Review – 6 Advisories and 1 Update Published – 5-12-26

 Today CISA’s NCCIC-ICS published six control system security advisories for products from ABB (4), Subnet Solutions, and Fuji Electric. They also updated an advisory for products from Ashlar-Vellum. 

Advisories  

ABB Advisory #1 - This advisory describes three vulnerabilities in the ABB WebPro SNMP Card PowerValue product. ABB has a new version that mitigates the vulnerabilities. 

ABB Advisory #2 - This advisory discusses an out-of-bounds write vulnerability in the ABB AC500 V3 product. 

ABB Advisory #3 - This advisory discusses an insecure default initialization of resource vulnerability in the ABB Automation Builder product.  

ABB Advisory #4 - This advisory discusses three vulnerabilities in their AC500 V3 products. 

Subnet Advisory - This advisory describes four vulnerabilities in the Subnet Solutions PowerSYSTEM Center. 

Fuji Advisory - This advisory describes an exposed dangerous method or function vulnerability in the Fuji Tellus product. 

Update  

Ashlar-Vellum Update - This update provides additional information on the Cobalt advisory that was originally published on November 25, 2025. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-890 - subscription required.