Details Affected Products OFFIS DCMTK Toolkit Vendor: OFFIS Product Version: OFFIS DCMTK: <=3.7.0 Product Status: known_affected Remediations Mitigation The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: Vendor fix https://github.com/DCMTK/dcmtk/releases/tag/latest. https://github.com/DCMTK/dcmtk/releases/tag/latest Mitigation Users are recommended to download the latest GitHub release once it becomes available. Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4.0 9.3 CRITICAL CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-50254 An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp","link":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01","severity":"critical","cvss":null,"cves":["CVE-2026-50003","CVE-2026-50254","CVE-2026-35505","CVE-2026-52868","CVE-2026-44628"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"dd9105cf-6b92-4eec-8c04-9b0d3a4ce22f","num":272,"source_id":"cisa","external_id":"/node/25094","title":"Frangoteam FUXA SCADA/HMI","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. View CVE Details Affected Products Frangoteam FUXA SCADA/HMI Vendor: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1.3.1 Product Status: known_affected Remediations Mitigation Frangoteam recommends users apply the latest version of FUXA 1.3.2 or later https://github.com/frangoteam/FUXA/releases. https://github.com/frangoteam/FUXA/releases Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Joshua Hayes of Cited Relevance LLC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/priva","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-02","severity":"critical","cvss":null,"cves":["CVE-2026-13207"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"ae23da4f-a2d0-4aa4-ad44-a208a20e80b6","num":371,"source_id":"cisa","external_id":"/node/25095","title":"Schneider Electric EcoStruxure IT Data Center Expert","summary":"View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Center Expert vers:intdot/<=9.1.1, 9.1.2 (CVE-2026-8045) CVSS Vendor Equipment Vulnerabilities v3 6.5 Schneider Electric Schneider Electric EcoStruxure IT Data Center Expert Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-8045 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints View CVE Details Affected Products Schneider Electric EcoStruxure IT Data Center Expert Vendor: Schneider Electric Product Version: EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) Version 9.1.1 and Prior Product Status: fixed, known_affected Remediations Vendor fix v9.1.2 of EcoStruxure™ IT Data Center Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/en/product-range/61851-ecostruxure-it-data- center-expert/#software-and-firmware https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=61851#software-and-firmware Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-03","severity":"critical","cvss":null,"cves":["CVE-2026-8045"],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T12:00:00+00:00"},{"id":"8a75f0b3-bc08-4b72-b415-a03367615813","num":275,"source_id":"cisa","external_id":"/node/25087","title":"CISA Adds One Known Exploited Vulnerability to Catalog","summary":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/06/29/cisa-adds-one-known-exploited-vulnerability-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48558"],"exploited":true,"has_exploit":true,"published_at":"2026-06-29T12:00:00+00:00"},{"id":"a53a7baf-d4ea-4e5e-8149-fe1f92ee2864","num":298,"source_id":"cisa","external_id":"/node/25061","title":"Russian Intelligence Services Continue to Target Commercial Messaging Applications","summary":"CISA and the Federal Bureau of Investigation (FBI) issued an updated Public Service Announcement (PSA) warning of Russian Intelligence Services (RIS) cyber threat actors targeting commercial messaging applications in ongoing phishing campaigns. This PSA is an update to the March 2026 Russian Intelligence Services Target Commercial Messaging Application Accounts and provides recent tactics, recommended mitigations, and samples of phishing messages.","link":"https://www.cisa.gov/resources-tools/resources/russian-intelligence-services-continue-target-commercial-messaging-applications","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-06-26T12:00:00+00:00"},{"id":"306a2a67-c986-4204-a3c8-703d7e896f22","num":382,"source_id":"cisa","external_id":"/node/25074","title":"Horner Automation Cscape","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code. The