⚠️Advisory
CISA Adds One Known Exploited Vulnerability to CatalogCareful Adoption of Agentic AI ServicesCISA Adds One Known Exploited Vulnerability to CatalogABB Ability Symphony Plus EngineeringABB AWIN GatewaysABB Edgenius Management PortalABB System 800xA, Symphony Plus IEC 61850ABB Ability OPTIMAXABB PCM600Adapting Zero Trust Principles to Operational TechnologyCISA Adds Two Known Exploited Vulnerabilities to CatalogNSA GRASSMARLINCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA Adds One Known Exploited Vulnerability to CatalogCarlson Software VASCO-B GNSS ReceiverYadea T5 Electric BicycleIntrado 911 Emergency Gateway (EGW)Milesight CamerasSpiceJet Online Booking SystemHangzhou Xiongmai Technology Co., Ltd XM530 IP CameraFIRESTARTER BackdoorDefending Against China-Nexus Covert Networks of Compromised DevicesCISA Adds One Known Exploited Vulnerability to CatalogSiemens Industrial Edge ManagementSiemens RUGGEDCOM CROSSBOW Secure Access Manager PrimarySiemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)Silex Technology SD-330AC and AMC ManagerSiemens SINEC NMSZero Motorcycles FirmwareSiemens TPM 2.0SenseLive X3050Siemens Analytics ToolkitHardy Barth Salia EV Charge ControllerSiemens SCALANCESiemens SINEC NMSCISA Adds Eight Known Exploited Vulnerabilities to Catalog​​Supply Chain Compromise Impacts Axios Node Package Manager​CISA Adds One Known Exploited Vulnerability to CatalogHorner Automation Cscape and XL4, XL7 PLCAnviz Multiple ProductsDelta Electronics ASDA-SoftAVEVA Pipeline SimulationCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Adds Seven Known Exploited Vulnerabilities to CatalogContemporary Controls BASC 20TGPL Odorizers GPL750CISA Adds One Known Exploited Vulnerability to CatalogMitsubishi Electric GENESIS64 and ICONICS Suite productsIranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical InfrastructureCISA Adds One Known Exploited Vulnerability to CatalogSiemens SICAM 8 ProductsYokogawa CENTUM VPCISA Adds One Known Exploited Vulnerability to CatalogHitachi Energy EllipseCISA Adds One Known Exploited Vulnerability to CatalogAnritsu Remote Spectrum MonitorPX4 AutopilotCISA Adds One Known Exploited Vulnerability to CatalogCISA Adds One Known Exploited Vulnerability to CatalogCISA Adds One Known Exploited Vulnerability to CatalogWAGO GmbH & Co. KG Industrial Managed SwitchesPTC Windchill Product Lifecycle ManagementOpenCode Systems OC Messaging and USSD GatewayCISA Adds One Known Exploited Vulnerability to CatalogPharos Controls Mosaic Show ControllerSchneider Electric EcoStruxure Foxboro DCSSchneider Electric Plant iT/BrewmaxxGrassroots DICOM (GDCM)Russian Intelligence Services Target Commercial Messaging Application AccountsCISA Adds Five Known Exploited Vulnerabilities to CatalogSchneider Electric Modicon Controllers M241, M251, M258, and LMC058Schneider Electric Modicon M241, M251, and M262Automated Logic WebCTRL Premium ServerSchneider Electric EcoStruxure Automation ExpertMitsubishi Electric CNC SeriesCTEK ChargeportalIGL-Technologies eParking.fiCISA Adds One Known Exploited Vulnerability to CatalogSchneider Electric EcoStruxure PME and EPOCISA Urges Endpoint Management System Hardening After Cyberattack Against US OrganizationCISA Adds One Known Exploited Vulnerability to CatalogCISA Adds One Known Exploited Vulnerability to CatalogSiemens SICAM SIAPP SDKSchneider Electric SCADAPack and RemoteConnectCODESYS in Festo Automation SuiteSchneider Electric EcoStruxure Data Center ExpertSchneider Electric EcoStruxure Data Center ExpertCISA Adds One Known Exploited Vulnerability to CatalogCISA Adds Two Known Exploited