Ics

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability (CVE-2026-8024) in ibaPDA (versions prior to 8.14.0) or ibaDatCoordinator (versions prior to 4.0.7) to gain full access to the affected systems, potentially leading to arbitrary code execution and system compromise.

A critical vulnerability, CVE-2026-8045, has been identified in Schneider Electric EcoStruxure IT Data Center Expert versions prior to 9.1.2, allowing an attacker to achieve unauthorized access to sensitive data and compromise its confidentiality.

Multiple vulnerabilities in CloudCharge cloudcharge.se allow attackers to impersonate charging stations, hijack sessions, cause denial of service, and manipulate backend data, impacting energy and transportation sectors.

CISA published ICS advisories between May 25 and 31, 2026, addressing vulnerabilities across various vendors including ABB, CP Plus, Eppendorf, Frontier, Jinan USR IOT, KMW, MacGregor, Schneider Electric, and XCharge, impacting industrial control systems and related applications.

FUXA v1.3.0-2773 is vulnerable to unauthenticated project data disclosure (CVE-2026-47717) via the /api/project endpoint, exposing sensitive configuration data like scripts and device settings, even with security enabled.

CISA published ICS advisories addressing vulnerabilities in products from ABB, Hitachi Energy, Kieback & Peter, ScadaBR, Siemens, and ZKTeco, recommending mitigations and updates.

Multiple vulnerabilities in ABB B&R PCs, specifically within the EDK2 Network Package, can be exploited by a network attacker to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237).

ABB B&R Automation Runtime versions before 6.4 are vulnerable to predictable number generation (CVE-2025-3449), reflected XSS (CVE-2025-3448), and CSV injection (CVE-2025-11498), potentially allowing attackers to hijack sessions or execute arbitrary code in a user's browser context.

Multiple buffer overflow vulnerabilities in ABB Terra AC Wallbox versions <=1.8.33, exploitable via Bluetooth hijacking, could allow an attacker to remotely control the device and alter its firmware.

Multiple vulnerabilities exist in ScadaBR version 1.2.0, including CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, and CVE-2026-8605, which could allow for unauthenticated remote code execution.

Siemens SIPROTEC 5 devices are vulnerable to session hijacking (CVE-2024-54017) due to the use of insufficiently random numbers in session identifier generation, potentially allowing an unauthenticated remote attacker to brute-force a valid session and gain unauthorized read access.

Siemens SIMATIC HMI Unified Comfort Panels before V21.0 are vulnerable to unauthenticated access via the help link and Control Panel (CVE-2026-27662), potentially leading to unauthorized configuration changes and discovery of backdoors.

Siemens Ruggedcom Rox is vulnerable to improper access control, allowing an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem via the web server's JSON-RPC interface, as tracked by CVE-2025-40948.

A vulnerability exists in Universal Robots Polyscope 5 versions prior to 5.25.1, specifically CVE-2026-8153, that could allow an unauthenticated attacker to craft commands that execute code on the robot's OS, leading to full system compromise.

Schneider Electric published advisories on May 12, 2026, addressing vulnerabilities in multiple products including Ecostruxure Machine Expert HVAC, Easergy MiCOM C264, Easergy C5, Easergy MiCOM P30, Easergy MiCOM P40, EcoStruxure Power Automation System, iPMFLS, PowerLogic, Saitel DP, EasyLogic T150, EasyLogic T150 Remote Terminal Unit and Controller, Saitel DP Remote Terminal Unit and Controller, EcoStruxure Panel Server PAS400, PAS600, PAS600V2, PAS800, PAS800V2 and Easergy MiCOM Px40 Series related to clear text storage, insufficient entropy, improper path restrictions and insecure defaults.

A remote, anonymous attacker can exploit a vulnerability in Siemens SIPROTEC 5 devices to disclose sensitive information.

CVE-2025-40947 describes a vulnerability in Siemens RUGGEDCOM ROX devices that allows authenticated remote attackers to inject arbitrary commands via a maliciously crafted feature key, resulting in remote code execution with root privileges.

