SIMON Master Console Rebuild
True command center for SIMON + WEB360
This rebuild gives you a cleaner production spine: interactive tree, live viewer, guarded editor, dynamic graphics, architecture map, and note storage. It is designed to sit beside your existing
console.php
and become the stronger replacement path.
Dashboard
Tree
Viewer
System Map
File Registry
Notes
Files
15,526
Folders
410
Scanned Size
3.85 GB
PHP Files
894
Editable Text Files
12,787
File viewer
guarded to /htdocs
/connlink/test1/cache/cisa_advisories_694a69b59812.json
{ "ok": true, "items": [ { "id": "2450a499c8ad958bae2a51625f3d94e4beddcb83", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Adds Four Known Exploited Vulnerabilities to Catalog", "summary": "CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Cat…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-adds-four-known-exploited-vulnerabilities-catalog", "image": "", "published": "2026-07-14T12:00:00+00:00", "score": 88.69, "color": "#ff5bd1", "raw": { "title": "CISA Adds Four Known Exploited Vulnerabilities to Catalog", "summary": "<p>CISA has added four new vulnerabilities to its <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>\n<ul type=\"square\">\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-15409\" target=\"_blank\">CVE-2026-15409</a> SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability</li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-15410\" target=\"_blank\">CVE-2026-15410</a> SonicWall SMA1000 Appliances Code Injection Vulnerability</li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-56155\" target=\"_blank\">CVE-2026-56155</a> Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability</li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-56164\" target=\"_blank\">CVE-2026-56164</a> Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability</li>\n</ul>\n<p>These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.</p>\n<p><a href=\"https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk\">Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk</a> establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.</p>\n<p>While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">KEV Catalog vulnerabilities</a>. CISA will continue to add vulnerabilities to the catalog that meet the <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog/reducing-significant-risk-known-exploited-vulnerabilities\">specified criteria</a>.</p>\n<p>Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s <a class=\"ext\" href=\"https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_1Zwu52kgK2OYf3w\" target=\"_blank\">KEV Nomination Form</a>. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. </p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-adds-four-known-exploited-vulnerabilities-catalog", "image": "", "published": "Tue, 14 Jul 26 12:00:00 +0000" } }, { "id": "3f737edb015b7bb35ae3c6cbf012ea5057295eeb", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "ABB Ability Edgenius", "summary": "View CSAF Summary ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions listed as affected in the advisory. An update is available that resolves a publicly reported vulnerability. CVE‑2026‑31431 (Copy Fail) is a Linux kernel vulnerability that may allow a locally authenticated user or compromised container workload to gain elevated (root) privileges on affected systems. Once root access is obtained, the attacker can effectively gain complete control of the system The following versions of ABB Ability Edgenius are affected: Ability Edgenius >=3.2.0.0|=3.2.0.0|=3.2.0.0|=3.2.0.0|=3.2.0.0|=3.2.0.0|", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-02", "image": "", "published": "2026-07-14T12:00:00+00:00", "score": 88.69, "color": "#ff5bd1", "raw": { "title": "ABB Ability Edgenius", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-195-02_drupal.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions listed as affected in the advisory. An update is available that resolves a publicly reported vulnerability. CVE‑2026‑31431 (Copy Fail) is a Linux kernel vulnerability that may allow a locally authenticated user or compromised container workload to gain elevated (root) privileges on affected systems. Once root access is obtained, the attacker can effectively gain complete control of the system</strong></p>\n<p>The following versions of ABB Ability Edgenius are affected:</p>\n<ul>\n<li>Ability Edgenius >=3.2.0.0|<3.2.4.1 installed on ABB Ability Edgenius Gateway - bE100, >=3.2.0.0|<3.2.4.1 installed on ABB Ability Edgenius Gateway - E3100C, >=3.2.0.0|<3.2.4.1 installed on ABB Ability Edgenius Server - vE1000 (CVE-2026-31431, CVE-2026-31431, CVE-2026-31431)</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 7.8</td>\n<td>ABB</td>\n<td>ABB Ability Edgenius</td>\n<td>Incorrect Resource Transfer Between Spheres</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Switzerland</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-31431</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>CVE‑2026‑31431 (Copy Fail) is a Linux kernel vulnerability that may allow a locally authenticated user or compromised container workload to gain elevated (root) privileges on affected systems. The issue originates in the Linux kernel’s cryptographic subsystem and impacts kernels used by most major Linux distributions released since 2017. Successful exploitation requires local code execution, however, in shared, containerized, or multi‑tenant environments this may increase the security risk</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-31431\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ABB Ability Edgenius</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ABB</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ABB Ability Edgenius >=3.2.0.0|<3.2.4.1 installed on ABB Ability Edgenius Gateway - bE100, ABB Ability Edgenius >=3.2.0.0|<3.2.4.1 installed on ABB Ability Edgenius Gateway - E3100C, ABB Ability Edgenius >=3.2.0.0|<3.2.4.1 installed on ABB Ability Edgenius Server - vE1000</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>The problem is corrected in the following product versions: - Edgenius 3.2.4.1 ABB recommends that customers apply the update at earliest convenience.</p>\n<p><strong>Mitigation</strong><br>Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. Refer to section General security recommendations for further advise on how to keep your system secure. Recommended mitigation factors - Limit access to ssh or cockpit - By default, no additional lower privilege users are present on Edgenius installations</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/669.html\">CWE-669 Incorrect Resource Transfer Between Spheres</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>ABB PSIRT reported this vulnerability to CISA.