CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on July 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-203-01 DuraComm DP-10iN-100-MU ICSA-25-203-02 Lantronix Provisioning Manager...

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...

CVE-2025-46118

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary...

VulnCheck KEV: CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be...

The vulnerability of the EPA component of the Honeywell Experion PKS programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Epic Platform Analyzer EPA component of Honeywell Experion PKS programmable logic controllers is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on July 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-196-01 Hitachi Energy Asset Suite ICSA-25-196-02 ABB RMC-100 ICSA-25-196-03 LITEON IC48A...

CVE-2025-1384

CVE-2025-1384 affects Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio Software. The issue is a Least Privilege Violation (CWE-272) in the communications function between these products, allowing a remote attacker to gain unauthorized access and potentially execute arbitrary co...

CVE-2025-1384 Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers

Least Privilege Violation CWE-272 Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the...

PT-2025-29396 · Omron · Machine Automation Controller Nj Series +1

Name of the Vulnerable Software and Affected Versions: NJ/NX-series Machine Automation Controllers affected versions not specified Sysmac Studio Software affected versions not specified Description: A least privilege violation exists in the communication function between the NJ/NX-series Machine...

Security Notice: Rowhammer - July 2025

NVIDIA has released this security notice in response to customer inquiries about potential impacts to NVIDIA GPUs from Rowhammer attacks. Go to NVIDIA Product Security. Details NVIDIA has received new research related to the industry-wide DRAM issue known as “Rowhammer”. The research demonstrates...

USN-7594-3 linux-aws, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...

USN-7605-2: Linux kernel (Low Latency) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

Command Execution Vulnerability in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A command execution vulnerability exists in multiple Advantech products, which can be exploited by an attacker to remotely control a relay channel...

Multiple Advantech Products Information Disclosure Vulnerabilities

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

Denial of Service Vulnerability in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A denial of service vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause a denial of service...

Mitsubishi Electric多款产品 访问控制错误漏洞

The Mitsubishi Electric G-50, among others, is an air conditioning centralized controller from Mitsubishi Electric Mitsubishi Electric of Japan. An access control error vulnerability exists in various Mitsubishi Electric products, which stems from a lack of authentication for critical functions a...

The vulnerability of Microprogrammed Software in Modicon Controllers arises from improper external control of the name or file path during data loading, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of Microprogrammed Software in Modicon Controllers arises from incorrect external control via name or file during data loading. Exploiting this vulnerability allows an attacker to compromise the confidentiality of protected information...

Schneider Electric Modicon Controllers Resource Management Error Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric France. A resource management error vulnerability exists in Schneider Electric Modicon Controllers, which arises from uncontrolled resource consumption and can be exploited...

Advantech多款产品 安全漏洞

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A code execution vulnerability exists in multiple Advantech products, which can be exploited by attackers to inject or modify firmware via the JTAG interface...

Schneider Electric Modicon Controllers Input Validation Error Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from improper input validation and can be exploited by an...