Multiple ICS and Enterprise Product Vulnerabilities Disclosed by CISA and IBM
CISA released a series of Industrial Control System (ICS) security advisories addressing vulnerabilities in a wide range of products from vendors such as Advantech, Axis Communications, Hitachi Energy, Inductive Automation, Johnson Controls, Mitsubishi Electric, National Instruments, Rockwell Automation, Schneider Electric, and Siemens. These advisories urge administrators to review mitigation steps and apply available updates to protect critical infrastructure systems from potential exploitation.
Separately, IBM published security advisories for multiple enterprise products, including IBM API Connect, CloudPak for AIOps, DataPower Gateway, Db2, QRadar Suite, and Watson services, among others. The advisories highlight critical updates and recommend immediate patching to address identified vulnerabilities. Both CISA and IBM emphasize the importance of timely remediation to reduce risk exposure in operational and enterprise environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
CISA issues new ICS advisories for BASControl20, GPL750, and GENESIS64/ICONICS
Between April 6 and April 12, 2026, CISA published industrial control systems security advisories for Contemporary Controls BASC 2OT – BASControl20, GPL Odorizers GPL750, and Mitsubishi Electric GENESIS64 and ICONICS products. The Canadian Centre for Cyber Security advised administrators to review the advisories, implement mitigations, and apply available updates.
CISA publishes multiple ICS security advisories for vendor products
Between December 15 and 21, 2025, CISA released multiple industrial control systems security advisories addressing vulnerabilities in products from vendors including Advantech, Axis Communications, Güralp Systems, Hitachi Energy, Inductive Automation, Johnson Controls, Mitsubishi Electric, National Instruments, Rockwell Automation, Schneider Electric, and Siemens. Administrators were advised to review the advisories, implement mitigations, and apply available updates.
IBM releases multiple product security advisories and patches
Between December 15 and 21, 2025, IBM issued multiple security advisories covering vulnerabilities across numerous products, including API Connect, CloudPak for AIOps, DataPower Gateway, Db2, QRadar Suite, and several Watson and Fusion offerings. IBM Product Security Incident Response coordinated the disclosures and remediation, with customers urged to review affected versions and apply updates.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
[Control systems] CISA ICS security advisories (AV26-339) - Canadian Centre for Cyber Security
cyber.gc.ca
Open source[Control systems] CISA ICS security advisories (AV25–854)
cyber.gc.ca
Open sourceIBM security advisory (AV25-855)
cyber.gc.ca
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors, including Inductive Automation, Schneider Electric, Mitsubishi Electric, Siemens, Rockwell Automation, and Axis Communications. The vulnerabilities span a variety of attack vectors, such as improper privilege management, deserialization of untrusted data, OS command injection, and flaws in network protocol implementations. Exploitation of these vulnerabilities could result in severe outcomes, including SYSTEM-level code execution, denial-of-service conditions, information tampering, information disclosure, authentication bypass, and remote code execution across affected ICS platforms. Vendors have issued patches and mitigation guidance for impacted products, urging organizations in critical infrastructure sectors to update their systems promptly. The advisories highlight the global deployment of these products in sectors such as manufacturing, energy, and commercial facilities, underscoring the potential for widespread impact if left unaddressed. CISA encourages administrators to review the technical details and apply recommended remediations to reduce the risk of exploitation and maintain operational resilience.
Mar 21, 2026
CISA Releases Multiple ICS Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) released a coordinated set of 18 Industrial Control Systems (ICS) advisories, detailing newly discovered vulnerabilities across a range of products from vendors such as Siemens, Mitsubishi Electric, AVEVA, Brightpick AI, and General Industrial Controls. These advisories highlight critical and high-severity issues including improper authentication, buffer overflows, weak cryptography, DLL hijacking, and improper certificate validation, many of which are remotely exploitable and could lead to code execution, privilege escalation, denial-of-service, or unauthorized access to sensitive systems. Affected products span widely used ICS components such as Siemens LOGO! 8 BM Devices, AVEVA Edge, Brightpick Mission Control, and General Industrial Controls Lynx+ Gateway, with several vulnerabilities assigned CVSS v4 scores above 8, indicating significant risk to industrial environments. CISA urges organizations to review the technical details and apply mitigations as recommended in the advisories to reduce exposure to these threats. The advisories provide actionable intelligence for asset owners and operators, including lists of affected product versions, vulnerability descriptions, and remediation steps. This coordinated disclosure underscores the ongoing targeting of ICS environments and the need for timely patching and robust security practices to protect critical infrastructure from exploitation.
Mar 21, 2026
Multiple Security Advisories for Enterprise and Industrial Products
Several major vendors, including Dell, IBM, and CISA, have released security advisories addressing vulnerabilities in a wide range of enterprise and industrial control system products. Dell's advisories cover critical updates for products such as APEX Cloud Platform for Red Hat OpenShift, Enterprise SONiC Distribution, NetWorker, PowerSwitch models, and iDRAC controllers, urging administrators to apply patches to mitigate potential risks. IBM has similarly published advisories for multiple products, while CISA has issued alerts for vulnerabilities in industrial control systems from vendors like ABB, Advantech, Delta Electronics, Fuji Electric, IDIS, Radiometrics, Survision, and Ubia, recommending prompt mitigation and updates. In addition to these broad advisories, a critical denial-of-service vulnerability (CVE-2024-20399) was identified in Cisco's Identity Services Engine (ISE), which could allow unauthenticated attackers to crash network access control systems by exploiting the RADIUS protocol. Cisco has provided both temporary and permanent mitigation steps for affected versions. Separately, CISA added a Samsung Mobile Devices out-of-bounds write vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risk posed by actively exploited flaws and urging organizations to prioritize remediation to protect against cyber threats.
Mar 21, 2026