CISA and Canadian Cyber Centre Advisories Highlight Multiple ICS and Enterprise Vulnerabilities
The Canadian Centre for Cyber Security issued multiple advisories summarizing vendor and CISA disclosures from Feb 9–15, urging organizations to patch widely used platforms. This included Linux kernel fixes across supported Ubuntu releases (16.04 through 25.10) and a broad set of Dell and IBM product updates affecting backup/DR, infrastructure, and automation/transaction systems (e.g., Dell Avamar/NetWorker/PowerEdge/IDPA/iDRAC Service Module and IBM Business Automation Workflow, Operational Decision Manager, Sterling components, webMethods Integration, and others).
CISA also published ICS advisories covering several industrial products with potentially high-impact outcomes. Siemens Simcenter Femap and Nastran were reported vulnerable to multiple NDB/XDB file-parsing issues (CVE-2026-23715 through CVE-2026-23720) that can be triggered via malicious files and may lead to crashes or arbitrary code execution (CVSS 7.8), with Siemens recommending upgrades. GE Vernova Enervista UR Setup versions < 8.70 were reported vulnerable to DLL hijacking and path traversal (CVE-2026-1762, CVE-2026-1763; CVSS 7.8), potentially enabling elevated code execution. Separately, CISA advisory ICSA-26-043-10 described a critical unauthenticated remote code execution risk in Airleader Master <= 6.381 due to an unrestricted file upload flaw (CVE-2026-1358; CVSS 9.8); CISA noted no known public exploits at the time and recommended exposure reduction measures such as network segmentation and restricting internet access to control systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
11 events from the most recent confirmed update back to the earliest known activity.
Canadian Centre for Cyber Security summarizes recent CISA ICS advisories
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-134 summarizing CISA ICS advisories issued the prior week for multiple industrial vendors. The notice recommended reviewing the linked advisories, implementing mitigations, and applying available updates.
Canadian Centre for Cyber Security issues Ubuntu advisory notice
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-133 about Ubuntu's recent Linux kernel security notices. The notice directed administrators to review the referenced Ubuntu advisories and deploy updates for affected supported releases.
Canadian Centre for Cyber Security issues Dell advisory notice
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-132 summarizing Dell's recent security advisories and recommending that users consult Dell's guidance and remediate affected systems. The notice covered a broad range of Dell and Dell EMC products.
Canadian Centre for Cyber Security issues IBM advisory notice
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-131 summarizing IBM's recent security advisories and urging organizations to apply the necessary updates. The notice highlighted affected enterprise software and integration products across IBM's portfolio.
CISA publishes GE Vernova Enervista UR Setup advisory
On 2026-02-17, CISA published advisory ICSA-26-048-03 for two local vulnerabilities in GE Vernova Enervista UR Setup versions prior to 8.70: a DLL hijacking issue in the installer and a directory traversal flaw in firmware update file handling. CISA said the issues were not remotely exploitable and that no public exploitation had been reported.
CISA republishes Siemens Simcenter vulnerability advisory
On 2026-02-17, CISA published advisory ICSA-26-048-01 covering multiple file-parsing vulnerabilities in Siemens Simcenter Femap and Simcenter Nastran versions earlier than 2512. Siemens had released updated versions, and the flaws could cause crashes or potentially arbitrary code execution when a user opens a crafted NDB or XDB file.
CISA publishes multiple ICS advisories for OT vendors
Between 2026-02-09 and 2026-02-15, CISA published multiple ICS advisories covering products from AVEVA, Airleader GmbH, Hitachi Energy, Siemens, Yokogawa, ZLAN Information Technology Co., and ZOLL. The notices included vulnerabilities affecting multiple product lines, including Siemens SINEC NMS issues CVE-2026-25655 and CVE-2026-25656.
CISA issues advisory for Airleader Master RCE flaw
On 2026-02-12, CISA published ICS advisory ICSA-26-043-10 for CVE-2026-1358, a critical unrestricted file upload vulnerability in Airleader Master up to version 6.381. The flaw could allow unauthenticated remote code execution on vulnerable servers and systems, though no public exploitation was known at the time.
Ubuntu publishes Linux kernel security notices
Between 2026-02-09 and 2026-02-15, Ubuntu published multiple security notices to address Linux kernel vulnerabilities affecting releases from 16.04 LTS through 25.10. Administrators were advised to review the referenced Ubuntu Security Notices and apply the required updates.
Dell publishes multiple security advisories
Between 2026-02-09 and 2026-02-15, Dell issued multiple advisories for vulnerabilities affecting products such as Avamar, NetWorker, iDRAC Service Module, Dell Update Package Framework, PowerEdge systems, and several appliance and private cloud offerings. The advisories included fixed-version guidance for remediation.
