Today CISA’s NCCIC-ICS published two control system security advisories for products from Hitachi Energy, Yokogawa, and Siemens. They also updated advisories for products from Schneider Electric and Gardyn.
Advisories Hitachi Energy Advisory - this advisory discusses a deserialization of untrusted data vulnerability in the Hitachi Energy Ellipse product.
NOTE: I breifly discussed this vulnerability on February 28th, 2026.
Yokogawa Advisory - This advisory describes a use of hard-coded password vulnerability in the Yokogawa CENTUM VP products.
NOTE: I briefly discussed this vulnerability on March 29th, 2026.
Siemens Advisory - This advisory describes two vulnerabilities in the Siemens SICAM 8 products.
NOTE: I briefly discussed this vulnerability on March 29th, 2026.
Updates Schneider Update - This update provides additional information on the EcoStruxure advisory that was originally published on February 6th, 2025, and most recently updated on October 23rd, 2025.
NOTE: I briefly dicussed the Schneider update on March 16th, 2026.
Gardyn Update - This update provides additional information on the Home Kit advisory that was originally published on February 4th, 2026.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-2-updates-published-bc4 - subscription required.
Posts
No comments:
Post a Comment