Yesterday, CISA’s NCCIC-ICS published eight control system security advisories for products from XCharge, Schneider Electric, KMW, CP Plus, ABB (2), Jinan USR IOT Technology, and MacGregor. There is a medical device security advisory for products from Fourth Frontier. Finally, there are also updates for products from ABB and Mitsubishi.
Advisories
XCharge Advisory - This advisory describes three vulnerabilities (one with publicly available exploit) in the XCharge C6 vehicle charger.
Schneider Advisory - This advisory describes a cleartext storage of sensitive information vulnerability in the Schneider EcoStruxure Machine Expert HVAC.
NOTE: I briefly discussed this vulnerability on May 16th, 2026.
KMW Advisory - This advisory describes an unverified password change vulnerability in the KMW CCTV Security Cameras.
CP Advisory - This advisory describes a cross-site scripting vulnerability in the CP Plus 8 Ch. Network Video Recorder.
ABB Advisory #1 - This advisory describes an active debug code vulnerability in the ABB Busch-Welcome 2 Wire Door Opener Actuator.
NOTE: I briefly discussed the vulnerability on July 26th, 2025.
ABB Advisory #2 - This advisory describes a cross-site scripting vulnerability in the ABB EIBPORT product.
NOTE: I briefly discussed this vulnerability on October 11th, 2025.
Jinan Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Jinan USR-W610 RS232/485 to Wi-Fi/Ethernet Converter.
MacGregor Advisory - This advisory describes five vulnerabilities in the MacGregor Voyage Data Recorder (VDR) G4e.
Fourth Frontier Advisory - This advisory describes a missing authentication for critical function vulnerability in the Fourth Frontier X Android application.
Updates
ABB Update - This update provides additional information on the ABB Ability Zenon Remote Transport advisory that was originally published on May 26th, 2026.
Mitsubishi Update - This update provides additional information on the Factory Automation Engineering Products advisory that was originally published on July 30th, 2026, and most recently updated on April 11th, 2023.
For more information on these advisories, including a down-the-rabbit-hole look at 3rd party vulnerabilities in the XCharge C6 vehicle charger, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-and-2-updates-published - subscription required.
Posts
No comments:
Post a Comment