</li>\n</ul>\n<hr>\n<h2>Notice</h2>\n<p>The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p>\n<hr>\n<h2>Frequently Asked Questions</h2>\n<p>What causes the vulnerability? - A flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect 'in-place operation' was introduced, where the source and destination data mappings were different. This could lead to unexpected behavior or data integrity issues during cryptographic operations, potentially impacting the reliability of encrypted communications. What is Edgenius? - ABB Ability™ Edgenius is an edge computing platform that - Connects to control systems, devices, and equipment - Collects and contextualizes operational data - Hosts applications that deliver real-time insights and AI-driven recommendations What might an attacker use the vulnerability to do? - Successful exploitation could enable a local user attacker to gain administrative control of the system node, execute arbitrary code, or cause the node to become unavailable. How could an attacker exploit the vulnerability? - An attacker could exploit this vulnerability after obtaining local access to the system. By invoking the Linux kernel’s affected cryptographic interface (algif_aead), the attacker can trigger incorrect memory handling in the kernel. This allows the attacker to escalate privileges from a normal user to full administrative (root) access on the affected system node Could the vulnerability be exploited remotely? - No, to exploit this vulnerability an attacker would need to have local access (physical access or through valid SSH credentials) to an affected system node. What does the update do? - The update resolves the issue by incorporating the security update of the Linux kernel. When this security advisory was issued, had this vulnerability been publicly disclosed? - Yes, this vulnerability has been publicly disclosed. When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited? - No, ABB had not received any information indicating that this vulnerability had been exploited for Edgenius when this security advisory was originally issued.</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of ABB PSIRT 7PAA024620 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-25</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-25</td>\n<td>1</td>\n<td>Initial version.</td>\n</tr>\n<tr>\n<td>2026-07-14</td>\n<td>2</td>\n<td>Initial CISA Republication of ABB PSIRT 7PAA024620 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-02", "image": "", "published": "Tue, 14 Jul 26 12:00:00 +0000" } }, { "id": "15f655679badc34262cf62f22ae2059cf93610af", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "ABB Advant Master Online Builder", "summary": "View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory, where an incorrect version of Online Builder (ONB) was included in the media. An update is available that resolves the vulnerability, see details in Recommended immediate actions. The following versions of ABB Advant Master Online Builder are affected: Control Builder A", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-01", "image": "", "published": "2026-07-14T12:00:00+00:00", "score": 88.69, "color": "#ff5bd1", "raw": { "title": "ABB Advant Master Online Builder", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-195-01_drupal.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>ABB became aware of vulnerability in the products versions listed as affected in the advisory, where an incorrect version of Online Builder (ONB) was included in the media. An update is available that resolves the vulnerability, see details in Recommended immediate actions.</strong></p>\n<p>The following versions of ABB Advant Master Online Builder are affected:</p>\n<ul>\n<li>Control Builder A <=1.4/4 (CVE-2025-13162)</li>\n<li>800xA for Advant Master <=6.0.3-1, <=6.1.1-1, 6.1.1-3, 6.2.0-1 (CVE-2025-13162, CVE-2025-13162, CVE-2025-13162, CVE-2025-13162)</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 4.4</td>\n<td>ABB</td>\n<td>ABB Advant Master Online Builder</td>\n<td>Uncontrolled Search Path Element</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Switzerland</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-13162</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The application improperly handles the search path for loading DLL´s, potentially allowing unauthorized libraries from untrusted directories. An attacker who obtains the necessary access could exploit the vulnerability leading to unauthorized code execution and compromising system integrity.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-13162\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ABB Advant Master Online Builder</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ABB</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ABB Control Builder A <=1.4/4, ABB 800xA for Advant Master <=6.0.3-1, ABB 800xA for Advant Master <=6.1.1-1, ABB 800xA for Advant Master 6.1.1-3, ABB 800xA for Advant Master 6.2.0-1</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>ABB has investigated the vulnerability and remediated it in the newly released versions. The vulnerability has been resolved in the product versions listed as fixed in the advisory. - Version 6.1.1-2 does not contain this vulnerability and therefore no update is required. The vulnerability was again introduced in 6.1.1-3 when an older ONB version was included in the release media. - Version 6.1.1-4 do not contain this vulnerability but present version 6.1.1-3 by 800xA System Installer and System Configuration Console (SCC). Version 6.1.1-4 is therefore withdrawn. - Version 6.2.0-2 do not contain this vulnerability but present version 6.2.0-1 by 800xA System Installer and System Configuration Console (SCC). Version 6.2.0-2 is therefore withdrawn. ABB recommends that customers apply the update at their earliest convenience. - Control Builder A: It is recommended to update Control Builder A to version 1.4/5 or later. - 800xA for Advant Master: - Versions 6.0.3-1 and earlier, - Versions 6.1.1-1 and earlier, - Versions 6.1.1-2, 6.1.1-3, and 6.1.1-4 should be updated to version 6.1.1-5 or later. - 800xA for Advant Master: - Versions 6.2.0-1 and 6.2.0-2 should be updated to version 6.2.0-3 or later.</p>\n<p><strong>Mitigation</strong><br>Since it is required that the attacker has access to the system, it is important that all users that have access to the system are managed as recommended by ABB guidelines. - Allow only authorized users to log on to the system and enforce strong passwords that are changed regularly. - Restrict temporary connection of portable computers, USB memory devices and other removable data carriers. Computers that can be physically accessed by regular users should have ports for removable data carriers disabled or at least managed to only allow intended device types. For more information on recommended practices, see [1].</p>\n<p><strong>Workaround</strong><br>The recommendation is to upgrade to a version where the vulnerability is corrected. If an upgrade Is not possible and a workaround is needed, contact ABB Support.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/427.html\">CWE-427 Uncontrolled Search Path Element</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.4</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N\">CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>ABB PSIRT reported this vulnerability to CISA.