🛡️ Mitsubishi Electric MELSEC iQ-F Series
🆔
📅 2026-06-18 06:00 UTC
🏭 Vendor: Mitsubishi Electric
📦 Products: MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-8805
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-169-05📅 2026-06-18 06:00 UTC
🏭 Vendor: Mitsubishi Electric
📦 Products: MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H🧷 CVE: CVE-2026-8805
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
🆔
📅 2026-06-18 06:00 UTC
🏭 Vendor: Mitsubishi Electric
📦 Products: Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-8806
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-169-06📅 2026-06-18 06:00 UTC
🏭 Vendor: Mitsubishi Electric
📦 Products: Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H🧷 CVE: CVE-2026-8806
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
🆔
📅 2026-06-18 06:00 UTC
🏭 Vendor: Schneider Electric
📦 Products: Easergy C5; Easergy MiCOM C264; Easergy MiCOM C434; Easergy MiCOM P138; Easergy MiCOM P139; Easergy MiCOM P139 version (+25)
⚠️ CVSS v3.1: 8.3 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-4827
Schneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product.
The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#products) product is a UPS management software enabling graceful system shutdown
and energy management capabilities for desktop, servers and workstations.
Failure to apply the remediation provided below may risk improper input validation which could result in
disruption of operations and access to system data.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-169-07📅 2026-06-18 06:00 UTC
🏭 Vendor: Schneider Electric
📦 Products: Easergy C5; Easergy MiCOM C264; Easergy MiCOM C434; Easergy MiCOM P138; Easergy MiCOM P139; Easergy MiCOM P139 version (+25)
⚠️ CVSS v3.1: 8.3 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L🧷 CVE: CVE-2026-4827
Schneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product.
The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#products) product is a UPS management software enabling graceful system shutdown
and energy management capabilities for desktop, servers and workstations.
Failure to apply the remediation provided below may risk improper input validation which could result in
disruption of operations and access to system data.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
🆔
📅 2026-06-18 06:00 UTC
🏭 Vendor: Apollo Pharmacy
📦 Products: Blood Glucose Monitoring System (Model No. APG-01 BT)
⚠️ CVSS v3.1: 6.5 (Средний)
🧭 Vector:
🧷 CVE: CVE-2026-50034, CVE-2026-52866
Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSMA-26-169-01📅 2026-06-18 06:00 UTC
🏭 Vendor: Apollo Pharmacy
📦 Products: Blood Glucose Monitoring System (Model No. APG-01 BT)
⚠️ CVSS v3.1: 6.5 (Средний)
🧭 Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N🧷 CVE: CVE-2026-50034, CVE-2026-52866
Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Siemens WinCC Certificate Manager
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: SIMATIC WinCC Unified PC Runtime V16; SIMATIC WinCC Unified PC Runtime V17; SIMATIC WinCC Unified PC Runtime V18; SIMATIC WinCC Unified PC Runtime V19; SIMATIC WinCC Unified PC Runtime V20; SIMATIC WinCC Unified PC Runtime V21
⚠️ CVSS v3.1: 7.1 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-24349
WinCC Certificate Manager insufficiently protects key material that could allow an attacker to extract sensitive information.
Siemens has released a new version for SIMATIC WinCC Unified PC Runtime V21 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-01📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: SIMATIC WinCC Unified PC Runtime V16; SIMATIC WinCC Unified PC Runtime V17; SIMATIC WinCC Unified PC Runtime V18; SIMATIC WinCC Unified PC Runtime V19; SIMATIC WinCC Unified PC Runtime V20; SIMATIC WinCC Unified PC Runtime V21
⚠️ CVSS v3.1: 7.1 (Высокий)
🧭 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N🧷 CVE: CVE-2026-24349
WinCC Certificate Manager insufficiently protects key material that could allow an attacker to extract sensitive information.
Siemens has released a new version for SIMATIC WinCC Unified PC Runtime V21 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Siemens SIPROTEC 5 Using DIGSI5 Protocol
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: SIPROTEC 5 6MD84 (CP300); SIPROTEC 5 6MD85 (CP200); SIPROTEC 5 6MD85 (CP300); SIPROTEC 5 6MD86 (CP200); SIPROTEC 5 6MD86 (CP300); SIPROTEC 5 6MD89 (CP300) (+55)
⚠️ CVSS v3.1: 6.1 (Средний)
🧭 Vector:
🧷 CVE: CVE-2025-40808
SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol.
