Review – 3 Advisories and 3 Updates Published – 1-29-26

Today CISA’s NCCIC-ICS published three control system security advisories for products from Rockwell Automation (2) and KiloView. They also updated advisories for products from Mitsubishi Electric (2) and BrightSign.

Advisories

Rockwell Advisory #1 - This advisory describes a missing release of memory after effective lifetime vulnerability in the Rockwell ControlLogix Redundancy Enhanced Module.

NOTE: I briefly discussed this vulnerability on January 25^th, 2026.

Rockwell Advisory #2 - This advisory describes nine uncontrolled resource consumption vulnerabilities in the Rockell ArmorStart LT.

NOTE: I briefly discussed this vulnerability on January 25^th, 2026.

KiloView Advisory - This advisory describes a missing authentication for critical function vulnerability in the KiloView Encoder series products.

Updates

Mitsubishi Update #1 - This update provides additional information on the CNC Series advisory that was originally published on July 24^th, 2025, and most recently updated on December 2^nd, 2025.

Mitsubishi Update #2 - This update provides additional information on the Iconics Digital Solutions advisory that as originally published on May 20^th, 2025, and most recently updated on January 8^th, 2026.

I briefly discussed the added information (Mitsubishi Update #1 note) on January 8^th, 2025.

BrightSign Update - This update provides additional information on the Players advisory that as originally published on May 6^th, 2026.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-3-updates-published-469 - subscription required.