CISA and Canadian Cyber Centre Advisories Highlight Multiple ICS and Enterprise Vulnerabilities
The Canadian Centre for Cyber Security issued multiple advisories summarizing vendor and CISA disclosures from Feb 9–15, urging organizations to patch widely used platforms. This included Linux kernel fixes across supported Ubuntu releases (16.04 through 25.10) and a broad set of Dell and IBM product updates affecting backup/DR, infrastructure, and automation/transaction systems (e.g., Dell Avamar/NetWorker/PowerEdge/IDPA/iDRAC Service Module and IBM Business Automation Workflow, Operational Decision Manager, Sterling components, webMethods Integration, and others).
CISA also published ICS advisories covering several industrial products with potentially high-impact outcomes. Siemens Simcenter Femap and Nastran were reported vulnerable to multiple NDB/XDB file-parsing issues (CVE-2026-23715 through CVE-2026-23720) that can be triggered via malicious files and may lead to crashes or arbitrary code execution (CVSS 7.8), with Siemens recommending upgrades. GE Vernova Enervista UR Setup versions < 8.70 were reported vulnerable to DLL hijacking and path traversal (CVE-2026-1762, CVE-2026-1763; CVSS 7.8), potentially enabling elevated code execution. Separately, CISA advisory ICSA-26-043-10 described a critical unauthenticated remote code execution risk in Airleader Master <= 6.381 due to an unrestricted file upload flaw (CVE-2026-1358; CVSS 9.8); CISA noted no known public exploits at the time and recommended exposure reduction measures such as network segmentation and restricting internet access to control systems.
Related Entities
Vulnerabilities
Organizations
Sources
2 more from sources like cisa advisories and cyber security news
Related Stories
CISA ICS Advisories Highlight Multiple High-Impact Vulnerabilities Across Industrial and IoT Products
CISA published multiple Industrial Control Systems (ICS) advisories detailing vulnerabilities across a range of OT and connected-device products, including **critical** issues in *AVEVA Process Optimization* (multiple CVEs) that could enable unauthenticated **remote code execution**, SQL injection, privilege escalation, and sensitive data exposure in affected versions (<=2024.1). Additional advisories describe flaws in several **Siemens** product lines, including a DoS condition in **SIMATIC/SIPLUS ET 200** components triggered via an S7 protocol disconnect request (`CVE-2025-40944`), a TLS certificate upload input-validation issue that can crash/reboot **RUGGEDCOM ROS** devices (`CVE-2025-40935`), a local privilege escalation in **TeleControl Server Basic** prior to V3.1.2.4 (`CVE-2025-40942`), and multiple issues in **SINEC Security Monitor** (including improper authorization in `ssmctl-client` file transfer and report-generation DoS; `CVE-2025-40830`, `CVE-2025-40831`). CISA also noted vulnerabilities affecting **Siemens Industrial Edge** ecosystems, including an authorization bypass in the **Industrial Edge Device Kit** (`CVE-2025-40805`) and authentication enforcement weaknesses on specific API endpoints in **Industrial Edge Devices** that could allow impersonation if an attacker knows a legitimate user identity. Other CISA advisories covered **Schneider Electric EcoStruxure Power Build Rapsody** (`CVE-2025-13844`), where importing a malicious project file (SSD) could trigger memory corruption (e.g., double free/use-after-free) and potentially arbitrary code execution, and **Rockwell Automation FactoryTalk DataMosaix Private Cloud** (`CVE-2025-12807`), where low-privilege users could perform sensitive database operations via exposed API endpoints (SQL injection class). Separately, CISA warned about **YoSmart/YoLink** weaknesses (multiple CVEs) including insufficient authorization controls in the MQTT broker enabling cross-account device control when device IDs are obtained (with IDs described as predictable), plus additional issues such as cleartext transmission and predictable identifiers. A non-CISA item in the set reported Cisco releasing updates for a max-severity **AsyncOS** vulnerability under active exploitation (`CVE-2025-20393`) affecting *Secure Email Gateway* and *Secure Email and Web Manager* appliances, including evidence of attacker-installed persistence and attribution by Cisco Talos to **UAT-9686**; this is a separate enterprise email-security incident and not part of the ICS advisory set.
2 months agoMultiple Security Advisories for Enterprise and Industrial Products
Several major vendors, including Dell, IBM, and CISA, have released security advisories addressing vulnerabilities in a wide range of enterprise and industrial control system products. Dell's advisories cover critical updates for products such as APEX Cloud Platform for Red Hat OpenShift, Enterprise SONiC Distribution, NetWorker, PowerSwitch models, and iDRAC controllers, urging administrators to apply patches to mitigate potential risks. IBM has similarly published advisories for multiple products, while CISA has issued alerts for vulnerabilities in industrial control systems from vendors like ABB, Advantech, Delta Electronics, Fuji Electric, IDIS, Radiometrics, Survision, and Ubia, recommending prompt mitigation and updates. In addition to these broad advisories, a critical denial-of-service vulnerability (CVE-2024-20399) was identified in Cisco's Identity Services Engine (ISE), which could allow unauthenticated attackers to crash network access control systems by exploiting the RADIUS protocol. Cisco has provided both temporary and permanent mitigation steps for affected versions. Separately, CISA added a Samsung Mobile Devices out-of-bounds write vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risk posed by actively exploited flaws and urging organizations to prioritize remediation to protect against cyber threats.
4 months ago
Siemens Issues Security Updates for Multiple Industrial and Engineering Products
**Siemens published security advisories for multiple products**, prompting both CISA ICS advisories and a Canadian Centre for Cyber Security alert covering a broad set of affected industrial/engineering software and OT-adjacent components. Reported issues include a **stored XSS** in *Siemens Polarion* (CVE-2025-40587; CVSS 7.6) where authenticated users can inject JavaScript via crafted document titles, and **local privilege escalation** paths in *Siemens SINEC NMS* and its *User Management Component (UMC)* (CVE-2026-25655, CVE-2026-25656; CVSS 7.8) that allow low-privileged users to modify configuration/search paths to load malicious DLLs and potentially gain elevated execution (including SYSTEM-level impact). Siemens also addressed a **missing authorization** condition affecting *Siveillance Video Management Servers* Webhooks/MIP Webhooks API (CVSS 6.3), enabling a read-only user to obtain full API access. Additional advisories cover file-parsing and third-party component risks that can lead to crashes or potential code execution. *Siemens NX* is affected by multiple **CGM file parsing** flaws (CVE-2026-22923/22924/22925; CVSS 7.8) that can be triggered when a user opens a malicious file, and *Siemens Solid Edge* includes an **out-of-bounds read** in the PS/IGES Parasolid translator when processing crafted IGS files (CVSS 7.8). *Desigo CC* and *SENTRON Powermanager* are impacted via the third-party *WIBU Systems CodeMeter Runtime* chain tied to **CVE-2023-38545** (curl SOCKS5 heap overflow; CVSS 8.8), with Siemens providing component update instructions. *Siemens SINEC OS* before V3.3 aggregates a large set of third-party CVEs across supported platforms, and *Siemens COMOS* advisories include multiple issues (up to CVSS 10) spanning potential code execution, DoS, data exposure, and access control violations; Siemens recommends updating where fixes are available and applying countermeasures where they are not yet released.
1 months ago