</li>\n</ul>\n<hr>\n<h2>Notice</h2>\n<p>The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p>\n<hr>\n<h2>Frequently Asked Questions</h2>\n<p>What is the scope of vulnerability? - An attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. What causes the vulnerability? - The vulnerability is caused by not having restricted permission on an application directory where DLL files are stored. What is Advant Master Online Builder? - Online Builder is part of Control Builder A, being a set of applications for configuration and programming of Advant Master controllers. Online Builder is also part of 800xA for Advant Master, an extension package to System 800xA connecting to Advant Master controllers. What might an attacker use the vulnerability to do? - An attacker who successfully exploited this vulnerability can run arbitrary code in an affected node. How could an attacker exploit the vulnerability? - An attacker who obtains the necessary access could exploit vulnerability by placing malicious DLL´s in the unrestricted application directory, leading to unauthorized code execution and compromising system integrity. Could the vulnerability be exploited remotely? - No, to exploit this vulnerability an attacker would need to have physical access to an affected system node. Can functional safety be affected by an exploit of this vulnerability? - No. What does the update do? - The update of the Online Builder (ONB) resolves the vulnerability by adding restrictions to the application folder, requiring authentication. When this security advisory was issued, had this vulnerability been publicly disclosed? - No, ABB identified this vulnerability through its internal security assessment and verification processes. When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited? - No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued.</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of ABB PSIRT 7PAA020047 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-23</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-23</td>\n<td>1</td>\n<td>Initial version.</td>\n</tr>\n<tr>\n<td>2026-07-14</td>\n<td>2</td>\n<td>Initial CISA Republication of ABB PSIRT 7PAA020047 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-01", "image": "", "published": "Tue, 14 Jul 26 12:00:00 +0000" } }, { "id": "bbf08da311c854a7afd230eb83bd4cabf4b98809", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "ABB T-MAC Plus", "summary": "View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways. The following versions of ABB T-MAC Plus are affected: T-MAC Plus 4.0-24 (CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, CVE-2025-14774) CVSS Vendor Equipment Vulnerabilities v3 9.9 ABB ABB T-MAC Plus Files or Directories Accessible to External Parties, Authorization Bypass Through User-Controlled Key, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Incorrect Authorization Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CV…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-03", "image": "", "published": "2026-07-14T12:00:00+00:00", "score": 88.69, "color": "#ff5bd1", "raw": { "title": "ABB T-MAC Plus", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-195-03_drupal.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways.</strong></p>\n<p>The following versions of ABB T-MAC Plus are affected:</p>\n<ul>\n<li>T-MAC Plus 4.0-24 (CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, CVE-2025-14774)</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 9.9</td>\n<td>ABB</td>\n<td>ABB T-MAC Plus</td>\n<td>Files or Directories Accessible to External Parties, Authorization Bypass Through User-Controlled Key, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Incorrect Authorization</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Switzerland</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-14771</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>File Disclosure in ABB T-MAC Plus web application allows authenticated users to exfiltrate files containing sensitive information via crafted HTTP GET request.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-14771\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ABB T-MAC Plus</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ABB</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ABB T-MAC Plus 4.0-24</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>ABB has investigated these vulnerabilities to provide adequate protection to customers. The problem is corrected in the following product versions: T-MAC Plus version 4.0-25 ABB recommends that customers apply the update at earliest convenience.</p>\n<p><strong>Mitigation</strong><br>The misconfigurations on the IIS server, which were reported to security auditing, have been corrected. File Browsing Feature was enabled on that IIS server. That feature along with the default IIS site has been removed.</p>\n<p><strong>Workaround</strong><br>Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/552.html\">CWE-552 Files or Directories Accessible to External Parties</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>9.9</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-14772</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Broken access controls in ABB T-MAC Plus web application allows unprivileged users to performs administrative operations</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-14772\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ABB T-MAC Plus</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ABB</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ABB T-MAC Plus 4.0-24</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>ABB has investigated these vulnerabilities to provide adequate protection to customers. The problem is corrected in the following product versions: T-MAC Plus version 4.0-25 ABB recommends that customers apply the update at earliest convenience.</p>\n<p><strong>Mitigation</strong><br>ABB T-MAC Plus web application supports several classes of users (e.g., Admin, Customer, Operator, etc.) with different roles. An authenticated user with low privileges (e.g., Customer) can execute administrative operations. The privileges associated to the different users have been revised and applied correctly.</p>\n<p><strong>Workaround</strong><br>Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/639.html\">CWE-639 Authorization Bypass Through User-Controlled Key</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-14773</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Stored Cross-Site Scripting (XSS) in ABB T-MAC Plus web application allows authenticated users to execute arbitrary HTML or JavaScript code on victims browser.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-14773\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ABB T-MAC Plus</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ABB</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ABB T-MAC Plus 4.0-24</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>ABB has investigated these vulnerabilities to provide adequate protection to customers. The problem is corrected in the following product versions: T-MAC Plus version 4.0-25 ABB recommends that customers apply the update at earliest convenience.