Review – 4 Advisories and 6 Updates Published – 2-3-26

Today CISA’s NCCIC-ICS published four control system security advisories for products from Synectix, RISS SRL, Avation, and Mitsubishi Electric. They also updated advisories for products from Ubia, Mitsubishi Electric, Schneider Electric, Rockwell Automation, and Hitachi Energy (2).

Advisories

Synectix Advisory - This advisory describes a missing authentication for critical function vulnerability in the Synectix AN 232 TRIO.

RISS Advisory - This advisory describes missing authentication for critical function vulnerability in the RISS SRL MOMA Seismic Station.

Avation Light Advisory - This advisory describes a missing authentication for critical function vulnerability in the Avation Light Engine Pro.

Mitsubishi Advisory - This advisory describes an incorrect default permissions vulnerability in the Mitsubishi FREQSHIP-mini for Windows.

Updates

Ubia Update - This update provides additional information on the Ubox advisory that was originally published on November 6^th, 2025. The new information includes updating affected products and mitigations.

NOTE: The original was a “did not respond to CISA’s attempts to coordinate” advisory.

Mitsubishi Update - This update provides additional information on the Multiple FA Products that was originally published on May 8^th, 2025.

Schneider Update - This update provides additional information on the RemoteConnect advisory that was originally published on January 23^rd, 2025, and most recently updated on May 20^th, 2025.

Rockwell Update - This update provides additional information on the Arena advisory that was originally published on December 10^th, 2024 and most recently updated on January 9^th, 2025.

NOTE: I briefly discussed these two new Arena vulnerabilities on July 13^th, 2025.

Hitachi Energy Update #1 - This update provides additional information on the EC 61850 MMS-Server advisory that was originally published on March 30^th, 2023, and most recently updated on June 5^th, 2025.

I briefly discussed the updated information on February 1^st, 2026.

Hitachi Energy Update #2 - This update provides additional information on the Relion 670 advisory that was originally published on March 9^th, 2023, and most recently updated on June 4^th, 2025.

I briefly discussed the updated information on February 1^st, 2026.

 

For more information on these advisories, including continuing commentary on misleading ‘revision date’ information, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-6-updates-published - subscription required.