following versions of Horner Automation Cscape are affected: Cscape &lt;10.2_SP3 CVSS Vendor Equipment Vulnerabilities v3 7.8 Horner Automation Horner Automation Cscape Out-of-bounds Read Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12897 Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. View CVE Details Affected Products Horner Automation Cscape Vendor: Horner Automation Product Version: Horner Automation Cscape: &lt;10.2_SP3 Product Status: known_affected Remediations Vendor fix Horner Automation has released Cscape 10.2 SP3 for users to download. Vendor fix For more information, see the Cscape 10.2 SP3 release notes (https://hornerautomation.com/cscape-software-free/cscape-software/). https://hornerautomation.com/cscape-software-free/cscape-software/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Michael Heinzl reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the intern","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-03","severity":"critical","cvss":null,"cves":["CVE-2026-12897"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"409e635b-d0f1-47e5-a707-c1492edf9ac4","num":408,"source_id":"cisa","external_id":"/node/25076","title":"H.VIEW HV-500S6 IP Camera","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device. The following versions of H.VIEW HV-500S6 IP Camera are affected: H.VIEW HV-500S6 IP Camera IPCAM_V4.06.88.251229 CVSS Vendor Equipment Vulnerabilities v3 7.2 H.VIEW H.VIEW HV-500S6 IP Camera Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Unrestricted Upload of File with Dangerous Type Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation. View CVE Details Affected Products H.VIEW HV-500S6 IP Camera Vendor: H.VIEW Product Version: H.VIEW H.VIEW HV-500S6 IP Camera: IPCAM_V4.06.88.251229 Product Status: known_affected Remediations Mitigation H.View did not respond to CISA's request to coordinate. Users are encouraged to reach out to H.View for support. https://hviewsmart.com/pages/contact-us https://hviewsmart.com/pages/contact-us Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 4.0 8.6 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This de","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-05","severity":"critical","cvss":null,"cves":["CVE-2026-55975","CVE-2026-56414"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"3414c9dc-4c0c-4979-b8f4-03a34a9ef22f","num":299,"source_id":"cisa","external_id":"/node/25077","title":"Delta Electronics DTM Soft","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The following versions of Delta Electronics DTM Soft are affected: DTMSoft vers:all/* CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DTM Soft Deserialization of Untrusted Data Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12578 The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. View CVE Details Affected Products Delta Electronics DTM Soft Vendor: Delta Electronics Product Version: Delta Electronics DTMSoft: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of the vulnerability and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it. Mitigation Avoid running as administrator: Do not use the \"Run as Administrator\" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code. Mitigation For more information refer to Delta Electronic's advisory page https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory Relevant CWE: CWE-502 Deserialization of Untrusted Data Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments kimiya of TrendAI Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-06","severity":"critical","cvss":null,"cves":["CVE-2026-12578"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"385adbfa-bf75-4c17-bdf8-7f1cc1e5239e","num":875,"source_id":"cisa","external_id":"/node/25072","title":"Yokogawa FAST/TOOLS and CI Server","summary":"View CSAF Summary Successful exploitation of this vulnerability may return a response containing the CI Server setting information. The following versions of Yokogawa FAST/TOOLS and CI Server are affected: FAST/TOOLS >=R9.01|<=R10.04 Collaborative Information Server (CI Server) >=R1.01|<=R1.04 CVSS Vendor Equipment Vulnerabilities v3 7.5 Yokogawa Yokogawa FAST/TOOLS and CI Server Cleartext Transmission of Sensitive Information Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2026-11833 The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. View CVE Details Affected Products Yokogawa FAST/TOOLS