</p>\n<p><strong>Mitigation</strong><br>A DOM-based XSS vulnerability is present. If a malicious actor gains access to the operations network and can create or edit an existing entity, they could insert malicious JavaScript code to be executed in the web forms. New T-MAC Plus version 4.0-25 will correct the vulnerability.</p>\n<p><strong>Workaround</strong><br>Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/79.html\">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-14774</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Insecure network protocol in ABB T-MAC Plus allows unauthenticated attackers to perform a denial-of-service (DoS) of the Card Reader service.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-14774\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ABB T-MAC Plus</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ABB</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ABB T-MAC Plus 4.0-24</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>ABB has investigated these vulnerabilities to provide adequate protection to customers. The problem is corrected in the following product versions: T-MAC Plus version 4.0-25 ABB recommends that customers apply the update at earliest convenience.</p>\n<p><strong>Mitigation</strong><br>If a malicious actor gains physical access to a serial device, disables it, connects a malicious device with same IP address, and sends a specially crafted message, the service responsible for communicating with the device will be blocked until a manual restart is performed. New T-MAC Plus version 4.0-25 will correct the vulnerability.</p>\n<p><strong>Workaround</strong><br>Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/863.html\">CWE-863 Incorrect Authorization</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.4</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Angelo Catalani of the Italian National Cybersecurity Agency (ACN) responsibly disclosed the vulnerabilities and provided valuable input on product improvements.</li>\n</ul>\n<hr>\n<h2>Notice</h2>\n<p>The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p>\n<hr>\n<h2>Frequently Asked Questions</h2>\n<p>What causes the vulnerability? - The vulnerabilities are caused by: - Wrong configuration in T-MAC Plus IIS Server. - Wrong configuration of privileges of users. - Lack of encryption in communication protocol. What is T-MAC Plus? - T-MAC Plus is a Terminal Management System (TMS) that handles the different operations (receipt and dispatch product, access control, product movement in the tank farm, …) in a terminal. It is applicable to different type of products such as chemical and petroleum terminals, pipeline or refinery tankage, bulk plants or hydrogen terminals. The following components are affected: - TMAC Plus Web application - Communication protocol with Card Readers What might an attacker use the vulnerability to do? - An attacker who successfully exploited this vulnerability could cause the affected system node to stop or become inaccessible and allow the attacker to insert and run arbitrary code. How could an attacker exploit the vulnerability? - An attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system node. This would require that the attacker has access to the system network, by connecting to the network directly. Recommended practices help mitigate such attacks, see section Mitigating Factors. Could the vulnerability be exploited remotely? - No, to exploit this vulnerability an attacker would need to have physical access to an affected system node. Can functional safety be affected by an exploit of this vulnerability? - While these vulnerabilities primarily impact confidentiality, integrity, and availability, they do not directly affect functional safety in the traditional sense What does the update do? - The update removes the vulnerability by modifying the way that the T-MAC Plus web application and the communication protocol are configured. When this security advisory was issued, had this vulnerability been publicly disclosed? - No, ABB received information about this vulnerability through responsible disclosure. When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited? - No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally.</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of ABB PSIRT 9AKK108472A7840 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-03</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-03</td>\n<td>1</td>\n<td>Initial version.</td>\n</tr>\n<tr>\n<td>2026-07-14</td>\n<td>2</td>\n<td>Initial CISA Republication of ABB PSIRT 9AKK108472A7840 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-03", "image": "", "published": "Tue, 14 Jul 26 12:00:00 +0000" } }, { "id": "2038d571773b04944b93b5fc66a3b2442612e54b", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Urges SharePoint Hardening After New Exploitations", "summary": "CISA is aware of active exploitation of vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling cyber threat actors to gain unauthorized access to on-premises SharePoint Server instances. These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware. Organizations should monitor affected SharePoint Servers closely for any signs of exploitation or unusual activity. Additionally, the following newly disclosed CVEs are not yet known to have been exploited, but Microsoft has identified them as posing a potential risk if left unpatched: CVE-2026-55040 CVE-2026-58644 CISA urges orga…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations", "image": "", "published": "2026-07-14T12:00:00+00:00", "score": 88.69, "color": "#ff5bd1", "raw": { "title": "CISA Urges SharePoint Hardening After New Exploitations", "summary": "<p>CISA is aware of active exploitation of vulnerabilities <a href=\"https://www.cve.org/CVERecord?id=CVE-2026-32201\" target=\"_blank\">CVE-2026-32201</a>, <a href=\"https://www.cve.org/CVERecord?id=CVE-2026-45659\" target=\"_blank\">CVE-2026-45659</a>, and <a href=\"https://www.cve.org/CVERecord?id=CVE-2026-56164\" target=\"_blank\">CVE-2026-56164</a>, enabling cyber threat actors to gain unauthorized access to on-premises SharePoint Server instances. These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware. Organizations should monitor affected SharePoint Servers closely for any signs of exploitation or unusual activity. </p>\n<p>Additionally, the following newly disclosed CVEs are not yet known to have been exploited, but Microsoft has identified them as posing a potential risk if left unpatched:</p>\n<ul type=\"square\">\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-55040\" target=\"_blank\">CVE-2026-55040</a></li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-58644\" target=\"_blank\">CVE-2026-58644</a></li>\n</ul>\n<p>CISA urges organizations to detect and remediate a potential compromise by implementing the following recommendations:</p>\n<ul type=\"square\">\n<li>Apply the latest patches and security updates from Microsoft, verify that installation completes successfully, and shorten patching cycles when possible.