Review – 6 Advisories and 1 Update Published – 3-12-26

Today CISA’s NCCIC-ICS published six control systems security advisories for products from Inductive Automation, Siemens (4) and Trane. They also updated an advisory for products from Honeywell. Tuesday’s problem of advisories missing from the CISA advisory email continued today with two advisories not being listed.

There were two additional advisories, and 11 updates published by Siemens this week that have not yet been addressed by CISA. I will discuss those this weekend.

Advisories

Inductive Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Inductive Ignition Software.

HELIOX Advisory - This advisory describes an improper restriction of communication channel to intended endpoints vulnerability in the Siemens Heliox EV Chargers.

SIMATIC Advisory - This advisory describes a cross-site scripting vulnerability in the Siemens SIMATIC S7-1500 products.

SIDIS Advisory - This advisory discusses 23 vulnerabilities in the Siemens SIDIS Prime product.

RUGGEDCOM Advisory - This advisory discusses four vulnerabilities in the Siemens RUGGEDCOM APE1808 devices.

Trane Advisory - This advisory describes five vulnerabilities in the Trane Tracer products.

Updates

Honeywell Update - This update provides additional information for the HIB2PI and HDZ Series CCTV Cameras advisory that was originally published on February 17^th, 2026, and most recently updated on February 26^th, 2026.

 

For more information on these advisories, including a discussion about two more ‘missing advisories’, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-e8f  - subscription required.