Review – 3 Advisories and 2 Updates Published – 2-24-26

Today CISA’s NCCIC-ICS published three control system security advisories for products from Gardyn, Schneider Electric, and InSAT. They also updated two advisories for products from Mitsubishi.

Advisories

Gardyn Advisory - This advisory describes four vulnerabilities in the Gardyn Home Kit product line.

Schneider Advisory - This advisory describes two vulnerabilities in the Schneider EcoStruxure Building Operation Workstation.

NOTE: I briefly discussed these vulnerabilities on February 14^th, 2026

InSAT Advisory - This advisory describes two SQL injection vulnerabilities in the InSAT MasterSCADA BUK-TS.

Updates

Mitsubishi Update #1 - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on October 22^nd, 2024, and most recently updated on January 8^th, 2026.

Mitsubishi Update # 2 - This update provides additional information on the ICONICS Suite advisory that was originally published on July 26^th, 2022, and most recently updated on January 15^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-2-updates-published-758 - subscription required.