</li>\n<li>Verify that Antimalware Scan Interface (AMSI) integration is enabled for each SharePoint web application. Follow Microsoft’s <a href=\"https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/configure-amsi-integration\" target=\"_blank\">Configure AMSI integration with SharePoint Server</a> guidance to ensure proper configuration and select the “Full Mode” option for the Request Body Scan Mode, where feasible. When compromise is expected, use the following AMSI and Microsoft Defender Antivirus (MDAV) detections, and implement your organization’s incident response plan for any positive detections:<br>\n<ul type=\"circle\">\n<li>AMSI: <code>Exploit:Script/SuspSignoutReqBody.A</code> – request body scanning; SharePoint Server Subscription only; Microsoft has blocked observed attempts.</li>\n<li>AMSI: <code>Exploit:Script/ToolPaneAuthBypass.A</code> – request header scanning; SharePoint Server 2016, 2019, and Subscription Edition.</li>\n<li>AMSI: <code>Exploit:Script/ToolPaneAuthBypass.C</code> – RCE coverage; SharePoint Server 2016, 2019, and Subscription Edition.</li>\n<li>MDAV: <code>Backdoor:MSIL/LeakFang.A!dha</code> – post-exploitation activity alert involving IIS-protected secrets.</li>\n</ul>\n</li>\n</ul>\n<p>In addition, CISA recommends that organizations implement the following SharePoint Server hardening measures:</p>\n<ul type=\"square\">\n<li>Before rotating IIS machine keys, hunt for and remediate any intrusion artifacts, including machine-key harvesters, that could allow for the keys to be stolen again. Review Microsoft’s <a href=\"https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/improved-asp-net-view-state-security-key-management#automatic-machine-key-rotation\" target=\"_blank\">Improved ASP.NET view state security and key management</a> for best practices.</li>\n<li>Establish tailored logging mechanisms to detect and monitor exploitation activities. Review telemetry for anomalous requests, suspicious SharePoint worker-process activity, webshells, and machine-key access. For more information, see CISA’s <a href=\"https://www.cisa.gov/resources-tools/resources/best-practices-event-logging-and-threat-detection\">Best Practices for Event Logging and Threat Detection</a>.</li>\n<li>Avoid exposing SharePoint Servers directly to the internet unless necessary; and if necessary, only configure a SharePoint Server behind a Layer 7 reverse proxy or equivalent application-layer security control that requires authentication and can inspect and filter requests. </li>\n<li>Block external access to SharePoint Central Administration, restrict farm and database communications to required systems, and review <a href=\"https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/security-hardening\" target=\"_blank\">Microsoft’s SharePoint Server security-hardening guidance</a> for role-specific ports, services, and <code>Web.config</code> settings.</li>\n</ul>\n<p>CISA urges users and administrators to review the Alert <a href=\"https://www.cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities\">UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities</a> and apply necessary updates.</p>\n<p>CISA added the following vulnerabilities to its <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>: CVE-2026-32201 on April 14, 2026; CVE-2026-45659 on July 1, 2026; and CVE-2026-56164 on July 14, 2026. </p>\n<p><strong>Note:</strong> CISA may update this Alert to reflect new guidance issued by CISA or other parties.</p>\n<p>Organizations should report incidents or anomalous activity to CISA via CISA’s 24/7 Operations Center at <a href=\"mailto:contact@cisa.dhs.gov\">contact@cisa.dhs.gov</a> or 1-844-Say-CISA (1-844-729-2472).</p>\n<h2><strong>Disclaimer</strong></h2>\n<p>The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. </p>\n<h2><strong>Acknowledgements </strong></h2>\n<p>Microsoft contributed to this Alert.</p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations", "image": "", "published": "Tue, 14 Jul 26 12:00:00 +0000" } }, { "id": "cb872bfdcd17fe232b4a84ca72077f36f0d71480", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Rockwell Automation 1715-AENTR EtherNet/IP Adapter", "summary": "View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device. The following versions of Rockwell Automation 1715-AENTR EtherNet/IP Adapter are affected: 1715-AENTR EtherNet/IP Adapter", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-04", "image": "", "published": "2026-07-14T12:00:00+00:00", "score": 88.69, "color": "#ff5bd1", "raw": { "title": "Rockwell Automation 1715-AENTR EtherNet/IP Adapter", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-195-04.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of this vulnerability could allow an attacker to read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device.</strong></p>\n<p>The following versions of Rockwell Automation 1715-AENTR EtherNet/IP Adapter are affected:</p>\n<ul>\n<li>1715-AENTR EtherNet/IP Adapter <=3.003 (CVE-2026-10577)</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 10</td>\n<td>Rockwell Automation</td>\n<td>Rockwell Automation 1715-AENTR EtherNet/IP Adapter</td>\n<td>Missing Authentication for Critical Function</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Energy, Water and Wastewater, Critical Manufacturing</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>United States</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-10577</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-10577\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Rockwell Automation 1715-AENTR EtherNet/IP Adapter</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Rockwell Automation</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Rockwell Automation 1715-AENTR EtherNet/IP Adapter: <=3.003</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Rockwell Automation recommends that users update to 1715-AENTR EtherNet/IP Adapter version 3.011 and later.</p>\n<p><strong>Mitigation</strong><br>Rockwell Automation recommends users of the affected software who are not able to upgrade to one of the corrected versions should use their security best practices.<br><a href=\"https://support.rockwellautomation.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">https://support.rockwellautomation.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight</a></p>\n<p><strong>Mitigation</strong><br>For more information, see the Rockwell Automation security advisory SD1785<br><a href=\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1785.html\">https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1785.html</a></p>\n<p><strong>Mitigation</strong><br>If you have any questions regarding this security issue and how to mitigate it,contact Rockwell Automation for help.<br><a href=\"https://www.rockwellautomation.com/en-us/company/about-us/contact-us.html\">https://www.rockwellautomation.com/en-us/company/about-us/contact-us.html</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/306.html\">CWE-306 Missing Authentication for Critical Function</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>10</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>10</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Rockwell Automation reported this vulnerability to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-14</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-14</td>\n<td>1</td>\n<td>Initial Republication of Rockwell Automation security advisory SD1785.