Vulnerabilities to CatalogSiemens SIDIS PrimeSiemens RUGGEDCOM APE1808 DevicesSiemens SIMATICTrane Tracer SC, Tracer SC+, and Tracer ConciergeSiemens Heliox EV ChargersInductive Automation Ignition SoftwareCISA Adds One Known Exploited Vulnerability to CatalogHoneywell IQ4x BMS ControllerCeragon Siklu MultiHaul and EtherHaul SeriesApeman CamerasLantronix EDS3000PS and EDS5000CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Adds Five Known Exploited Vulnerabilities to CatalogDelta Electronics CNCSoft-G2CISA Adds Two Known Exploited Vulnerabilities to CatalogHitachi Energy Relion REB500 ProductHitachi Energy RTU500 ProductLabkotec LID-3300IPePower epower.iePortwell Engineering ToolkitsMobiliti e-mobi.huMitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet moduleEveron OCPP BackendsChargemap chargemap.comYokogawa CENTUM VP R6, R7Pelco, Inc. Sarix Pro 3 Series IP CamerasCopeland XWEB and XWEB ProEV Energy ev.energyCloudCharge cloudcharge.seMobility46 mobility46.seSWITCH EV swtchenergy.comEV2GO ev2go.ioJohnson Controls, Inc. Frick Controls Quantum HDCISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN SystemsCISA Adds Two Known Exploited Vulnerabilities to CatalogInSAT MasterSCADA BUK-TSGardyn Home KitSchneider Electric EcoStruxure Building Operation WorkstationCISA Adds One Known Exploited Vulnerability to CatalogCISA Adds Two Known Exploited Vulnerabilities to CatalogWelker OdorEyes EcoSystem Pulse Bypass System with XL4 ControllerEnOcean SmartServer IoTJinan USR IOT Technology Limited (PUSR) USR-W610Valmet DNA Engineering Web ToolsCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Adds Four Known Exploited Vulnerabilities to CatalogSiemens Simcenter Femap and NastranGE Vernova Enervista UR SetupDelta Electronics ASDA-SoftHoneywell HIB2PI and HDZ Series CCTV Cameras (Update A)CISA Adds One Known Exploited Vulnerability to CatalogSiemens SINEC OSSiemens Solid EdgeCISA Adds Two Known Exploited Vulnerabilities to CatalogMirion Medical EC2 Software NMIS BioDoseIndustrial Video & Control LongwatchCISA Releases Five Industrial Control Systems AdvisoriesIskra iHUB and iHUB LiteCISA Adds One Known Exploited Vulnerability to CatalogFesto Compact Vision System, Control Block, Controller, and Operator Unit productsOpto 22 groov ViewCISA Releases Seven Industrial Control Systems AdvisoriesAshlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt ShareSiRcom SMART Alert (SiSA)Rockwell Automation Arena SimulationZenitel TCIV-3+​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​CISA Adds One Known Exploited Vulnerability to CatalogOpto 22 GRV-EPIC and groov RIOICAM365 CCTV Camera Multiple ModelsEmerson Appleton UPSMON-PROCISA Releases Six Industrial Control Systems AdvisoriesFesto Didactic productsFesto MSE6-C2M/D2M/E2MAutomated Logic WebCTRL Premium ServerCISA Adds One Known Exploited Vulnerability to CatalogCISA Releases Guide to Mitigate Risks from Bulletproof Hosting ProvidersCISA Adds One Known Exploited Vulnerability to CatalogShelly Pro 3EMMETZ CONNECT EWIO2Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open StudioCISA Releases Six Industrial Control Systems AdvisoriesShelly Pro 4PMSchneider Electric PowerChute Serial ShutdownFortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb ProductsCISA Adds One Known Exploited Vulnerability to CatalogRockwell Automation AADvance-Trusted SIS WorkstationRockwell Automation FactoryTalk Policy ManagerRockwell Automation Studio 5000 Simulation InterfaceRockwell Automation FactoryTalk DataMosaix Private CloudCISA Releases 18 Industrial Control Systems AdvisoriesSiemens SICAM P850 family and