Review – 4 Advisories and 1 Update Published – 3-24-26

Today CISA’s NCCIC-ICS published three control system security advisories for products from Schneider (2) and Pharos Controls. They published a medical device security advisory for products from Grassroots.

Advisories

Schneider Advisory #1 - This advisory discusses four vulnerabilities (with publicly available exploit) in the Schneider Plant iT/Brewmaxx product.

Schneider Advisory #2 - This advisory describes a deserialization of untrusted data vulnerability in the Schneider EcoStruxure Foxboro DCS.

Pharos Advisory - This advisory describes a missing authentication for critical function vulnerability in the Pharos Mosaic Show Controller.

Grassroots Advisory - This advisory describes a missing release of memory after effective lifetime vulnerability in the Grassroots DICOM library.

Updates

WHILL Update - This update provides additional information on the Model C2 Electric Wheelchairs advisory that was originally reported on December 30^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-2f7 - subscription required.