IBM publishes multiple product security advisories
Between 2026-02-09 and 2026-02-15, IBM released multiple security advisories covering vulnerabilities in products including Business Automation Workflow, Concert Software, Financial Transaction Manager, Operational Decision Manager, Sterling products, webMethods components, and z/Transaction Processing Facility. The Canadian Centre for Cyber Security later urged administrators to review IBM's notices and apply updates.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Ubuntu security advisory (AV26-133) - Canadian Centre for Cyber Security
cyber.gc.ca
Open source[Control systems] CISA ICS security advisories (AV26-134) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceDell security advisory (AV26-132) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceIBM security advisory (AV26-131) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceSiemens Simcenter Femap and Nastran | CISA
cisa.gov
Open sourceGE Vernova Enervista UR Setup | CISA
cisa.gov
Open sourceCritical Airleader Vulnerability Exposes Systems to Remote Code Execution Attacks
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA ICS Advisories Highlight Multiple High-Impact Vulnerabilities Across Industrial and IoT Products
CISA published multiple Industrial Control Systems (ICS) advisories detailing vulnerabilities across a range of OT and connected-device products, including **critical** issues in *AVEVA Process Optimization* (multiple CVEs) that could enable unauthenticated **remote code execution**, SQL injection, privilege escalation, and sensitive data exposure in affected versions (<=2024.1). Additional advisories describe flaws in several **Siemens** product lines, including a DoS condition in **SIMATIC/SIPLUS ET 200** components triggered via an S7 protocol disconnect request (`CVE-2025-40944`), a TLS certificate upload input-validation issue that can crash/reboot **RUGGEDCOM ROS** devices (`CVE-2025-40935`), a local privilege escalation in **TeleControl Server Basic** prior to V3.1.2.4 (`CVE-2025-40942`), and multiple issues in **SINEC Security Monitor** (including improper authorization in `ssmctl-client` file transfer and report-generation DoS; `CVE-2025-40830`, `CVE-2025-40831`). CISA also noted vulnerabilities affecting **Siemens Industrial Edge** ecosystems, including an authorization bypass in the **Industrial Edge Device Kit** (`CVE-2025-40805`) and authentication enforcement weaknesses on specific API endpoints in **Industrial Edge Devices** that could allow impersonation if an attacker knows a legitimate user identity. Other CISA advisories covered **Schneider Electric EcoStruxure Power Build Rapsody** (`CVE-2025-13844`), where importing a malicious project file (SSD) could trigger memory corruption (e.g., double free/use-after-free) and potentially arbitrary code execution, and **Rockwell Automation FactoryTalk DataMosaix Private Cloud** (`CVE-2025-12807`), where low-privilege users could perform sensitive database operations via exposed API endpoints (SQL injection class). Separately, CISA warned about **YoSmart/YoLink** weaknesses (multiple CVEs) including insufficient authorization controls in the MQTT broker enabling cross-account device control when device IDs are obtained (with IDs described as predictable), plus additional issues such as cleartext transmission and predictable identifiers. A non-CISA item in the set reported Cisco releasing updates for a max-severity **AsyncOS** vulnerability under active exploitation (`CVE-2025-20393`) affecting *Secure Email Gateway* and *Secure Email and Web Manager* appliances, including evidence of attacker-installed persistence and attribution by Cisco Talos to **UAT-9686**; this is a separate enterprise email-security incident and not part of the ICS advisory set.
Mar 21, 2026
Multiple Security Advisories for Enterprise and Industrial Products
Several major vendors, including Dell, IBM, and CISA, have released security advisories addressing vulnerabilities in a wide range of enterprise and industrial control system products. Dell's advisories cover critical updates for products such as APEX Cloud Platform for Red Hat OpenShift, Enterprise SONiC Distribution, NetWorker, PowerSwitch models, and iDRAC controllers, urging administrators to apply patches to mitigate potential risks. IBM has similarly published advisories for multiple products, while CISA has issued alerts for vulnerabilities in industrial control systems from vendors like ABB, Advantech, Delta Electronics, Fuji Electric, IDIS, Radiometrics, Survision, and Ubia, recommending prompt mitigation and updates. In addition to these broad advisories, a critical denial-of-service vulnerability (CVE-2024-20399) was identified in Cisco's Identity Services Engine (ISE), which could allow unauthenticated attackers to crash network access control systems by exploiting the RADIUS protocol. Cisco has provided both temporary and permanent mitigation steps for affected versions. Separately, CISA added a Samsung Mobile Devices out-of-bounds write vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risk posed by actively exploited flaws and urging organizations to prioritize remediation to protect against cyber threats.
Mar 21, 2026
Canadian Cyber Centre Flags Broad Vendor Patch Wave Across Enterprise and ICS Products
The Canadian Centre for Cyber Security issued a series of advisories highlighting a broad patch wave from major technology vendors, spanning enterprise infrastructure, operating systems, and industrial environments. IBM released updates for products including **AIX**, **MQ**, **QRadar Suite Software**, **Cloud Pak for Security**, multiple **IBM Verify** offerings, and other middleware and cloud components, while Dell published fixes affecting **Avamar Data Store Gen5A**, **Connectrix B-Series FOS and SANnav**, **PowerSwitch E3200-ON Series**, **PowerSwitch Z9664F-ON**, and **Secure Connect Gateway**. Red Hat and Ubuntu also pushed Linux kernel-related updates, with Red Hat covering several **RHEL** and **CodeReady Linux Builder** variants and Ubuntu addressing kernel issues in **Ubuntu 22.04 LTS** and **24.04 LTS**, including NVIDIA-related vulnerabilities referenced in `USN-8060-7` and `USN-8059-8`. Industrial and telecom systems were also affected. CISA advisories cited vulnerabilities across products from **Apeman, Ceragon, Honeywell, Inductive Automation, Lantronix, Siemens,** and **Trane**, impacting industrial control systems, building management platforms, EV chargers, networking devices, and industrial software. Separately, HPE disclosed a **remote buffer overflow** in **HPE Telco Service Orchestrator** affecting versions prior to `v4.2.12` under bulletin `HPESBNW05029` revision 1. The Cyber Centre urged organizations to review vendor guidance, implement recommended mitigations, and apply updates promptly to reduce exposure across both IT and OT environments.
Jun 22, 2026