Review – 4 Advisories and 1 Update Published – 3-24-26

Today CISA’s NCCIC-ICS published three control system security advisories for products from Schneider (2) and Pharos Controls. They published a medical device security advisory for products from Grassroots.

Advisories

Schneider Advisory #1 - This advisory discusses four vulnerabilities (with publicly available exploit) in the Schneider Plant iT/Brewmaxx product.

Schneider Advisory #2 - This advisory describes a deserialization of untrusted data vulnerability in the Schneider EcoStruxure Foxboro DCS.

Pharos Advisory - This advisory describes a missing authentication for critical function vulnerability in the Pharos Mosaic Show Controller.

Grassroots Advisory - This advisory describes a missing release of memory after effective lifetime vulnerability in the Grassroots DICOM library.

Updates

WHILL Update - This update provides additional information on the Model C2 Electric Wheelchairs advisory that was originally reported on December 30^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-2f7 - subscription required.

Review – 1 Advisory and 1 Update Published – 12-30-25

Today CISA’s NCCIC-ICS published a control system security advisory for products from WHILL. They also updated an advisory for products from AzeoTech.

Advisories

WHILL Advisory - This advisory describes a missing authentication for critical function vulnerability in the WHILL Model C2 Electric Wheelchairs and Model F Power Chairs.

Updates

AzeoTech Update - This update provides additional information on the DAQFactory advisory that was originally published on December 11^th, 2025.

 

For more information on these advisories, including a down-the-rabbit-hole look at missing vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-d1d - subscription required.