SICAM P855 familySiemens COMOSSiemens Software Center and Solid EdgeAVEVA EdgeSiemens Altair Grid EngineMitsubishi Electric MELSEC iQ-F SeriesGeneral Industrial Controls Lynx+ GatewayAVEVA Application Server IDESiemens Spectrum Power 4Siemens Solid EdgeRockwell Automation Verve Asset ManagerBrightpick Mission Control / Internal Logic ControlSiemens LOGO! 8 BM DevicesCISA and Partners Release Advisory Update on Akira RansomwareUpdate: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device VulnerabilitiesCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Adds One Known Exploited Vulnerability to CatalogCISA Releases Four Industrial Control Systems AdvisoriesABB FLXeon ControllersAdvantech DeviceOn/iEdgeUbia UboxFuji Electric Monitouch V-SFT-6Delta Electronics CNCSoft-G2Radiometrics VizAirCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Releases Five Industrial Control Systems AdvisoriesIDIS ICM ViewerSurvision License Plate Recognition CameraCISA Adds Two Known Exploited Vulnerabilities to CatalogInternational Standards Organization ISO 15118-2CISA Releases Two Industrial Control Systems AdvisoriesHitachi Energy TropOSNew Guidance Released on Microsoft Exchange Server Security Best PracticesCISA Adds Two Known Exploited Vulnerabilities to CatalogVertikal Systems Hospital Manager Backend ServicesSchneider Electric EcoStruxureCISA Releases Three Industrial Control Systems AdvisoriesMicrosoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287CISA Adds Two Known Exploited Vulnerabilities to CatalogDelta Electronics ASDA-SoftCISA Releases Eight Industrial Control Systems AdvisoriesAutomationDirect Productivity SuiteASKI Energy ALS-Mini-S8 and ALS-Mini-S4Veeder-Root TLS4B Automatic Tank Gauge SystemNIHON KOHDEN Central Monitor CNS-6201CISA Adds One Known Exploited Vulnerability to CatalogSiemens SIMATIC S7-1200 CPU V1/V2 DevicesOxford Nanopore Technologies MinKNOWRockwell Automation Compact GuardLogix 5370Rockwell Automation 1783-NATRCISA Releases 10 Industrial Control Systems AdvisoriesCloudEdge Online Cameras and AppRaisecomm RAX701-GC SeriesSiemens RUGGEDCOM ROS DevicesCISA Adds Five Known Exploited Vulnerabilities to CatalogRockwell Automation FactoryTalk LinxSiemens SiPass IntegratedRockwell Automation ArmorStart AOPCISA Releases Thirteen Industrial Control Systems AdvisoriesSiemens SINEC NMSRockwell Automation FactoryTalk ViewPointSiemens SIMATIC ET 200SP Communication ProcessorsRockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7Hitachi Energy MACH GWSSiemens HyperLynx and Industrial Edge App PublisherSiemens Solid EdgeSiemens TeleControl Server BasicCISA Adds One Known Exploited Vulnerability to CatalogCISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 DevicesCISA Adds Five Known Exploited Vulnerabilities to CatalogRockwell Automation 1715 EtherNet/IP Comms ModuleRockwell Automation 1715 EtherNet/IP Comms ModuleCISA Releases One Industrial Control Systems AdvisoryCISA Adds One Known Exploited Vulnerability to CatalogRockwell Automation Lifecycle Services with CiscoRockwell Automation StratixCISA Releases Four Industrial Control Systems AdvisoriesHitachi Energy Asset SuiteCISA Adds One Known Exploited Vulnerability to CatalogCISA Releases Two Industrial Control Systems AdvisoriesDelta Electronics DIAScreenCISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA Releases Two Industrial Control Systems AdvisoriesHitachi Energy MSM ProductRaise3D Pro2 Series 3D PrintersCISA Adds Five Known Exploited Vulnerabilities to CatalogFesto SBRD-Q/SBOC-Q/SBOI-QOpenPLC_V3Festo Controller CECC-S,-LK,-D Family FirmwareMegaSys Enterprises