View CSAF

Summary

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

The following versions of Chargemap chargemap.com are affected:

• chargemap.com vers:all/* (CVE-2026-25851, CVE-2026-20792, CVE-2026-25711, CVE-2026-20791)

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: France

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code.

The following versions of Yokogawa CENTUM VP R6, R7 are affected:

• Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)
• Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Japan

Vulnerabilities

Acknowledgments

• Dmitry Sklyar and Demid Uzenkov of Positive Technologies reported these vulnerabilities to Yokogawa

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive device data, bypass surveillance controls, and expose facilities to privacy breaches, operational risks, and regulatory compliance issues.

The following versions of Pelco, Inc. Sarix Pro 3 Series IP Cameras are affected:

• Sarix Professional IMP 3 Series <=02.52 (CVE-2026-1241)
• Sarix Professional IXP 3 Series <=02.52 (CVE-2026-1241)
• Sarix Professional IBP 3 Series <=02.52 (CVE-2026-1241)
• Sarix Professional IWP 3 Series <=02.52 (CVE-2026-1241)

Background

• Critical Infrastructure Sectors: Commercial Facilities, Defense Industrial Base, Energy, Government Services and Facilities, Healthcare and Public Health, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Souvik Kandar reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code.

The following versions of Copeland XWEB and XWEB Pro are affected:

• XWEB 300D PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)
• XWEB 500D PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)
• XWEB 500B PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)

Background

• Critical Infrastructure Sectors: Commercial Facilities
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Amir Zaltzman and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

The following versions of EV Energy ev.energy are affected:

• ev.energy vers:all/* (CVE-2026-27772, CVE-2026-24445, CVE-2026-26290, CVE-2026-25774)

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United Kingdom

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

The following versions of Mobility46 mobility46.se are affected:

• mobility46.se vers:all/* (CVE-2026-27028, CVE-2026-26305, CVE-2026-27647, CVE-2026-22878)

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Sweden

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend.

The following versions of CloudCharge cloudcharge.se are affected:

• cloudcharge.se vers:all/* (CVE-2026-20781, CVE-2026-25114, CVE-2026-27652, CVE-2026-20733)

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Sweden

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend.

The following versions of EV2GO ev2go.io are affected:

• ev2go.io vers:all/* (CVE-2026-24731, CVE-2026-25945, CVE-2026-20895, CVE-2026-22890)

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United Kingdom

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend.

The following versions of SWITCH EV swtchenergy.com are affected:

• swtchenergy.com vers:all/* (CVE-2026-27767, CVE-2026-25113, CVE-2026-25778, CVE-2026-27773)

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities can lead to pre-authentication remote code execution, information leak or denial of service.

The following versions of Johnson Controls, Inc. Frick Controls Quantum HD are affected:

• Frick Controls Quantum HD <=10.22 (CVE-2026-21654, CVE-2026-21656, CVE-2026-21657, CVE-2026-21658, CVE-2026-21659, CVE-2026-21660)

Background

• Critical Infrastructure Sectors: Food and Agriculture
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Ireland

Vulnerabilities

Acknowledgments

• Noam Moshe of Claroty Research Team 82 reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-26

Legal Notice and Terms of Use

The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies in Emergency Directive (ED) 26-03 to inventory Cisco SD-WAN systems, update them, and assess compromise.

CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems.

CISA, National Security Agency (NSA), and international partners Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and United Kingdom National Cyber Security Centre (NCSC-UK), hereafter the “authoring organizations,” strongly urge network defenders to immediately 1) inventory all in-scope Cisco SD-WAN systems, 2) collect artifacts, including virtual snapshots and logs off of SD-WAN systems to support threat hunt activities, 3) fully patch Cisco SD-WAN systems with available updates, 4) hunt for evidence of compromise, and 5) concurrently review Cisco’s latest security advisories, Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability and Cisco Catalyst SD-WAN Vulnerabilities, and implement Cisco’s SD-WAN Hardening Guidance.¹

To address malicious activity involving vulnerable Cisco SD-WAN systems, CISA issued Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems, which outlines requirements for FCEB agencies to inventory Cisco SD-WAN systems, update them, and assess compromise. Further, CISA released Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems to provide prescriptive actions for FCEB agencies. 

