Tag

Scada

8 briefs RSS

Exploitation of CVE-2026-8024 in ibaPDA and ibaDatCoordinator via Deserialization of Untrusted Data

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability (CVE-2026-8024) in ibaPDA (versions prior to 8.14.0) or ibaDatCoordinator (versions prior to 4.0.7) to gain full access to the affected systems, potentially leading to arbitrary code execution and system compromise.

ibaPDA +1 deserialization rce ics scada vulnerability windows

2r 2t 2d ago

high advisory

Vulnerability in Schneider Electric EcoStruxure IT Data Center Expert Leads to Data Confidentiality Compromise (CVE-2026-8045)

2 rules 3 TTPs 1 CVE

A critical vulnerability, CVE-2026-8045, has been identified in Schneider Electric EcoStruxure IT Data Center Expert versions prior to 9.1.2, allowing an attacker to achieve unauthorized access to sensitive data and compromise its confidentiality.

EcoStruxure IT Data Center Expert vulnerability scada ics data-confidentiality information-disclosure

2r 3t 1c 6d ago

high advisory

FUXA Unauthenticated Project Data Disclosure Vulnerability

2 rules 1 TTP

FUXA v1.3.0-2773 is vulnerable to unauthenticated project data disclosure (CVE-2026-47717) via the /api/project endpoint, exposing sensitive configuration data like scripts and device settings, even with security enabled.

FUXA v1.3.0-2773 cve unauthenticated-access data-disclosure ics scada

2r 1t 3w ago

medium advisory

CISA ICS Security Advisories Address Vulnerabilities in Multiple Vendor Products

2 rules

CISA published ICS advisories addressing vulnerabilities in products from ABB, Hitachi Energy, Kieback & Peter, ScadaBR, Siemens, and ZKTeco, recommending mitigations and updates.

B&R Automation Runtime +10 ics scada vulnerability

2r 3w ago

critical advisory

ScadaBR Multiple Vulnerabilities Allow Remote Code Execution

3 rules 2 TTPs

Multiple vulnerabilities exist in ScadaBR version 1.2.0, including CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, and CVE-2026-8605, which could allow for unauthenticated remote code execution.

ScadaBR 1.2.0 scada ics rce command-injection

3r 2t May 19, 2026

medium advisory

Schneider Electric Security Advisory AV26-449 Addressing Multiple Vulnerabilities

2 rules

Schneider Electric published advisories on May 12, 2026, addressing vulnerabilities in multiple products including Ecostruxure Machine Expert HVAC, Easergy MiCOM C264, Easergy C5, Easergy MiCOM P30, Easergy MiCOM P40, EcoStruxure Power Automation System, iPMFLS, PowerLogic, Saitel DP, EasyLogic T150, EasyLogic T150 Remote Terminal Unit and Controller, Saitel DP Remote Terminal Unit and Controller, EcoStruxure Panel Server PAS400, PAS600, PAS600V2, PAS800, PAS800V2 and Easergy MiCOM Px40 Series related to clear text storage, insufficient entropy, improper path restrictions and insecure defaults.

Ecostruxure Machine Expert HVAC +17 vulnerability scada ics ot

2r May 12, 2026

medium advisory

Threat Actors Use Claude AI to Target Water Utility OT Assets

2 rules 2 TTPs

An unidentified threat actor used Claude AI to identify and target a vNode SCADA/IIoT management interface at a Mexican water utility between December 2025 and February 2026, ultimately failing to gain access.

AI OT SCADA password-spraying reconnaissance

2r 2t May 7, 2026

critical advisory

FUXA 1.2.8 Authentication Bypass and Remote Command Execution Vulnerability

2 rules 2 TTPs 1 CVE

FUXA 1.2.8 and earlier is vulnerable to an authentication bypass vulnerability (CVE-2025-69985) that allows remote command execution by exploiting the /api/runscript endpoint with a crafted JavaScript payload.

FUXA authentication-bypass remote-code-execution web-application scada

2r 2t 1c Jan 3, 2024