Review – 10 Advisories and 1 Update Published – 2-12-26

Today CISA’s NCCIC-ICS published ten control system security advisories for products from Airleader, Hitachi Energy, and Siemens (8). They also updated an advisory for products from Mitsubishi.

Siemens published two other advisories and 10 updates this week that were not covered by CISA. I will cover them this weekend in my Public ICS Disclosure posts.

Advisories

Airleader advisory - This advisory describes an unrestricted upload of file with dangerous type vulnerability in the Airleader Master compressor management controller.

Hitachi Energy - This advisory describes a use of default credentials vulnerability in the Hitachi Energy SuprOS product.

NOTE: I briefly discussed this vulnerability on January 31^st, 2026.

NX Advisory - This advisory describes three vulnerabilities in the Siemens NX CAD software.

Siveillance Advisory - This advisory discusses a missing authorization vulnerability in the Siemens Siveillance Video Management Servers.

SINEC Advisory #1 - This advisory discusses 51 vulnerabilities in the Siemens SINEC OS. These are third-party vulnerabilities.

SINEC Advisory #2 - This advisory describes two uncontrolled search path element vulnerabilities in the SINEC NMS and UMC products.

Solid Edge Advisory - This advisory describes an out-of-bounds read vulnerability in the Siemens Solid Edge products.

Desigo CC Advisory - This advisory discusses an out-of-bounds write vulnerability in the Siemens Desigo CC Product Family and SENTRON Powermanager.

COMOS Advisory - This advisory discusses six vulnerabilities in the Siemens COMOS plant engineering software.

NOTE: I briefly mentioned the original Siemens COMOS advisory on December 14^th, 2025. Today’s advisory is based upon this week’s second update of that advisory.

Polarion Advisory - This advisory describes a cross-site scripting vulnerability in the Siemens Polarion application lifecycle management (ALM) platform.

Updates

Mitsubishi Update - This update provides additional information on the Iconics Digital Solutions was originally published on May 20^th, 2026, and most recently updated January 8^th, 2026.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-and-1-update-published-de6 - subscription required.