Advertisement
Rockwell RSLinx <4.50.00 RCE via CVE-2020-13573 — Patch Now
Urgent advisory for Rockwell RSLinx Classic users. CVE-2020-13573, a stack-based buffer overflow, enables remote code execution and DoS. Patch <=4.50.00.
CVE-2026-11317: Rockwell Logix DoS via CIP — Patch Critical ICS
Critical Manufacturing faces high-severity DoS risk in Rockwell Automation Logix 5370 & 5570 controllers from CVE-2026-11317. Patch now.
CVE-2021-22291: ABB EIBPORT V3 <3.9.2 Session Hijacking Vulnerability
ABB EIBPORT V3 devices are vulnerable to CVE-2021-22291 (XSS/session hijacking), allowing unauthenticated access and configuration changes. Patch immediately.
CVE-2022-4304: Hitachi Energy GMS600 Timing Side Channel Vulnerability
Hitachi Energy GMS600 versions 1.3.0-1.3.1 affected by CVE-2022-4304, an OpenSSL timing side channel leading to TLS decryption. Patch to 1.3.2 now.
CVE-2026-0300: Siemens RUGGEDCOM APE1808 RCE via PAN-OS Vulnerability
Critical RCE (CVE-2026-0300) in Siemens RUGGEDCOM APE1808 devices via PAN-OS User-ID Captive Portal buffer overflow. Unauthenticated root code execution possible. Patch
CVE-2026-40175: Siemens gWAP RCE via Axios Prototype Pollution
Siemens gWAP is vulnerable to RCE via CVE-2026-40175, a prototype pollution flaw in the Axios HTTP client library. Update to v3.1.1 or later.
CVE-2026-41551: Siemens ROS# Path Traversal Remediation Guide
Critical path traversal vulnerability (CVE-2026-41551) in Siemens ROS# file_server allows arbitrary file access. Immediate update to v2.2.2+ is crucial.
CVE-2025-15467: ABB AC500 V3 Stack Buffer Overflow to RCE
Critical vulnerability [CVE-2025-15467](https://nvd.nist.gov/vuln/detail/CVE-2025-15467) in ABB AC500 V3 PM5xxx firmware could lead to unauthenticated remote code
ABB B&R Automation Runtime DoS via CVE-2025-11044 — Patch Now
An unauthenticated network DoS vulnerability (CVE-2025-11044) affects ABB B&R Automation Runtime, allowing permanent system halts. Immediate patching is critical.
CVE-2025-11043: ABB Automation Studio <6.5 Improper Certificate Validation
Critical manufacturing systems running ABB B&R Automation Studio <6.5 are vulnerable to CVE-2025-11043, allowing data interception and spoofing via improper certificate
CVE-2026-3893: Unauthenticated Access in Carlson VASCO-B GNSS Receiver
Critical CVE-2026-3893 in Carlson VASCO-B GNSS Receivers <1.4.0 allows unauthenticated remote alteration of critical system functions. Update to v1.4.0+.
CVE-2026-5387: AVEVA Pipeline Simulation Privilege Escalation
Unauthenticated attackers can exploit CVE-2026-5387 in AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351 to modify critical ICS simulation parameters and training