and CI Server Vendor: Yokogawa Product Version: Yokogawa FAST/TOOLS: >=R9.01|<=R10.04, Yokogawa Collaborative Information Server (CI Server): >=R1.01|<=R1.04 Product Status: known_affected Remediations Vendor fix Yokogawa recommends users update FAST/TOOLS up to R10.04 and apply patch software (R10.04 SP4). Mitigation Yokogawa recommends users update Collaborative Information Server (CI Server) up to R1.05. Mitigation For more information and details on implementing these mitigations, users should see the Yokogawa security advisory report YSAR-26-0004 at: https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf Mitigation For questions related to this report, please contact the below. https://contact.yokogawa.com/cs/gw?c-id=000498 Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.2 HIGH CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Yokogawa reported this vulnerability to JPCERT/CC Legal Notice and Terms of Use This product is provided subject t","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-01","severity":"critical","cvss":null,"cves":["CVE-2026-11833"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"a7dcb342-ad3b-4985-b0a8-9437b666a28c","num":350,"source_id":"cisa","external_id":"/node/25079","title":"pydicom pynetdicom Library","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versions of pydicom pynetdicom Library are affected: pynetdicom >=v1.0.0|<v3.0.4 CVSS Vendor Equipment Vulnerabilities v3 9.1 pydicom pydicom pynetdicom Library Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-56445 The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths. View CVE Details Affected Products pydicom pynetdicom Library Vendor: pydicom Product Version: pydicom pynetdicom: >=v1.0.0|<v3.0.4 Product Status: known_affected Remediations Vendor fix The maintainer of pynetdicom has not responded to requests to work with CISA to mitigate this vulnerability. For update information, refer to the github page https://github.com/pydicom/pynetdicom. https://github.com/pydicom/pynetdicom Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 4.0 8.8 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Simon Weber and Volker Schönefeld of Machine Spirits UG reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems","link":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-176-01","severity":"critical","cvss":null,"cves":["CVE-2026-56445"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"ed045b3c-b062-4377-8cbe-be7e34657260","num":1017,"source_id":"cisa","external_id":"/node/25073","title":"EVoke Systems Charging Station Management System","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of EVoke Systems Charging Station Management System are affected: EVoke CSMS vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 EVoke Systems EVoke Systems Charging Station Management System Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials Background Critical Infrastructure Sectors: Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-40702 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system. View CVE Details Affected Products EVoke Systems Charging Station Management System Vendor: EVoke Systems Product Version: EVoke Systems EVoke CSMS: vers:all/* Product Status: known_affected Remediations Vendor fix EVoke states that as a hardware-agnostic platform supporting multiple charger Original Equipment Manufacturers OEMs, EVoke must interoperate with EVSE devices that support different OCPP security profiles depending on the firmware capabilities of the charger. EVoke CSMS currently supports all OCPP security profiles (0–3). However, the effective security configuration for a charger connection is determined by the security profile implemented in the EVSE firmware. Some legacy chargers deployed in the network support only Security Profile 0 or 1. These chargers were install","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02","severity":"critical","cvss":null,"cves":["CVE-2026-40702","CVE-2026-50176","CVE-2026-54479","CVE-2026-44622"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"95417c7c-7ff9-4745-a202-c795b4809cfd","num":567,"source_id":"cisa","external_id":"/node/25075","title":"Daktronics Controller Firmware","summary":"View CSAF Summary Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system. The following versions of Daktronics Controller Firmware are affected: VFC-DMP-5000 <v8.117.x.x VFC-DMP-5000 <v9.43.x.x