Telenium Online Web ApplicationNational Instruments Circuit Design SuiteLG Innotek Camera Multiple ModelsCISA Releases Ten Industrial Control Systems AdvisoriesFesto CPX-CEC-C1 and CPX-CMXXCISA Strengthens Commitment to SLTT GovernmentsCISA Adds Five Known Exploited Vulnerabilities to CatalogCISA and UK NCSC Release Joint Guidance for Securing OT SystemsCISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco DevicesCISA Releases One Industrial Control Systems AdvisoryDingtian DT-R002Widespread Supply Chain Compromise Impacting npm EcosystemCISA Adds One Known Exploited Vulnerability to CatalogCISA Releases Six Industrial Control Systems AdvisoriesMitsubishi Electric MELSEC-Q Series CPU ModuleAutomationDirect CLICK PLUSCISA Releases Advisory on Lessons Learned from an Incident Response EngagementViessmann Vitogate 300CISA Shares Lessons Learned from an Incident Response EngagementSchneider Electric SESUSonicWall Releases Advisory for Customers after Security IncidentWestermo Network Technologies WeOS 5Dover Fueling Solutions ProGauge MagLink LX4 DevicesCognex In-Sight Explorer and In-Sight Camera FirmwareHitachi Energy Service SuiteSchneider Electric Saitel DR & Saitel DP Remote Terminal UnitWestermo Network Technologies WeOS 5Hitachi Energy Asset SuiteCISA Releases Nine Industrial Control Systems AdvisoriesCISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile SystemsMalicious Listener for Ivanti Endpoint Mobile Management SystemsSchneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink ConverterCISA Releases Eight Industrial Control Systems AdvisoriesHitachi Energy RTU500 SeriesSiemens OpenSSL Vulnerability in Industrial ProductsSiemens Multiple Industrial ProductsDelta Electronics DIALinkSiemens SIMATIC NET CP, SINEMA, and SCALANCESiemens RUGGEDCOM, SINEC NMS, and SINEMACISA Adds One Known Exploited Vulnerability to CatalogSiemens Apogee PXC and Talon TC DevicesSiemens User Management Component (UMC)Siemens SINEC OSSiemens Industrial Edge Management OS (IEM-OS)Siemens SIMATIC Virtualization as a Service (SIVaaS)Schneider Electric EcoStruxureCISA Releases Eleven Industrial Control Systems AdvisoriesSiemens SINAMICS DrivesSiemens SIMOTION ToolsSchneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110Daikin Security GatewayABB Cylon Aspect BMS/BASRockwell Automation FactoryTalk OptixRockwell Automation ControlLogix 5580Rockwell Automation ThinManagerRockwell Automation Stratix IOSRockwell Automation CompactLogix® 5480Rockwell Automation 1783-NATRRockwell Automation FactoryTalk Activation ManagerCISA Releases Fourteen Industrial Control Systems AdvisoriesRockwell Automation Analytics LogixAICISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Releases Five Industrial Control Systems AdvisoriesHoneywell OneWireless Wireless Device Manager (WDM)CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) GuidanceFuji Electric FRENIC-Loader 4CISA Adds Two Known Exploited Vulnerabilities to CatalogDelta Electronics EIP BuilderCISA Releases Four Industrial Control Systems AdvisoriesSunPower PVS6CISA Adds One Known Exploited Vulnerability to CatalogCISA Releases Nine Industrial Control Systems AdvisoriesGE Vernova CIMPLICITYDelta Electronics CNCSoft-G2Mitsubishi Electric MELSEC iQ-F Series CPU ModuleDelta Electronics COMMGRMitsubishi Electric MELSEC iQ-F Series CPU ModuleSchneider Electric Saitel DR & Saitel DP Remote Terminal UnitCISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage SystemsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage SystemCISA Adds One Known Exploited Vulnerability to CatalogCISA Releases Three Industrial Control