Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Hubbell, B&R Industrial Automation, ABB, and Siemens (4). They also updated three vulnerabilities from Zero Motorcycles, Rockwell Automation, and Brightpick AI.
Advisories
Hubbell Advisory - This advisory describes a missing authentication for critical function vulnerability in the Hubbell Aclara Metrum Cellular Web Interface.
B&R Advisory - This advisory discusses five vulnerabilities (three with publicly available exploits) in multiple Linux based B&R products.
ABB Advisory - This advisory describes an authentication bypass by primary weakness vulnerability in the ABB Freelance Security Lock.
Siemens Advisory #1 - This advisory discusses four vulnerabilities in the Siemens SINEC INS.
Siemens Advisory #2 - This advisory discusses an out-of-bounds write vulnerability in the Siemens Products using OpenSSL.
Siemens Advisory #3 - This advisory discusses an unrestricted upload of file with dangerous type vulnerability in the Siemens SIPROTEC 5 Using DIGSI5 Protocol.
Siemens Advisory #4 - This advisory describes a cleartext storage in a file or on disk vulnerability in the Siemens WinCC Certificate Manager.
Updates
Zero Motorcycles Update - This update provides additional information on the firmware advisory that was originally published on March 21st, 2026.
Rockwell Update - This update provides additional information on the Arena advisory that was originally published on December 10th, 2024, and most recently updated on February 3rd, 2026.
Brightpick Update - This update provides additional information on the Internal Logic Control advisory that was originally published on November 13th, 2025.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-3-updates-published-d4b - subscription required.
Posts
No comments:
Post a Comment