VFC-DMP-5000 <v10.34.x.x DMP-5000 <v10.34.x.x DMP-5000 <v8.117.x.x DMP-5000 <v9.43.x.x DMP-8000 <v10.34.x.x DMP-8000 <v8.117.x.x DMP-8000 <v9.43.x.x CVSS Vendor Equipment Vulnerabilities v3 8.1 Daktronics Daktronics Controller Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Commercial Facilities, Information Technology, Emergency Services, Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-28701 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths. View CVE Details Affected Products Daktronics Controller Firmware Vendor: Daktronics Product Version: Daktronics VFC-DMP-5000: <v8.117.x.x, Daktronics VFC-DMP-5000: <v9.43.x.x, Daktronics VFC-DMP-5000: <v10.34.x.x, Daktronics DMP-5000: <v10.34.x.x, Daktronics DMP-5000: <v8.117.x.x, Daktronics DMP-5000: <v9.43.x.x, Daktronics DMP-8000: <v10.34.x.x, Daktronics DMP-8000: <v8.117.x.x, Daktronics DMP-8000: <v9.43.x.x Product Status: known_affected Remediations Mitigation Daktronics recommends users update their device software to one of the following versions (based on product configuration in use): 8.117.0.x, 9.43.0.x, or 10.34.0.x Mitigation Daktronics recommends updating the default passwords and encourages using strong, unique credentials per device. Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metr","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04","severity":"critical","cvss":null,"cves":["CVE-2026-28701","CVE-2026-33560","CVE-2026-31928"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"90342e40-41d3-456b-862f-b08938aa0133","num":303,"source_id":"cisa","external_id":"/node/25080","title":"OHIF Viewers DICOM","summary":"View CSAF Summary Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. The following versions of OHIF Viewers DICOM are affected: OHIF DICOM Web Viewer Framework <=v3.12.0 CVSS Vendor Equipment Vulnerabilities v3 8.2 Open Health Imaging Foundation (OHIF) OHIF Viewers DICOM Server-Side Request Forgery (SSRF) Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12473 Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted. View CVE Details Affected Products OHIF Viewers DICOM Vendor: Open Health Imaging Foundation (OHIF) Product Version: Open Health Imaging Foundation (OHIF) OHIF DICOM Web Viewer Framework: <=v3.12.0 Product Status: known_affected Remediations Mitigation The maintainer has fixed the reported vulnerability and released version 3.12.2 (2026-05-18). The fix is located at OHIF/Viewers#5985 (master), OHIF/Viewers#5978 (release/3.12). Mitigation Users are recommended to upgrade to v3.12.2 or later. Operators who need dicomwebproxy or dicomjson in authenticated deployments must additionally configure the new dangerouslyAllowedOriginsForAuthenticatedEnvironments allowlist in app-config.js. Mitigation Users running OHIF with authentication should remove ALL unused DicomWebProxyDataSource and DicomJSONDataSource configurations from the configuration file they are deploying with. Relevant CWE: CWE-918 Server-Side Request Forgery (SSRF) Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.2 HIGH CVSS:3.1/AV:N","link":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-176-02","severity":"critical","cvss":null,"cves":["CVE-2026-12473"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"88de17f3-85f6-41bb-b2c0-6023103440ec","num":920,"source_id":"cisa","external_id":"/node/25078","title":"Schneider Electric PowerLogic P7","summary":"View CSAF Summary Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or loss of HMI operability and configuration functionality, which could result in loss of control over system operations and disruption of critical services. The following versions of Schneider Electric PowerLogic P7 are affected: PowerLogic™ P7 vers:intdot/<=0.2.003.001.000 PowerLogic™ P7 0.2.003.001.000 CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electric PowerLogic P7 NULL Pointer Dereference, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Reachable Assertion Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-9716 CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. View CVE Details Affected Products Schneider Electric PowerLogic P7 Vendor: Schneider Electric Product Version: PowerLogic™ P7 version 0.2.003.001.000 and prior Product Status: fixed, known_affected Remediations Vendor fix Version V02.004.001 of PowerLogicTM P7 includes a fix for this vulnerability and is available for download. Contact Schneider Electric’s Customer Care