View CSAF Summary Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. The following versions of ZLAN Information Technology Co. ZLAN5143D are affected: ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789) CVSS Vendor Equipment Vulnerabilities v3 9.8 ZLAN Information Technology Co. ZLAN Information Technology Co. ZLAN5143D Missing Authentication for Critical Function Background Critical […]

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.  In December 2025, a malicious cyber actor(s) targeted and compromised operational technology (OT) and industrial control systems (ICS) in Poland’s Energy Sector—specifically renewable energy plants, a combined heat and power plant, and a manufacturing sector company—in […]

CISA released the guidance, Barriers to Secure OT Communication: Why Johnny Can’t Authenticate, which highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:   What motivates […]

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699) CVSS Vendor Equipment Vulnerabilities v3 5.5 ZOLL ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory Background Critical […]

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure Vulnerability CVE-2026-21513 Microsoft MSHTML Framework Security Feature Bypass Vulnerability CVE-2026-21514 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability CVE-2026-21519 Microsoft Windows Type Confusion Vulnerability CVE-2026-21525 Microsoft Windows […]

View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT Agent <=v2.4.2520 (CVE-2026-1495) CVSS Vendor Equipment Vulnerabilities v3 6.5 AVEVA AVEVA PI to CONNECT Agent Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company […]

View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of AVEVA PI Data Archive are affected: PI Data Archive PI Server <=2018_SP3_Patch_7 (CVE-2026-1507) PI Data Archive PI Server 2023 (CVE-2026-1507) PI Data Archive PI Server 2023_Patch_1 (CVE-2026-1507) PI Data Archive PI Server 2024 (CVE-2026-1507) CVSS Vendor Equipment Vulnerabilities v3 7.5 AVEVA AVEVA PI Data Archive Uncaught Exception […]

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa FAST/TOOLS are affected: FAST/TOOLS >=R9.01|<=R10.04 (CVE-2025-66594, CVE-2025-66595, CVE-2025-66597, CVE-2025-66598, CVE-2025-66599, CVE-2025-66600, CVE-2025-66601, CVE-2025-66602, […]

View CSAF Summary Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras. The following versions of TP-Link Systems Inc. VIGI Series IP Camera are affected: VIGI Cx45 Series Models C345, C445 <=3.1.0_Build_250820_Rel.57668n (CVE-2026-0629) VIGI Cx55 Series Models C355, C455 <=3.1.0_Build_250820_Rel.58873n (CVE-2026-0629) VIGI Cx85 Series Models C385, C485 […]

View CSAF Summary Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if XMC20 devices are configured to use remote RADIUS authentication. The following […]

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) […]

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition and memory corruption. The following versions of o6 Automation GmbH Open62541 are affected: Open62541 >=1.5-rc1|<1.5-rc2 (CVE-2026-1301) CVSS Vendor Equipment Vulnerabilities v3 5.7 o6 Automation GmbH o6 Automation GmbH Open62541 Out-of-bounds Write Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: […]