Today CISA’s NCCIC-ICS published eight control system security advisories for products from EVMAPA, Delta Electronics, Hubitat, Weintek, Johnson Controls, Rockwell Automation, and Schneider Electric. They also updated two advisories for products from Hitachi Energy, and Axis Communications.
Advisories
EVMAPA Advisory -
This advisory
describes three vulnerabilities in the EVMAPA vehicle charging software.
Delta Advisory - This
advisory
describes a command injection vulnerability in the Delta DIAView product.
NOTE: I briefly
discussed this vulnerability on January 17th, 2026.
Hubitat Advisory -
This advisory
describes an authorization bypass through user controlled key vulnerability Hubitat
Elevation Hubs (home automation hubs).
Weintek Advisory -
This advisory
describes two vulnerabilities in the Weintek cMT X Series HMI EasyWeb Service.
Johnson Controls Advisory - This advisory
describes a stack-based buffer overflow vulnerability in the Johnson Control iSTAR
Configuration Utility (ICU) tool.
Rockwell Advisory -
This advisory
describes an improper validation of specified quantity in input vulnerability
in the Rockwell CompactLogix 5370 PLCs.
AutomationDirect
Advisory - This advisory
describes two vulnerabilities in the AutomationDirect CLICK Programmable Logic Controller.
Schneider Advisory -
This advisory
that describes an incorrect default permissions vulnerability in their
EcoStruxure Process Expert products
NOTE: I briefly discussed this vulnerability on January 17th, 2026.
Updates
Hitachi Energy Update
- This update
provides additional information on the Relion 670/650 advisory that was
originally published on July 3rd, 2025, and most recently updated on
August 28th, 2025.
NOTE: I briefly
discussed this updated information on December 14th, 2025.
Axis Update - This update
provides additional information on the Camera Station Pro advisory that was
originally published on December 18th, 2025, and most recently
updated on January 15th, 2026.
Posts
No comments:
Post a Comment