Center to download this firmware. Reboot needed: Yes Mitigation If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Restrict network access to P7 service endpoints (ports 8080 and 3702) • Monitor and al","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-07","severity":"critical","cvss":null,"cves":["CVE-2026-9716","CVE-2026-9717","CVE-2026-9718"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"37179985-3b6a-49be-8e13-42a3711163bb","num":847,"source_id":"cisa","external_id":"/node/25083","title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","summary":"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/06/25/cisa-adds-two-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2026-12569","CVE-2026-20230"],"exploited":true,"has_exploit":true,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"59d3d65d-f50c-471f-a423-356b998f4cac","num":409,"source_id":"cisa","external_id":"/node/25029","title":"Using SASE in a Modern TIC 3.0 Solution","summary":"Using SASE in a Modern TIC 3.0 Solution CISA’s guidance, The Journey to Zero Trust – Using Secure Access Service Edge in a Modern TIC 3.0 Solution , details how the Trusted Internet Connections (TIC) 3.0 initiative is helping agencies modernize the way their users connect to applications, data and services. While federal agencies are the target audience, any organization looking to modernize its perimeter-based architectures, advance zero trust adoption, and improve visibility and control across distributed environments will benefit from this guidance. To learn more about ZT principles, visit Zero Trust . CISA Product Survey We welcome your feedback. CISA Product Survey","link":"https://www.cisa.gov/resources-tools/resources/using-sase-modern-tic-30-solution","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-06-24T12:00:00+00:00"},{"id":"42f9c426-18d0-484e-b6c9-6f600091e389","num":410,"source_id":"cisa","external_id":"/node/25060","title":"CISA Adds Four Known Exploited Vulnerabilities to Catalog","summary":"CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2025-67038","CVE-2026-34908","CVE-2026-34909","CVE-2026-34910"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T12:00:00+00:00"},{"id":"6e37fa25-93a5-42d6-b43d-89b45fac9ef5","num":1103,"source_id":"cisa","external_id":"/node/25067","title":"Impact of Linux Kernel vulnerabilities on B&R products","summary":"View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected: Linux for B&R &lt;=12 APROL &lt;APROL-AutoYaST-DVD- V4.4-010.10.260602 X20EDS410 /all CVSS Vendor Equipment Vulnerabilities v3 7.8 B&R Industrial Automation GmbH Impact of Linux Kernel vulnerabilities on B&R products Incorrect Resource Transfer Between Spheres, Write-what-where Condition, Improper Privilege Management, Out-of-bounds Write, Multiple Releases of Same Resource or Handle Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. View CVE Details Affected Products Impact of Linux Kernel vulnerabilities on B&R products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH Linux for B&R &lt;=12, B&R Industrial Automation GmbH APROL &lt;APROL-AutoYaST-DVD- V4.4-010.10.260602, B&R Industrial Automation GmbH X20EDS410 /all Product Status: fixed, known_affected Remediations Vendor fix For affected products, softw","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-06","severity":"critical","cvss":null,"cves":["CVE-2026-31431","CVE-2026-43284","CVE-2026-46333","CVE-2026-46300","CVE-2026-43494"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T12:00:00+00:00"},{"id":"7298e17b-94f8-4cb3-b13b-8eade43a30a3","num":1112,"source_id":"cisa","external_id":"/node/25064","title":"Siemens Products using OpenSSL","summary":"View CSAF Summary OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Products using OpenSSL are affected: AI Lightweight Inference Server vers:all/* (CVE-2025-15467) Connector for Azure vers:intdot/&lt;1.8.0 (CVE-2025-15467) Databus vers:intdot/&lt;3.3.2 (CVE-2025-15467) HiMed Cockpit vers:all/* (CVE-2025-15467) RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:all/* (CVE-2025-15467) RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) vers:all/* (CVE-2025-15467) SCALANCE LPE9403 (6GK5998-3GS00-2AC2) vers:all/* (CVE-2025-15467) SCALANCE LPE9413 (6GK5998-3GS01-2AC2) vers:all/* (CVE-2025-15467) SCALANCE LPE9433 (6GK5998-3GS11-2AC2) vers:all/* (CVE-2025-15467) SCALANCE M804PB (6GK5804-0AP00-2AA2) vers:all/* (CVE-2025-15467) SCALANCE M812-1 