Siemens SIMATIC CN 4100 versions before V5.0 are vulnerable to resource exhaustion due to improper restriction of unauthenticated connections, potentially leading to disruption of operations and unauthorized actions.

CISA published ICS advisories addressing vulnerabilities in multiple ABB products including AWIN Gateways, Ability OPTIMAX, Symphony Plus Engineering, Edgenius Management Portal, PCM600, System 800xA, Symphony Plus IEC 61850, and NSA GRASSMARLIN, prompting users to apply mitigations and updates.

An authenticated local attacker can gather credential information from ABB B&R PVI client application logs when logging is enabled, addressed in version 6.5.0 (CVE-2026-0936).

ABB B&R Automation Studio versions before 6.5 are vulnerable to improper certificate validation (CVE-2025-11043), potentially allowing an unauthenticated attacker to intercept and interfere with data exchanges, necessitating patching and secure network configurations.

A denial-of-service vulnerability (CVE-2025-11044) exists in ABB B&R Automation Runtime versions prior to 6.5 and R4.93, where an unauthenticated attacker can exploit a race condition to cause permanent denial-of-service.

A vulnerability in ABB's IEC 61850 communication stack allows a remote attacker with access to the IEC 61850 network to cause a denial-of-service condition by sending a specially crafted packet, leading to device faults or communication driver crashes.

A path traversal vulnerability in ABB PCM600 versions 1.5 to 2.13 (CVE-2018-1002208) allows a local attacker with low privileges to execute arbitrary code by sending a specially crafted message to the system node.

Multiple vulnerabilities in ABB AWIN Gateways allow an unauthenticated attacker to remotely reboot the device (CVE-2025-13778) or disclose sensitive system configuration details (CVE-2025-13777, CVE-2025-13779).

Multiple vulnerabilities in ABB Ability Symphony Plus Engineering, stemming from underlying PostgreSQL flaws, could allow a remote attacker with network access to execute arbitrary code and compromise the system.

CVE-2025-14510 allows an attacker to bypass Azure Active Directory Single-Sign On authentication in vulnerable ABB Ability OPTIMAX versions, potentially granting unauthorized access to critical infrastructure systems.

Hirschmann HiEOS devices contain an authentication bypass vulnerability (CVE-2024-14034) in the HTTP(S) management module, allowing unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests.

An unauthenticated remote attacker can exploit CVE-2026-3509 in the CODESYS Control runtime system to control the format string of messages processed by the Audit Log, leading to a denial-of-service (DoS) condition.

Multiple vulnerabilities in CODESYS allow a remote attacker to execute arbitrary program code and conduct a denial-of-service attack.

Multiple vulnerabilities in Yokogawa CENTUM VP R6 and R7 Vnet/IP Interface Package can be exploited by sending maliciously crafted packets, leading to denial-of-service or arbitrary code execution.

Multiple vulnerabilities in Mobility46 charging stations allow attackers to gain unauthorized administrative control or disrupt charging services through missing authentication, improper authentication restrictions, insufficient session expiration, and exposed credentials.

An authentication bypass vulnerability (CVE-2026-1241) in the web management interface of Pelco Sarix Pro 3 Series IP Cameras (versions <= 02.52) allows unauthenticated attackers to access sensitive device data and bypass surveillance controls.

Multiple vulnerabilities exist in EV Energy ev.energy that could allow an attacker to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

Unauthenticated attackers can exploit multiple vulnerabilities in Chargemap's charging stations, including missing authentication, improper authentication attempt restrictions, insufficient session expiration, and unprotected credentials, potentially leading to unauthorized control and denial-of-service.

Multiple vulnerabilities in Johnson Controls, Inc. Frick Controls Quantum HD versions <=10.22 can lead to pre-authentication remote code execution, information leak, or denial of service.

Multiple vulnerabilities in Copeland XWEB and XWEB Pro versions 1.12.1 and earlier could allow attackers to bypass authentication, inject commands, and execute arbitrary code, leading to complete system compromise.