Review – 3 Advisories and 3 Updates Published – 1-20-26

Today CISA’s NCCIC-ICS published three control system security advisories for products from Rockwell Automation and Schneider Electric (2). They also updated advisories for products from Mitsubishi Electric and Schneider (2).

Advisories

Rockwell  Advisory - This advisory describes two vulnerabilities in the Rockell Verve Asset Manager.

Schneider Advisory #1 - This advisory discusses 37 vulnerabilities in the Schneider devices using CODESYS Runtime.

NOTE: I briefly discussed these vulnerabilities on July 15^th, 2023.

Schneider Advisory #2 - This advisory discusses an exposure of sensitive information to an unauthorized actor vulnerability in the Schneider EcoStruxure Foxboro DCS.

NOTE: I briefly discussed this vulnerability on December 14^th, 2025.

Updates

Mitsubishi Update - This update provides additional information on the MELSOFT Update Manager that was originally published on July 3^rd, 2025.

NOTE: I briefly discussed the updated information on December 20^th, 2025.

Schneider Update #1 - This update provides additional information on the Uni-Telway Driver that was originally published on February 2^nd, 2025, and most recently updated on January 13^th, 2026.

NOTE: I briefly discussed the latest information from Schneider’s January 13^th, 2026 update on January 18^th, 2026.

 

For more information on these advisories, as well as ongoing commentary on version dates in CISA’s new ‘Republication’ advisory format, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-3-updates-published-63d - subscription required.