ADSL-Router family vers:all/* (CVE-2025-15467) SCALANCE M816-1 ADSL-Router family vers:all/* (CVE-2025-15467) SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) vers:all/* (CVE-2025-15467) SCALANCE M874-2 (6GK5874-2AA00-2AA2) vers:all/* (CVE-2025-15467) SCALANCE M874-3 (6GK5874-3AA00-2AA2) vers:all/* (CVE-2025-15467) SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) vers:all/* (CVE-2025-15467) SCALANCE M876-3 (6GK5876-3AA02-2BA2) vers:all/* (CVE-2025-15467) SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) vers:all/* (CVE-2025-15467) SCALANCE M876-4 (6GK5876-4AA10-2BA2) vers:all/* (CVE-2025-15467) SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) vers:all/* (CVE-2025-15467) SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) vers:all/* (CVE-2025-15467) SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) vers:all/* (CVE-2025-15467) SCALANCE MUB852-1 (B1) (6GK","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-03","severity":"unknown","cvss":null,"cves":["CVE-2025-15467"],"exploited":false,"has_exploit":false,"published_at":"2026-06-23T12:00:00+00:00"},{"id":"ef184e61-2ca4-433a-ad07-0fdb3ac49446","num":1132,"source_id":"cisa","external_id":"/node/25066","title":"ABB Freelance Security Lock","summary":"View CSAF Summary Successful exploitation of this vulnerability could allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. The following versions of ABB Freelance Security Lock are affected: ABB System Version (&lt;=Freelance 2013) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2013 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2016) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2016 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2019) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2019 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2019 SP1 FP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2024) installed with ABB Freelance Security Lock(All versions) vers:all/* CVSS Vendor Equipment Vulnerabilities v3 6.6 ABB ABB Freelance Security Lock Authentication Bypass by Primary Weakness Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-7064 An attacker is able to attack Freelance user management when Security Lock is enabled. The precondition is that the attacker bypasses Freelance Operations which blocks access to the Windows operating system. This bypass can be achieved via undocumented or special key combinations available on modern keyboards. These combinations may allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. View CVE Details Affected Products ABB Freelance Security Lock Vendor: ABB Product Ver","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-05","severity":"critical","cvss":null,"cves":["CVE-2025-7064"],"exploited":false,"has_exploit":false,"published_at":"2026-06-23T12:00:00+00:00"},{"id":"18d21c5f-5bb5-4650-8651-e9ad42bb0d10","num":1111,"source_id":"cisa","external_id":"/node/25063","title":"Siemens SIPROTEC 5 Using DIGSI5 Protocol","summary":"View CSAF Summary SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIPROTEC 5 Using DIGSI5 Protocol are affected: SIPROTEC 5 6MD84 (CP300) vers:all/* SIPROTEC 5 6MD85 (CP200) vers:all/* SIPROTEC 5 6MD85 (CP300) vers:all/* SIPROTEC 5 6MD86 (CP200) vers:all/* SIPROTEC 5 6MD86 (CP300) vers:all/* SIPROTEC 5 6MD89 (CP300) vers:all/* SIPROTEC 5 6MU85 (CP300) vers:all/* SIPROTEC 5 7KE85 (CP200) vers:all/* SIPROTEC 5 7KE85 (CP300) vers:all/* SIPROTEC 5 7SA82 (CP100) vers:all/* SIPROTEC 5 7SA82 (CP150) vers:all/* SIPROTEC 5 7SA86 (CP200) vers:all/* SIPROTEC 5 7SA86 (CP300) vers:all/* SIPROTEC 5 7SA87 (CP200) vers:all/* SIPROTEC 5 7SA87 (CP300) vers:all/* SIPROTEC 5 7SD82 (CP100) vers:all/* SIPROTEC 5 7SD82 (CP150) vers:all/* SIPROTEC 5 7SD86 (CP200) vers:all/* SIPROTEC 5 7SD86 (CP300) vers:all/* SIPROTEC 5 7SD87 (CP200) vers:all/* SIPROTEC 5 7SD87 (CP300) vers:all/* SIPROTEC 5 7SJ81 (CP100) vers:all/* SIPROTEC 5 7SJ81 (CP150) vers:all/* SIPROTEC 5 7SJ82 (CP100) vers:all/* SIPROTEC 5 7SJ82 (CP150) vers:all/* SIPROTEC 5 7SJ85 (CP200) vers:all/* SIPROTEC 5 7SJ85 (CP300) vers:all/* SIPROTEC 5 7SJ86 (CP200) vers:all/* SIPROTEC 5 7SJ86 (CP300) vers:all/* SIPROTEC 5 7SK82 (CP100) vers:all/* SIPROTEC 5 7SK82 (CP150) vers:al","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-02","severity":"unknown","cvss":null,"cves":["CVE-2025-40808"],"exploited":false,"has_exploit":false,"published_at":"2026-06-23T12:00:00+00:00"}]}