Review – 3 Advisories and 3 Updates Published – 3-10-26

Today CISA’s NCCIC-ICS published three control system security advisories for products from Honeywell, Lantronix and Apeman. They also update three advisories for products from Mitsubishi Electric.

Advisories

Honeywell Advisory - This advisory describes a missing authentication for critical function vulnerability (with publicly available exploit) in the Honeywell IQ4x BMS Controller.

NOTE: I briefly discussed the Zero Science report on March 8^th, 2026.

Lantronix Advisory - This advisory describes eight vulnerabilities in the Lantronix EDS3000PS and EDS5000 terminals.

Apeman Advisory - This advisory describes three vulnerabilities (each with publicly available exploits) in the Apeman ID71 cameras.

Updates

Mitsubishi Update #1 - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on December 3^rd, 2024, and most recently updated on January 8^th, 2026.

Mitsubishi Update #2 - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on July 2^nd, 2024, and most recently updated on January 8^th, 2026.

Mitsubishi Update #3 - This update provides additional information on the HMI SCADA advisory that was originally published on January 20^th, 2022, and most recently updated on January 8^th, 2026.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-3-updates-published-ba4 - subscription required.