</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-04", "image": "", "published": "Tue, 14 Jul 26 12:00:00 +0000" } }, { "id": "7ebb5805784ee7abe2cf8ef30aa8afbdae41df71", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Adds One Known Exploited Vulnerability to Catalog", "summary": "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-ri…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/13/cisa-adds-one-known-exploited-vulnerability-catalog", "image": "", "published": "2026-07-13T12:00:00+00:00", "score": 77.02, "color": "#ff5bd1", "raw": { "title": "CISA Adds One Known Exploited Vulnerability to Catalog", "summary": "<p>CISA has added one new vulnerability to its <a href=\"https://edit.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>\n<ul type=\"square\">\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2008-4128\" target=\"_blank\">CVE-2008-4128</a> Cisco IOS Cross-Site Request Forgery Vulnerability</li>\n</ul>\n<p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.</p>\n<p><a href=\"https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk\">Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk</a> establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.</p>\n<p>While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">KEV Catalog vulnerabilities</a>. CISA will continue to add vulnerabilities to the catalog that meet the <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog/reducing-significant-risk-known-exploited-vulnerabilities\">specified criteria</a>.</p>\n<p>Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s <a class=\"ext\" href=\"https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_1Zwu52kgK2OYf3w\" target=\"_blank\">KEV Nomination Form</a>. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. </p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/13/cisa-adds-one-known-exploited-vulnerability-catalog", "image": "", "published": "Mon, 13 Jul 26 12:00:00 +0000" } }, { "id": "2e5a03c9025ea045ba3297be148185ed2939ea37", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting", "summary": "Russian Government-Sponsored Activity Targets Poorly Configured and Vulnerable Devices Across Critical Sectors Executive summary Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks. This joint Cybersecurity Advisory (CSA) builds on FBI’s Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure Public Service Announcement of the decade-plus FSB Center 16 cyber activity by providing additional tactics, techniques, and procedures (TTPs) to enable defenders to more fully understand and counter the threat. [1] This CSA is being released by the following authoring and co-sealing agencies: United States National Security Agency (NSA) United States Cybersecurity and Infrastructure Security Agen…", "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a", "image": "https://www.cisa.gov/sites/default/files/styles/large/public/2026-07/Figure%201%20FSB%20Center%2016%20activity%20and%20recommended%20mitigation%20actions.png?itok=oYxdyna4", "published": "2026-07-13T12:00:00+00:00", "score": 77.02, "color": "#ff5bd1", "raw": { "title": "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting", "summary": "<p>Russian Government-Sponsored Activity Targets Poorly Configured and Vulnerable Devices Across Critical Sectors</p>\n<h2><strong>Executive summary</strong></h2>\n<p>Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks. This joint Cybersecurity Advisory (CSA) builds on FBI’s <a href=\"https://www.ic3.gov/PSA/2025/PSA250820\" target=\"_blank\">Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure</a> Public Service Announcement of the decade-plus FSB Center 16 cyber activity by providing additional tactics, techniques, and procedures (TTPs) to enable defenders to more fully understand and counter the threat. [<a href=\"#Work1\">1</a>] </p>\n<p>This CSA is being released by the following authoring and co-sealing agencies: </p>\n<ul type=\"square\">\n<li>United States National Security Agency (NSA)</li>\n<li>United States Cybersecurity and Infrastructure Security Agency (CISA)</li>\n<li>United States Federal Bureau of Investigation (FBI)</li>\n<li>United States Department of Defense Cyber Crime Center (DC3)</li>\n<li>Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)</li>\n<li>Communications Security Establishment Canada’s (CSE’s) Canadian Centre for Cyber Security (Cyber Centre)</li>\n<li>New Zealand National Cyber Security Centre (NCSC-NZ)</li>\n<li>United Kingdom National Cyber Security Centre (NCSC-UK)</li>\n<li>Czech Republic National Cyber and Information Security Agency (NÚKIB)<a href=\"#Foot1\"><sup>1</sup></a> </li>\n<li>Danish Defence Intelligence Service (DDIS)<a href=\"#Foot2\"><sup>2 </sup></a></li>\n<li>Estonian Foreign Intelligence Service (EFIS)<a href=\"#Foot3\"><sup>3</sup></a> </li>\n<li>Estonian Information System Authority (RIA)<a href=\"#Foot4\"><sup>4</sup></a></li>\n<li>Finnish Defence Intelligence (FDI)<a href=\"#Foot5\"><sup>5</sup></a></li>\n<li>Finnish Security and Intelligence Service (SUPO)<a href=\"#Foot6\"><sup>6</sup></a></li>\n<li>French National Cybersecurity Agency (ANSSI)<a href=\"#Foot7\"><sup>7</sup></a></li>\n<li>Italian External Intelligence and Security Agency (AISE)<a href=\"#Foot8\"><sup>8 </sup></a></li>\n<li>Italian Internal Intelligence and Security Agency (AISI)<a href=\"#Foot9\"><sup>9</sup></a></li>\n<li>The Military Counterintelligence Service of Poland (SKW)<a href=\"#Foot10\"><sup>10 </sup></a></li>\n<li>Sweden National Cyber Security Centre (NCSC-SE)<a href=\"#Foot11\"><sup>11 </sup></a></li>\n</ul>\n<p>The authoring and co-sealing agencies strongly urge device owners and network defenders to take mitigation and remediation actions against Russian government-sponsored exploitation of vulnerable routers.</p>\n\n\n\n<figure class=\"c-figure c-figure--image\" role=\"group\">\n \n <div class=\"c-figure__media\"> <img loading=\"lazy\" src=\"https://www.cisa.gov/sites/default/files/styles/large/public/2026-07/Figure%201%20FSB%20Center%2016%20activity%20and%20recommended%20mitigation%20actions.png?itok=oYxdyna4\" width=\"1024\" height=\"576\" alt=\"Adversary Techniques and corresponding Mitigation Actions as described in the Technical details and Mitigation actions sections.