Review – 8 Advisories Published – 3-19-26

Today CISA’s NCCIC-ICS published control system security advisories for products from Automated Logic, IGL-Technologies, CTEK, Mitsubishi, and Schneider (4).

Advisories

Automated Logic Advisory - This advisory describes three vulnerabilities in the Automated Logic WebCTRL Premium Server.

IGL-Technologies Advisory - This advisory describes four vulnerabilities in the IGL-Technologies eParking.fi.

CTEK Advisory - This advisory describes four vulnerabilities in the CTEK Chargeportal.

NOTE: I briefly discussed Sarieddine/Sayed’s research into vehicle charging systems back on February 26^th, 2026. It is interesting that continuing reports into new systems all show the same four vulnerabilities. Does this mean that all of these systems are using the same core technology?

Mitsubishi Advisory - This advisory describes an improper validation of specified index, position, or offset vulnerability in the Mitsubishi CNC Series products.

Schneider Advisory #1 - This advisory describes a deserialization of untrusted data vulnerability in the Schneider EcoStruxure PME and EPO products.

NOTE: I briefly mentioned this vulnerability on March 16^th, 2026.

Schneider Advisory #2 - This advisory describes code injection vulnerability in the Schneider EcoStruxure Automation Expert.

NOTE: I briefly mentioned this vulnerability on March 16^th, 2026.

Schneider Advisory #3 - This advisory describes a cross-site scripting vulnerability in the Schneider Modicon Controllers.

NOTE: I briefly mentioned this vulnerability on March 16^th, 2026.

 

For more information on these advisories, including another ‘missing advisories’ discussion, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-published-3-19-26-552  - subscription required.