This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition.
As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability.
Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-02📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: SIPROTEC 5 6MD84 (CP300); SIPROTEC 5 6MD85 (CP200); SIPROTEC 5 6MD85 (CP300); SIPROTEC 5 6MD86 (CP200); SIPROTEC 5 6MD86 (CP300); SIPROTEC 5 6MD89 (CP300) (+55)
⚠️ CVSS v3.1: 6.1 (Средний)
🧭 Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H🧷 CVE: CVE-2025-40808
SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol.
This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition.
As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability.
Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Siemens Products using OpenSSL
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: AI Lightweight Inference Server; Connector for Azure; Databus; HiMed Cockpit; RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2); RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (+131)
⚠️ CVSS v3.1: 9.8 (Критический)
🧭 Vector:
🧷 CVE: CVE-2025-15467
OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-03📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: AI Lightweight Inference Server; Connector for Azure; Databus; HiMed Cockpit; RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2); RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (+131)
⚠️ CVSS v3.1: 9.8 (Критический)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H🧷 CVE: CVE-2025-15467
OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Siemens SINEC INS
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: SINEC INS
⚠️ CVSS v3.1: 8.8 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-46746, CVE-2026-46747, CVE-2026-46748, CVE-2026-46749
SINEC INS before V1.0 SP2 Update 6 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC INS and recommends to update to the latest version.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-04📅 2026-06-23 06:00 UTC
🏭 Vendor: Siemens
📦 Products: SINEC INS
⚠️ CVSS v3.1: 8.8 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H🧷 CVE: CVE-2026-46746, CVE-2026-46747, CVE-2026-46748, CVE-2026-46749
SINEC INS before V1.0 SP2 Update 6 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC INS and recommends to update to the latest version.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ ABB Freelance Security Lock
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: ABB
📦 Products: Freelance Security Lock; System Version
⚠️ CVSS v3.1: 6.6 (Средний)
🧭 Vector:
🧷 CVE: CVE-2025-7064
ABB is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or make the product inaccessible.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-05📅 2026-06-23 06:00 UTC
🏭 Vendor: ABB
📦 Products: Freelance Security Lock; System Version
⚠️ CVSS v3.1: 6.6 (Средний)
🧭 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:W/RC:R/CR:L/IR:L/AR:L🧷 CVE: CVE-2025-7064
ABB is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or make the product inaccessible.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Impact of Linux Kernel vulnerabilities on B&R products
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: B&R Industrial Automation GmbH
📦 Products: APROL; Linux for B&R; X20EDS410
⚠️ CVSS v3.1: 7.8 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-31431, CVE-2026-43284, CVE-2026-43494, CVE-2026-46300, CVE-2026-46333
B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory.
Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-06📅 2026-06-23 06:00 UTC
🏭 Vendor: B&R Industrial Automation GmbH
📦 Products: APROL; Linux for B&R; X20EDS410
⚠️ CVSS v3.1: 7.8 (Высокий)
🧭 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RC:C🧷 CVE: CVE-2026-31431, CVE-2026-43284, CVE-2026-43494, CVE-2026-46300, CVE-2026-46333
B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory.
Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Hubbell Aclara Metrum Cellular Web Interface
🆔
📅 2026-06-23 06:00 UTC
🏭 Vendor: Hubbell
📦 Products: Aclara Metrum Cellular Web Interface
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-1840
Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-174-07📅 2026-06-23 06:00 UTC
🏭 Vendor: Hubbell
📦 Products: Aclara Metrum Cellular Web Interface
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H🧷 CVE: CVE-2026-1840
Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ EVoke Systems Charging Station Management System
🆔
📅 2026-06-25 05:00 UTC
🏭 Vendor: EVoke Systems
📦 Products: EVoke CSMS
⚠️ CVSS v3.1: 9.4 (Критический)
🧭 Vector:
🧷 CVE: CVE-2026-40702, CVE-2026-44622, CVE-2026-50176, CVE-2026-54479
Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-02📅 2026-06-25 05:00 UTC
🏭 Vendor: EVoke Systems
📦 Products: EVoke CSMS
⚠️ CVSS v3.1: 9.4 (Критический)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L🧷 CVE: CVE-2026-40702, CVE-2026-44622, CVE-2026-50176, CVE-2026-54479
Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Yokogawa FAST/TOOLS and CI Server
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: Yokogawa
📦 Products: Collaborative Information Server (CI Server); FAST/TOOLS
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-11833
Successful exploitation of this vulnerability may return a response containing the CI Server setting information.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-01📅 2026-06-25 06:00 UTC
🏭 Vendor: Yokogawa
📦 Products: Collaborative Information Server (CI Server); FAST/TOOLS
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N🧷 CVE: CVE-2026-11833
Successful exploitation of this vulnerability may return a response containing the CI Server setting information.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Horner Automation Cscape
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: Horner Automation
📦 Products: Cscape
⚠️ CVSS v3.1: 7.8 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-12897
Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-03📅 2026-06-25 06:00 UTC
🏭 Vendor: Horner Automation
📦 Products: Cscape
⚠️ CVSS v3.1: 7.8 (Высокий)
🧭 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H🧷 CVE: CVE-2026-12897
Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Daktronics Controller Firmware
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: Daktronics
📦 Products: DMP-5000; DMP-8000; VFC-DMP-5000
⚠️ CVSS v3.1: 8.1 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-28701, CVE-2026-31928, CVE-2026-33560
Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-04📅 2026-06-25 06:00 UTC
🏭 Vendor: Daktronics
📦 Products: DMP-5000; DMP-8000; VFC-DMP-5000
⚠️ CVSS v3.1: 8.1 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N🧷 CVE: CVE-2026-28701, CVE-2026-31928, CVE-2026-33560
Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ H.VIEW HV-500S6 IP Camera
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: H.VIEW
📦 Products: HV-500S6 IP Camera
⚠️ CVSS v3.1: 7.2 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-55975, CVE-2026-56414
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-05📅 2026-06-25 06:00 UTC
🏭 Vendor: H.VIEW
📦 Products: HV-500S6 IP Camera
⚠️ CVSS v3.1: 7.2 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H🧷 CVE: CVE-2026-55975, CVE-2026-56414
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Delta Electronics DTM Soft
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: Delta Electronics
📦 Products: DTMSoft
⚠️ CVSS v3.1: 7.8 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-12578
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-06📅 2026-06-25 06:00 UTC
🏭 Vendor: Delta Electronics
📦 Products: DTMSoft
⚠️ CVSS v3.1: 7.8 (Высокий)
🧭 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H🧷 CVE: CVE-2026-12578
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ Schneider Electric PowerLogic P7
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: Schneider Electric
📦 Products: PowerLogic™ P7
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-9716, CVE-2026-9717, CVE-2026-9718
Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product.
The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical
network applications.
Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or
loss of HMI operability and configuration functionality, which could result in loss of control over system
operations and disruption of critical services.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSA-26-176-07📅 2026-06-25 06:00 UTC
🏭 Vendor: Schneider Electric
📦 Products: PowerLogic™ P7
⚠️ CVSS v3.1: 7.5 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H🧷 CVE: CVE-2026-9716, CVE-2026-9717, CVE-2026-9718
Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product.
The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical
network applications.
Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or
loss of HMI operability and configuration functionality, which could result in loss of control over system
operations and disruption of critical services.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ pydicom pynetdicom Library
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: pydicom
📦 Products: pynetdicom
⚠️ CVSS v3.1: 9.1 (Критический)
🧭 Vector:
🧷 CVE: CVE-2026-56445
Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSMA-26-176-01📅 2026-06-25 06:00 UTC
🏭 Vendor: pydicom
📦 Products: pynetdicom
⚠️ CVSS v3.1: 9.1 (Критический)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H🧷 CVE: CVE-2026-56445
Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🛡️ OHIF Viewers DICOM
🆔
📅 2026-06-25 06:00 UTC
🏭 Vendor: Open Health Imaging Foundation (OHIF)
📦 Products: OHIF DICOM Web Viewer Framework
⚠️ CVSS v3.1: 8.2 (Высокий)
🧭 Vector:
🧷 CVE: CVE-2026-12473
Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link.
🔗 Источник
#CISA #CSAF #ICSAdvisory
🆔
ICSMA-26-176-02📅 2026-06-25 06:00 UTC
🏭 Vendor: Open Health Imaging Foundation (OHIF)
📦 Products: OHIF DICOM Web Viewer Framework
⚠️ CVSS v3.1: 8.2 (Высокий)
🧭 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N🧷 CVE: CVE-2026-12473
Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link.
🔗 Источник
#CISA #CSAF #ICSAdvisory