\">\n\n\n\n</div>\n <figcaption class=\"c-figure__caption\">Figure 1: FSB Center 16 activity and recommended mitigation actions</figcaption>\n </figure>\n<p>Download the PDF version of this report:</p>\n<ul>\n<li><a href=\"https://media.defense.gov/2026/Jul/09/2003959498/-1/-1/0/CSA_IMPROVE_ROUTER_HYGIENE.PDF\" target=\"_blank\">Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting</a> (PDF, 816KB)</li>\n</ul>\n<h2><strong>Cybersecurity industry tracking </strong></h2>\n<p>The cybersecurity industry provides overlapping cyber threat intelligence, indicators of compromise (IOCs), and mitigation recommendations related to this activity. Although not all encompassing, the following list contains the most notable threat group names commonly used within the cybersecurity community related to this activity: </p>\n<ul type=\"disc\">\n<li>Berserk Bear </li>\n<li>Energetic Bear</li>\n<li>Crouching Yeti </li>\n<li>Dragonfly</li>\n<li>Ghost Blizzard</li>\n<li>Static Tundra</li>\n</ul>\n<p>Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this list may not provide a 1:1 correlation to the authoring agencies’ understanding for all activity related to these groupings.</p>\n<h2><strong>Targeting details</strong></h2>\n<p>Critical infrastructure sectors most at risk from the Russian Federal Security Service (FSB) Center 16 cyber actors’ targeting include:</p>\n<ul type=\"disc\">\n<li>Communications,</li>\n<li>Defense Industrial Base,</li>\n<li>Energy,</li>\n<li>Financial Services,</li>\n<li>Government Services and Facilities, especially organizations at the state and local level, and</li>\n<li>Healthcare and Public Health.</li>\n</ul>\n<h2><strong>Technical details</strong></h2>\n<p><strong>Note: </strong>This advisory uses the <a href=\"https://attack.mitre.org/versions/v19/matrices/enterprise/\" target=\"_blank\">MITRE ATT&CK® Matrix for Enterprise</a><a href=\"#Foot12\"><sup>12</sup></a> framework, version 19. See <a href=\"#AppA\"><strong>Appendix A</strong></a> for tables of the activity mapped to MITRE ATT&CK tactics and techniques. This advisory also uses MITRE DEFEND<sup>TM</sup> version 1.4.0.</p>\n<p>The Russian FSB Center 16 cyber actors primarily use scanning to identify poorly configured networking devices, primarily routers, for exploitation. The actors scan for Internet IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default community strings for authentication [<a href=\"https://attack.mitre.org/versions/v19/techniques/T1595/001/\" target=\"_blank\">T1595.001</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1595/002/\" target=\"_blank\">T1595.002</a>]. These scans, run via proxies, consist of SNMP Set-Requests from a spoofed IP address [<a href=\"https://attack.mitre.org/versions/v19/techniques/T1027/\" target=\"_blank\">T1027</a>] containing Object Identifiers (OIDs) that instruct the SNMP agent on poorly configured networking devices to [<a href=\"https://attack.mitre.org/versions/v19/techniques/T1569/\" target=\"_blank\">T1569</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1602/001/\" target=\"_blank\">T1602.001</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1090/\" target=\"_blank\">T1090</a>]:</p>\n<ul type=\"disc\">\n<li>Copy its configuration to a file, often called “config.bkp” or “output.txt” [<a href=\"https://attack.mitre.org/versions/v19/techniques/T1003/\" target=\"_blank\">T1003</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1602/002/\" target=\"_blank\">T1602.002</a>].</li>\n<li>Transfer the file, typically using Trivial File Transfer Protocol (TFTP), to an actor-controlled leased virtual private server (VPS) or compromised FTP server [<a href=\"https://attack.mitre.org/versions/v19/techniques/T1583/003/\" target=\"_blank\">T1583.003</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1090/\" target=\"_blank\">T1090</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1071/\" target=\"_blank\">T1071</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1048/\" target=\"_blank\">T1048</a>].</li>\n</ul>\n<p>While SNMP scanning is the primary method the actors use to discover and exploit poorly configured networking devices, they occasionally exploit common vulnerabilities and exposures (CVEs) in Cisco devices, Cisco’s Smart Install (SMI) functionality, and web portals to manage network devices. The actors previously exploited at least the following CVEs [<a href=\"https://attack.mitre.org/versions/v19/techniques/T1584/008/\" target=\"_blank\">T1584.008</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1588/005/\" target=\"_blank\">T1588.005</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1190/\" target=\"_blank\">T1190</a>, <a href=\"https://attack.mitre.org/versions/v19/techniques/T1068/\" target=\"_blank\">T1068</a>]: </p>\n<ul type=\"disc\">\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2018-0171\" target=\"_blank\">CVE-2018-0171</a></li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2008-4128\" target=\"_blank\">CVE-2008-4128</a><a href=\"#Foot13\"><sup>13</sup></a></li>\n</ul>\n<p>Many of these TTPs overlap with activity by other malicious cyber actors, such as <a href=\"https://media.defense.gov/2025/Aug/22/2003786665/-1/-1/0/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF\" target=\"_blank\">Salt Typhoon</a>. Even though this CSA focuses on Russian FSB Center 16 cyber activity, the mitigations below should detect and counter these and similar TTPs used by other actors.</p>\n<h2><strong>Mitigation actions</strong></h2>\n<p>The authoring agencies highly recommend network defenders implement the following mitigations to harden networks against this exploitation:</p>\n<ul>\n<li>Disable Cisco Smart Install on all devices [<a href=\"https://d3fend.mitre.org/technique/d3f:ApplicationConfigurationHardening\" target=\"_blank\">D3-ACH</a>]. [<a href=\"#Work2\">2</a>]</li>\n<li>Use SNMPv3 with “authPriv” configured to the most modern encryption standard that is supported by the device instead of SNMPv1 or SNMPv2 [<a href=\"https://d3fend.mitre.org/technique/d3f:ApplicationConfigurationHardening\" target=\"_blank\">D3-ACH</a>]. [<a href=\"#Work3\">3</a>]\n<ul>\n<li>Disable SNMPv1 and SNMPv2. These are legacy protocols and should no longer be needed on current devices. If they are necessary, change all community strings from defaults and only allow read-only community strings rather than read-write access.</li>\n<li>SNMPv3 adds strong authentication and data encryption that are unavailable in SNMPv1 and v2. SNMPv3 replaces clear text shared passwords, known as community strings, with more securely encoded parameters, and authenticates and encrypts data [<a href=\"https://d3fend.mitre.org/technique/d3f:MessageAuthentication\" target=\"_blank\">D3-MAN</a>, <a href=\"https://d3fend.mitre.org/technique/d3f:MessageEncryption\" target=\"_blank\">D3-MENCR</a>].</li>\n</ul>\n</li>\n<li>Use strong, unique passwords for local accounts on network devices and configure credentials to be stored securely to prevent reuse of compromised passwords [<a href=\"https://d3fend.mitre.org/technique/d3f:CredentialHardening\" target=\"_blank\">D3-CH</a>].