Advertisement
CVE-2026-6332: Schneider Electric EcoStruxure HVAC Source Code Disclosure
A cleartext storage vulnerability in Schneider Electric EcoStruxure Machine Expert HVAC (CVE-2026-6332) exposes sensitive source code. Update to v1.10.0.
CVE-2021-22291: ABB EIBPORT V3 <3.9.2 Session Hijacking Vulnerability
ABB EIBPORT V3 devices are vulnerable to CVE-2021-22291 (XSS/session hijacking), allowing unauthenticated access and configuration changes. Patch immediately.
CVE-2026-7251: Hard-coded Password in Eppendorf BioFlo 320
Critical hard-coded password vulnerability (CVE-2026-7251) in Eppendorf BioFlo 320 bioreactors allows full remote control. Patch immediately.
ABB B&R Automation Studio <6.5: Multiple Critical SQLite Vulnerabilities
Critical SQLite vulnerabilities in ABB B&R Automation Studio <6.5 expose ICS to RCE, data exposure, and unauthorized access. Update to version 6.5 immediately.
CVE-2022-4304: Hitachi Energy GMS600 Timing Side Channel Vulnerability
Hitachi Energy GMS600 versions 1.3.0-1.3.1 affected by CVE-2022-4304, an OpenSSL timing side channel leading to TLS decryption. Patch to 1.3.2 now.
OT Robot OS Command Injection: Unauthenticated RCE — Patch Now
Critical command injection vulnerability in OT Robot OS allows unauthenticated attackers to gain remote control, posing significant disruption risks to industrial
CVE-2026-4293: Kieback & Peter DDC XSS — Mitigate Building Controller Risks
CISA warns of CVE-2026-4293, a Cross-site Scripting vulnerability in Kieback & Peter DDC Building Controllers. Attackers could control victim browsers, affecting
CVE-2026-40175: Siemens gWAP RCE via Axios Prototype Pollution
Siemens gWAP is vulnerable to RCE via CVE-2026-40175, a prototype pollution flaw in the Axios HTTP client library. Update to v3.1.1 or later.
CVE-2026-6411: MAXHUB Pivot Client Hardcoded AES Key — Patch Guide
Exploit analysis of CVE-2026-6411 in MAXHUB Pivot client. Learn how hardcoded AES keys and MQTT enrollment flaws lead to data disclosure and DoS.
ABB B&R Automation Runtime DoS via CVE-2025-11044 — Patch Now
An unauthenticated network DoS vulnerability (CVE-2025-11044) affects ABB B&R Automation Runtime, allowing permanent system halts. Immediate patching is critical.
CVE-2025-11043: ABB Automation Studio <6.5 Improper Certificate Validation
Critical manufacturing systems running ABB B&R Automation Studio <6.5 are vulnerable to CVE-2025-11043, allowing data interception and spoofing via improper certificate
CVE-2025-14510: ABB Ability OPTIMAX Azure AD SSO Auth Bypass
CISA warns of CVE-2025-14510 impacting ABB Ability OPTIMAX, allowing authentication bypass on Azure AD SSO integrations. Patch immediately.