Advertisement
Mitsubishi Electric ICS Vulnerabilities Expose SQL Credentials
High-severity vulnerabilities (CVE-2025-14815, CVE-2025-14816) in Mitsubishi Electric ICS/SCADA products risk SQL credential exposure and data compromise.
Ivanti Connect Secure RCE: Internal Network Vulnerability Detection
Analyze the impact of Ivanti Connect Secure vulnerabilities and learn how to conduct internal network vulnerability scanning for Ivanti appliances to detect flaws.
Yokogawa CENTUM VP CVE-2025-7741 Hardcoded Password Patch Guidance
CISA identifies a hardcoded password in Yokogawa CENTUM VP (CVE-2025-7741). Learn how to secure the PROG account and apply the R7.01.10 patch now.
CVE-2026-3356: Anritsu Remote Spectrum Monitor Authentication Bypass
Critical CVE-2026-3356 allows authentication bypass in Anritsu Remote Spectrum Monitors. Attackers can alter settings, obtain sensitive data, and disrupt device
CVE-2026-3587: WAGO Switches CLI Escape Leads to Full Device Compromise
Critical flaw CVE-2026-3587 in WAGO Industrial Managed Switches allows unauthenticated remote attackers to fully compromise devices via CLI escape. Update firmware
Schneider Electric Plant iT/Brewmaxx RCE via Multiple Redis Vulnerabilities
Multiple critical and high-severity vulnerabilities in Schneider Electric Plant iT/Brewmaxx 9.60+ (Redis component) enable RCE and privilege escalation, affecting
CVE-2026-2417: Pharos Controls RCE via Missing Authentication
Critical vulnerability (CVE-2026-2417) in Pharos Controls Mosaic Show Controller firmware 2.15.3 allows unauthenticated root RCE. Upgrade to 2.16+ immediately.
CVE-2025-13902: Patching Schneider Electric Modicon Controllers
Schneider Electric Modicon M241 and M251 controllers face XSS risks via CVE-2025-13902. Learn how to patch firmware and secure industrial control networks.
CVE-2026-2273: Schneider Electric EcoStruxure Automation Expert RCE
Schneider Electric has addressed a high-severity code injection vulnerability (CVE-2026-2273) in EcoStruxure Automation Expert that risks full system compromise.
CVE-2025-13957: Hard-coded Credentials in Schneider EcoStruxure DCE
Hard-coded credentials in Schneider Electric EcoStruxure Data Center Expert v9.0 and prior (CVE-2025-13957) allow information disclosure and RCE if SOCKS Proxy is
ICS Patch Tuesday: Siemens, Schneider, Moxa Fix Critical Flaws
Industrial leaders Siemens, Schneider Electric, Moxa, and Mitsubishi Electric address over 40 vulnerabilities in critical ICS hardware and software components.
CVE-2025-57176: Unauthenticated File Upload in Ceragon Siklu Devices
An unauthenticated file upload vulnerability (CVE-2025-57176) in Ceragon Siklu MultiHaul and EtherHaul series devices poses risks to critical communications