Advertisement
CVE-2021-22291: ABB EIBPORT V3 <3.9.2 Session Hijacking Vulnerability
ABB EIBPORT V3 devices are vulnerable to CVE-2021-22291 (XSS/session hijacking), allowing unauthenticated access and configuration changes. Patch immediately.
CVE-2022-4304: Hitachi Energy GMS600 Timing Side Channel Vulnerability
Hitachi Energy GMS600 versions 1.3.0-1.3.1 affected by CVE-2022-4304, an OpenSSL timing side channel leading to TLS decryption. Patch to 1.3.2 now.
CVE-2026-0300: Siemens RUGGEDCOM APE1808 RCE via PAN-OS Vulnerability
Critical RCE (CVE-2026-0300) in Siemens RUGGEDCOM APE1808 devices via PAN-OS User-ID Captive Portal buffer overflow. Unauthenticated root code execution possible. Patch
CVE-2026-40175: Siemens gWAP RCE via Axios Prototype Pollution
Siemens gWAP is vulnerable to RCE via CVE-2026-40175, a prototype pollution flaw in the Axios HTTP client library. Update to v3.1.1 or later.
CVE-2026-41551: Siemens ROS# Path Traversal Remediation Guide
Critical path traversal vulnerability (CVE-2026-41551) in Siemens ROS# file_server allows arbitrary file access. Immediate update to v2.2.2+ is crucial.
CVE-2025-15467: ABB AC500 V3 Stack Buffer Overflow to RCE
Critical vulnerability [CVE-2025-15467](https://nvd.nist.gov/vuln/detail/CVE-2025-15467) in ABB AC500 V3 PM5xxx firmware could lead to unauthenticated remote code
ABB B&R Automation Runtime DoS via CVE-2025-11044 — Patch Now
An unauthenticated network DoS vulnerability (CVE-2025-11044) affects ABB B&R Automation Runtime, allowing permanent system halts. Immediate patching is critical.
CVE-2025-11043: ABB Automation Studio <6.5 Improper Certificate Validation
Critical manufacturing systems running ABB B&R Automation Studio <6.5 are vulnerable to CVE-2025-11043, allowing data interception and spoofing via improper certificate
CVE-2026-3893: Unauthenticated Access in Carlson VASCO-B GNSS Receiver
Critical CVE-2026-3893 in Carlson VASCO-B GNSS Receivers <1.4.0 allows unauthenticated remote alteration of critical system functions. Update to v1.4.0+.
CVE-2026-5387: AVEVA Pipeline Simulation Privilege Escalation
Unauthenticated attackers can exploit CVE-2026-5387 in AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351 to modify critical ICS simulation parameters and training
Mitsubishi Electric ICS Vulnerabilities Expose SQL Credentials
High-severity vulnerabilities (CVE-2025-14815, CVE-2025-14816) in Mitsubishi Electric ICS/SCADA products risk SQL credential exposure and data compromise.
CVE-2026-4681: Critical RCE in PTC Windchill & FlexPLM
Critical RCE vulnerability CVE-2026-4681 affects PTC Windchill and FlexPLM via deserialization. Patch now to prevent code injection in critical manufacturing.