Cisco’s Catalyst SD-WAN Hardening Guide recommends that network defenders address:

• Network perimeter controls: Ensure control components are behind a firewall, isolate virtual private network (VPN) 512 interfaces, and use internet protocol (IP) blocks for manually provisioned edge IPs.
• SD-WAN manager access: Replace the self-signed certificate for the web user interface.
• Control and data plane security: Use pairwise keys.
• Session timeout: Limit to the shortest period possible.
• Logging: Forward to a remote syslog server.

CISA and the authoring organizations are providing the following resources:  

• CISA: Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems
• CISA: Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems
• Cisco: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
• Cisco: Cisco Catalyst SD-WAN Vulnerabilities
• Cisco: Cisco Catalyst SD-WAN Hardening Guide
• ASD’s ACSC: Cisco SD-WAN Threat Hunt Guide, co-sealed by CISA, NSA, Cyber Centre, NCSC-NZ, and NCSC-UK. This guide, based on investigative data, supports network defenders’ detection of and response to the malicious actors’ threat activity

Acknowledgements

NSA, ASD’s ACSC, Cyber Centre, NCSC-NZ, and NCSC-UK contributed to this alert.

Disclaimer

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. 

Notes 

1 Cisco Security, “Cisco Catalyst SD-WAN Hardening Guide,” last modified February 9, 2026, https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability
• CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment.

The following versions of Gardyn Home Kit are affected:

• Home Kit Firmware
• Gardyn Home Kit Mobile Application <2.11.0 (CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-1242)
• Gardyn Home Kit Cloud API <2.12.2026 (CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-1242)

Background

• Critical Infrastructure Sectors: Food and Agriculture
• Countries/Areas Deployed: United States
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Michael Groberman reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-24

Legal Notice and Terms of Use

View CSAF

Summary

Schneider Electric is aware of a vulnerability in EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation. [EcoStruxure Building Operation (EBO)](https://www.se.com/ww/en/product-range/62111-ecostruxure-building-operation-software/#overview) is an open and scalable software platform providing insight, control and management of multiple building systems and devices in one mobile-enabled convenient view. It delivers valuable data for decision-making to improve energy management and increase efficiency for better building performance and comfort, reduced carbon, and more sustainable building environments. Failure to apply the remediations below may risk exposure of local files or denial of service, which could result in data breaches, and operational disruptions.

The following versions of Schneider Electric EcoStruxure Building Operation Workstation are affected:

• EcoStruxure Building Operation Workstation vers:generic/>=7.0.x|<7.0.3.2000_(CP1), 7.0.3.2000_CP1, vers:generic/>=6.x|<6.0.4.14001_(CP10), 6.0.4.14001_CP10, vers:intdot/>=7.0.x|<7.0.2, 7.0.2, vers:generic/>=6.0.x|<6.0.4.7000_(CP5), 6.0.4.7000_CP5 (CVE-2026-1227, CVE-2026-1227, CVE-2026-1226, CVE-2026-1226)
• EcoStruxure Building Operation WebStation vers:generic/>=7.0.x|<7.0.3.2000_(CP1), 7.0.3.2000_CP1, vers:generic/>=6.x|<6.0.4.14001_(CP10), 6.0.4.14001_CP10, vers:intdot/>=7.0.x|<7.0.2, 7.0.2, vers:generic/>=6.0.x|<6.0.4.7000_(CP5), 6.0.4.7000_CP5 (CVE-2026-1227, CVE-2026-1227, CVE-2026-1226, CVE-2026-1226)

Background

• Critical Infrastructure Sectors: Commercial Facilities, Energy, Government Services and Facilities, Healthcare and Public Health, Information Technology, Transportation Systems, Financial Services, Defense Industrial Base, Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: France

Vulnerabilities

Acknowledgments

• Pentest Limited reported these vulnerabilities to Schneider Electric.
• Robin Plugge reported these vulnerabilities to Schneider Electric.

General Security Recommendations

We strongly recommend the following industry cybersecurity best practices. * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.

For More Information

This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric's products, visit the company's cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp

LEGAL DISCLAIMER

THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION

About Schneider Electric

Schneider's purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On. Our mission is to be the trusted partner in sustainability and efficiency. We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers. We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all. www.se.com

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. (https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf)

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. (https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf)

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Schneider Electric SEVD-2026-041-02 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-02-10

Legal Notice and Terms of Use

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-25108 Soliton Systems K.K. FileZen OS Command Injection Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

View CSAF

Summary

Successful exploitation of these vulnerabilities may allow remote code execution.

