Advertisement
CVE-2026-4293: Kieback & Peter DDC XSS — Mitigate Building Controller Risks
CISA warns of CVE-2026-4293, a Cross-site Scripting vulnerability in Kieback & Peter DDC Building Controllers. Attackers could control victim browsers, affecting
CVE-2026-40175: Siemens gWAP RCE via Axios Prototype Pollution
Siemens gWAP is vulnerable to RCE via CVE-2026-40175, a prototype pollution flaw in the Axios HTTP client library. Update to v3.1.1 or later.
CVE-2026-6411: MAXHUB Pivot Client Hardcoded AES Key — Patch Guide
Exploit analysis of CVE-2026-6411 in MAXHUB Pivot client. Learn how hardcoded AES keys and MQTT enrollment flaws lead to data disclosure and DoS.
ABB B&R Automation Runtime DoS via CVE-2025-11044 — Patch Now
An unauthenticated network DoS vulnerability (CVE-2025-11044) affects ABB B&R Automation Runtime, allowing permanent system halts. Immediate patching is critical.
CVE-2025-11043: ABB Automation Studio <6.5 Improper Certificate Validation
Critical manufacturing systems running ABB B&R Automation Studio <6.5 are vulnerable to CVE-2025-11043, allowing data interception and spoofing via improper certificate
CVE-2025-14510: ABB Ability OPTIMAX Azure AD SSO Auth Bypass
CISA warns of CVE-2025-14510 impacting ABB Ability OPTIMAX, allowing authentication bypass on Azure AD SSO integrations. Patch immediately.
ABB AWIN Gateways Authentication Bypass and DoS Vulnerabilities
Critical vulnerabilities in ABB AWIN GW100 and GW120 gateways could allow unauthenticated attackers to reboot devices or extract sensitive configuration data.
NSA GRASSMARLIN XXE Vulnerability CVE-2026-6807 — Mitigation Guide
CISA warns of a Medium-severity XXE vulnerability in NSA GRASSMARLIN. With the tool reaching end-of-life, defenders must address CVE-2026-6807 via decommissioning.
CVE-2025-65856: Authentication Bypass in Xiongmai XM530 IP Cameras
Critical authentication bypass (CVE-2025-65856) in Xiongmai XM530 IP Camera firmware allows unauthenticated remote access to video streams and sensitive data.
CVE-2026-27668: Privilege Escalation in Siemens RUGGEDCOM CROSSBOW
Authenticated User Administrators can escalate privileges in Siemens RUGGEDCOM CROSSBOW SAM-P versions prior to 5.8. Update to mitigate CVE-2026-27668 risks.
Silex SD-330AC and AMC Manager RCE via CVE-2026-32956 — Patch Now
Silex Technology devices face critical RCE and DoS risks via 13 vulnerabilities. Critical infrastructure defenders must update to firmware Ver 1.50 immediately.

Securing Serial-to-IP Devices: Mitigating Thousands of OT Bugs
Industrial serial-to-IP converters are riddled with thousands of vulnerabilities, posing a significant risk to legacy infrastructure and OT environments.