Review – 1 Advisory and 2 Updates Published – 3-5-26

Today CISA’s NCCIC-ICS published one control system security advisory for products from Delta Electronics. They also updated advisories for products from Johnson Controls and Universal Boot Loader.

Advisories

Delta Advisory - This advisory describes an out-of-bounds write vulnerability in the Delta CNCSoft-G2 devices.

Updates

Johnson Controls Update - This update provides additional information on the PowerG advisory that was originally published on December 16^th, 2025.

U-Boot Update - This update provides additional information on the U-Boot advisory that was originally published on December 9^th, 2025.

 

For more information on these advisories, including a down-the-rabbit-hole look at outdated operating systems, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-2-updates-published-e73 - subscription required.

Review – 3 Advisories Published – 12-9-25

Today CISA’s NCCIC-ICS published three control system security advisories for products from India-Based CCTV vendors, Festo, and U-BOOT.

Advisories

D-Link Advisory - This advisory describes a missing authentication for critical function vulnerability in the D-Link (India-Limited) DCS-F5614-L1 CCTV (not sold in US).

Festo Advisory - This advisory discusses a cross-site scripting vulnerability (with publicly available exploit) in the Festo LX Appliance.

U-BOOT Advisory - This advisory describes an improper access control for volatile memory containing boot code vulnerability in the U-BOOT bootloader (the advisory lists affected Qualcomm chips).

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-12-9-25 - subscription required.