The following versions of InSAT MasterSCADA BUK-TS are affected:

• MasterSCADA BUK-TS vers:all/* (CVE-2026-21410, CVE-2026-22553)

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Russia

Vulnerabilities

Acknowledgments

• Adem El Adeb reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-24

Legal Notice and Terms of Use

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
• CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

View CSAF

Summary

Successful exploitation of this vulnerability could result in an over- or under-odorization event.

The following versions of Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller are affected:

• OdorEyes EcoSystem Pulse Bypass System with XL4 Controller vers:all/* (CVE-2026-24790)

Background

• Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• A project sponsored by DHS S&T reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-19

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR.

The following versions of EnOcean SmartServer IoT are affected:

• SmartServer IoT <=4.60.009 (CVE-2026-20761, CVE-2026-22885)

Background

• Critical Infrastructure Sectors: Information Technology
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Amir Zaltzman of Claroty Team82 reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities have a high attack complexity.

Revision History

• Initial Release Date: 2026-02-19

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials.

The following versions of Jinan USR IOT Technology Limited (PUSR) USR-W610 are affected:

• USR-W610 <=3.1.1.0 (CVE-2026-25715, CVE-2026-24455, CVE-2026-26049, CVE-2026-26048)

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: China

Vulnerabilities

Acknowledgments

• Abhishek Pandey of Payatu Security Consulting reported CVE-2026-25715, CVE-2026-24455, and CVE-2026-26049 to CISA
• Abhishek Pandey and Ranit Pradhan of Payatu Security Consulting reported CVE-2026-26048 to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-19

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access.

The following versions of Valmet DNA Engineering Web Tools are affected:

• Valmet DNA Engineering Web Tools <=C2022 (CVE-2025-15577)

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Energy
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Finland

Vulnerabilities

Acknowledgments

• Denis Samotuga reported this vulnerability to Valmet

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-19

Legal Notice and Terms of Use

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability
• CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2008-0015 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
• CVE-2020-7796 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
• CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
• CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

View CSAF

Summary

Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Simcenter Femap and Nastran are affected:

• Simcenter Femap vers:intdot/<2512 (CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720)
• Simcenter Nastran vers:intdot/<2512 (CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720)

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Germany

Vulnerabilities

Acknowledgments

• Siemens ProductCERT reported these vulnerabilities to CISA.
• Michael Heinzl reported these vulnerabilities Siemens.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-965753 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-02-10

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities may allow code execution with elevated privileges.

The following versions of GE Vernova Enervista UR Setup are affected:

• Enervista UR Setup <8.70 (CVE-2026-1762, CVE-2026-1763)

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Reid Wightman of Dragos reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

Revision History

• Initial Release Date: 2026-02-17

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH).

The following versions of Delta Electronics ASDA-Soft are affected:

• ASDA-Soft <=7.2.0.0 (CVE-2026-1361)

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Taiwan

Vulnerabilities

Acknowledgments

• nisu of Trend Research reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

• Initial Release Date: 2026-02-17

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise.

The following versions of Honeywell HIB2PI and HDZ Series CCTV Cameras (Update A) are affected:

• HDZ322DI vers:all/* (CVE-2026-1670)
• HC20WZ2R25 vers:all/* (CVE-2026-1670)
• I-HIB2PI-UL vers:all/* (CVE-2026-1670)

Background

• Critical Infrastructure Sectors: Commercial Facilities
• Countries/Areas Deployed: India
• Company Headquarters Location: India

Vulnerabilities

Acknowledgments

• Souvik Kandar reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-02-17

Legal Notice and Terms of Use

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

View CSAF

Summary

SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens SINEC OS are affected:

• RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XCH328 (6GK5328-4TS01-2EC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XCM324 (6GK5324-8TS01-2AC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XCM328 (6GK5328-4TS01-2AC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XCM332 (6GK5332-0GA01-2AC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
• SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)

Background

• Critical Infrastructure Sectors: Energy, Critical Manufacturing, Transportation Systems, Water and Wastewater
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Germany

Vulnerabilities