Hitachi Energy RTU500 Product

SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate...

CVE-2025-15577

creationtimestamp| type| source ---|---|--- 2026-02-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-02...

CVE-2026-20761

creationtimestamp| type| source ---|---|--- 2026-02-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-01 2026-02-20 17:08:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfclwgs42626...

Valmet DNA Engineering Web Tools

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

Jinan USR IOT Technology Limited (PUSR) USR-W610

RISK EVALUATION Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Honeywell HIB2PI CCTV Camera (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. 2. RECOMMENDED PRACTICES CISA recommends...

Delta Electronics ASDA-Soft

RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler SEH. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

CVE-2026-22924

creationtimestamp| type| source ---|---|--- 2026-02-12 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-08 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

Authorization Bypass

FUXA is vulnerable to an Authorization Bypass. The vulnerability is due to improper authorization checks on scheduler management functionality, which allows an unauthenticated remote attacker to create and modify arbitrary schedulers and potentially impact connected ICS/SCADA environments...

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team CERT Polska’s Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders. In December 2025, a malicious cyber actors targeted and compromised operational...

CVE-2025-66595

creationtimestamp| type| source ---|---|--- 2026-02-10 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-01...

CVE-2025-66608

creationtimestamp| type| source ---|---|--- 2026-02-10 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-01...

Yokogawa FAST/TOOLS

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle MITM attack, execute malicious scripts, steal files, and perform other various attacks. 2. RECOMMENDED PRACTICES...

AVEVA PI Data Archive

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40567)

The Load Rollback functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to make the affected product roll back configuration changes made by privileged users. This plugin...

CVE-2026-25939

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

CVE-2026-25939

Summary : FUXA is a web-based SCADA/HMI/dashboard. From v1.2.8 to v1.2.10, an authorization bypass allows an unauthenticated, remote attacker to create/modify arbitrary schedulers via the REST endpoint (notably POST/DELETE /api/scheduler), exposing connected ICS/SCADA environments to follow-on ac...

PT-2026-7183

Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization software used in SCADA/HMI/Dashboard systems. An authorization bypass allows a remote, unauthenticated attacker to create and modify schedulers. This can...

GHSA-VWCG-C828-9822 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-69970, which describes the fact that authentication is disabled by default. This advisory describes an exploit chain that enables authentication bypass via the heartbeat refresh endpoint when authentication is enabled. Thi...

Rockwell Automation ArmorStart LT

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...