Systems AdvisoriesSchneider Electric Modicon M340 Controller and Communication ModulesINVT VT-Designer and HMIToolCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Requests Public Comment for Updated Guidance on Software Bill of MaterialsMitsubishi Electric Corporation MELSEC iQ-F Series CPU ModuleCISA Adds One Known Exploited Vulnerability to CatalogFUJIFILM Healthcare Americas Synapse MobilityCISA Releases Three Industrial Control Systems AdvisoriesLS Electric GMWin 4CISA Adds One Known Exploited Vulnerability to CatalogDover Fueling Solutions ProGauge MagLink LX ConsolesCISA Releases Five Industrial Control Systems AdvisoriesFuji Electric Smart EditorSiemens Mendix Studio ProCISA Adds Two Known Exploited Vulnerabilities to CatalogPTZOptics and Other Pan-Tilt-Zoom CamerasRansomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software ProviderSiemens Energy ServicesSiemens Tecnomatix Plant SimulationSiemens SCALANCE and RUGGEDCOMAVEVA PI Web APISiemens SCALANCE and RUGGEDCOMAVEVA PI Connector for CygNetCISA Releases Ten Industrial Control Systems AdvisoriesSiemens RUGGEDCOM APE1808Siemens SIMATIC S7-1500 CPU FamilyAVEVA PI Data ArchiveCISA Releases Cybersecurity Advisory on SimpleHelp RMM VulnerabilityMicroDicom DICOM ViewerHitachi Energy Relion 670, 650, SAM600-IO SeriesCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Releases Four Industrial Control Systems AdvisoriesSinoTrack GPS ReceiverCISA Adds Two Known Exploited Vulnerabilities to CatalogHitachi Energy Relion 670, 650 Series and SAM600-IO ProductCISA Releases Seven Industrial Control Systems AdvisoriesCISA Adds One Known Exploited Vulnerability to CatalogCyberData 011209 SIP Emergency IntercomUpdated Guidance on Play RansomwareSchneider Electric Wiser Home AutomationSchneider Electric EcoStruxure Power Build RapsodyCISA Adds Three Known Exploited Vulnerabilities to CatalogMitsubishi Electric MELSEC iQ-F SeriesCISA Releases Three Industrial Control Systems AdvisoriesCISA Adds Five Known Exploited Vulnerabilities to CatalogSiemens SiPass IntegratedConsilium Safety CS5000 Fire PanelInstantel MicromateCISA Releases Five Industrial Control Systems AdvisoriesSantesoft Sante DICOM Viewer ProSiemens SiPassJohnson Controls iSTAR Configuration Utility (ICU) ToolCISA Releases One Industrial Control Systems AdvisoryNew Guidance for SIEM and SOAR ImplementationAdvisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)Lantronix Device InstallerCISA Releases Two Industrial Control Systems AdvisoriesRockwell Automation FactoryTalk Historian ThingWorxNew Best Practices Guide for Securing AI Data ReleasedCISA Adds One Known Exploited Vulnerability to CatalogRussian GRU Cyber Actors Targeting Western Logistics Entities and Tech CompaniesRussian GRU Targeting Western Logistics Entities and Technology CompaniesThreat Actors Target U.S. Critical Infrastructure with LummaC2 MalwareThreat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from OrganizationsMitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric ProductsAssured Telematics Inc (ATI) Fleet Management System with Geotab IntegrationSiemens Siveillance VideoABUP IoT Cloud PlatformTrimble Releases Security Updates to Address a Vulnerability in Cityworks SoftwareCISA Adds One Known Exploited Vulnerability to CatalogSchneider Electric EcoStruxure Power Monitoring Expert (PME)Trimble CityworksCISA Releases Six Industrial Control Systems AdvisoriesSchneider Electric EcoStruxureMicroDicom DICOM ViewerCISA Adds Five Known Exploited Vulnerabilities to CatalogABB Drive ComposerOrthanc Server

Senyo Industrial Security Engineering

Author: CISA