\n<ul>\n<li>Cisco devices protect passwords in the configuration file using different hashing types. Use hashing type 8 for user credentials. Avoid using hashing type 0, 4, and 7 as they are insecure or store passwords in plaintext in the configuration file. [<a href=\"#Work4\">4</a>]</li>\n<li>Monitor for unusual credentials that do not conform to standard organizational naming conventions [<a href=\"https://d3fend.mitre.org/technique/d3f:PlatformMonitoring\" target=\"_blank\">D3-PM</a>]. </li>\n<li> Monitor for and alert on logins using local accounts. Local accounts should only be used in emergency situations when accounts supported by centralized authentication servers are unavailable. Centralized authentication to network devices should support multi-factor authentication where feasible. [<a href=\"#Work3\">3</a>]</li>\n</ul>\n</li>\n<li>Monitor and restrict access to SNMP OIDs using a Management Information Base (MIB) allow list [<a href=\"https://d3fend.mitre.org/technique/d3f:ApplicationConfigurationHardening\" target=\"_blank\">D3-ACH</a>]. [<a href=\"#Work5\">5</a>] Reference the vendor-specific MIB for the network devices and monitor OIDs for indications of reconnaissance or misconfiguration in logs or intrusion detection systems (IDS). IDS rules should be written for inbound SNMP Set-Requests that contain OIDs targeting sensitive device data [<a href=\"https://d3fend.mitre.org/technique/d3f:PlatformMonitoring\" target=\"_blank\">D3-PM</a>].<br>\n<ul type=\"square\">\n<li>Example OIDs include:\n<ul>\n<li>1.3.6.1.4.1.9.9.96.1.1 (Cisco Config Copy)</li>\n<li>1.3.6.1.4.1.9.9.96.1.1.1.1.5 (Config Copy Server Address, value for this OID is where the configuration file is being sent to) </li>\n</ul>\n</li>\n</ul>\n</li>\n<li>Restrict management protocols [<a href=\"https://d3fend.mitre.org/technique/d3f:NetworkTrafficFiltering\" target=\"_blank\">D3-NTF</a>].\n<ul>\n<li>Use Access Control Lists (ACLs) to only allow management protocols, such as SNMP, from management devices, preferably on an out-of-band network. [<a href=\"#Work3\">3</a>]</li>\n<li>On edge firewalls and devices deny all external communications on the following ports unless mission critical, with strict monitoring if blocking is not feasible:\n<ul>\n<li>User Datagram Protocol (UDP) port 69 (TFTP) </li>\n<li>Transmission Control Protocol (TCP) port 4786 (SMI)</li>\n<li>UDP ports 161 and 162 (SNMP)</li>\n<li>TCP/UDP ports 10161 and 10162 (SNMPv3)</li>\n</ul>\n</li>\n</ul>\n</li>\n<li>Update network device software and firmware images, especially to patch known vulnerabilities, and upgrade end-of-life devices to supported ones. <br>\n<ul type=\"square\">\n<li>Use an attack surface management service to identify and secure Internet-facing systems with weak configurations and known vulnerabilities [<a href=\"https://d3fend.mitre.org/technique/d3f:NetworkVulnerabilityAssessment\" target=\"_blank\">D3-NVA</a>].\n<ul>\n<li>U.S.-based federal, state, local, tribal, and territorial governments and U.S. critical infrastructure organiztions should consider signing up for CISA’s no-cost <a href=\"https://www.cisa.gov/cyber-hygiene-services\">Cyber Hygiene services</a>.</li>\n<li>U.S. Defense Industrial Base organizations should consider signing up for <a href=\"https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/DIB-Cybersecurity-Services/\" target=\"_blank\">NSA’s DIB Cybersecurity Services</a>.</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<h2><strong>Resources</strong></h2>\n<p><strong>United States:</strong></p>\n<ul type=\"disc\">\n<li><a href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/russia\">Russia Threat Overview and Advisories</a></li>\n<li><a href=\"https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF\" target=\"_blank\">Network Infrastructure Security Guide</a></li>\n</ul>\n<p><strong>Canada:</strong></p>\n<ul type=\"disc\">\n<li><a href=\"https://www.cyber.gc.ca/en/guidance/routers-cyber-security-best-practices-itsap80019\" target=\"_blank\">Routers cyber security best practices (ITSAP.80.019)</a></li>\n<li><a href=\"https://www.cyber.gc.ca/en/guidance/security-considerations-edge-devices-itsm80101\" target=\"_blank\">Security considerations for edge devices (ITSM.80.101)</a></li>\n<li><a href=\"https://www.cyber.gc.ca/en/guidance/guidance-securely-configuring-network-protocols-itsp40062\" target=\"_blank\">Guidance on securely configuring network protocols (ITSP.40.062)</a></li>\n<li><a href=\"https://www.cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-version-20-itsp80022\" target=\"_blank\">Baseline security requirements for network security zones (ITSP.80.022)</a></li>\n<li><a href=\"https://www.cyber.gc.ca/en/guidance/top-10-it-security-actions-protect-internet-connected-networks-and-information-itsm10089\" target=\"_blank\">Top 10 IT security actions to protect Internet-connected networks and information (ITSM.10.089)</a></li>\n</ul>\n<h2><strong>Works cited</strong></h2>\n<p>[<a class=\"ck-anchor\" id=\"Work1\">1</a>] FBI. Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. Alert Number: I-082025-PSA. 2025. <a href=\"https://www.ic3.gov/PSA/2025/PSA250820\" target=\"_blank\">https://www.ic3.gov/PSA/2025/PSA250820</a></p>\n<p>[<a class=\"ck-anchor\" id=\"Work2\">2</a>] NSA. Cisco Smart Install Protocol Misuse. 2017. <a href=\"https://media.defense.gov/2019/Jul/16/2002157833/-1/-1/0/CSA-CISCO-SMART-INSTALL-PROTOCOL-MISUSE.PDF\" target=\"_blank\">https://media.defense.gov/2019/Jul/16/2002157833/-1/-1/0/CSA-CISCO-SMART-INSTALL-PROTOCOL-MISUSE.PDF</a></p>\n<p>[<a class=\"ck-anchor\" id=\"Work3\">3</a>] NSA. Network Infrastructure Security Guide. 2023. <a href=\"https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF\" target=\"_blank\">https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF</a></p>\n<p>[<a class=\"ck-anchor\" id=\"Work4\">4</a>] NSA. Cybersecurity Information Sheet Cisco Password Types: Best Practices. 2022. <a href=\"https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/0/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDF\" target=\"_blank\">https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/0/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDF</a></p>\n<p>[<a class=\"ck-anchor\" id=\"Work5\">5</a>] NSA. Cybersecurity Information Sheet: Reducing the Risk of Simple Network Management Protocol (SNMP) Abuse. 2026. <a href=\"https://media.defense.gov/2026/Jul/09/2003959459/-1/-1/0/CSI_REDUCING_RISK_OF_SNMP_ABUSE.PDF\" target=\"_blank\">https://media.defense.gov/2026/Jul/09/2003959459/-1/-1/0/CSI_REDUCING_RISK_OF_SNMP_ABUSE.PDF</a></p>\n<h2><strong>Footnotes</strong></h2>\n<p><a class=\"ck-anchor\" id=\"Foot1\"><sup>1</sup></a><sup> </sup>Národní úřad pro kybernetickou a informační bezpečnost</p>\n<p><a class=\"ck-anchor\" id=\"Foot2\"><sup>2 </sup></a> Forsvarets Efterretningstjeneste</p>\n<p><a class=\"ck-anchor\" id=\"Foot3\"><sup>3</sup></a> Välisluureamet</p>\n<p><a class=\"ck-anchor\" id=\"Foot4\"><sup>4</sup></a> Riigi Infosüsteem Amet</p>\n<p><a class=\"ck-anchor\" id=\"Foot5\"><sup>5</sup></a> Sotilastiedustelu</p>\n<p><a class=\"ck-anchor\" id=\"Foot6\"><sup>6</sup></a> Suojelupoliisi</p>\n<p><a class=\"ck-anchor\" id=\"Foot7\"><sup>7</sup></a> Agence nationale de la sécurité des systèmes d’information</p>\n<p><a class=\"ck-anchor\" id=\"Foot8\"><sup>8</sup></a> Agenzia Informazioni e Sicurezza Esterna</p>\n<p><a class=\"ck-anchor\" id=\"Foot9\"><sup>9</sup></a> Agenzia Informazioni e Sicurezza Interna</p>\n<p><a class=\"ck-anchor\" id=\"Foot10\"><sup>10</sup></a> Służba Kontrwywiadu Wojskowego</p>\n<p><a class=\"ck-anchor\" id=\"Foot11\"><sup>11</sup></a> Nationellt Cybersäkerhetscenter</p>\n<p><a class=\"ck-anchor\" id=\"Foot12\"><sup>12</sup></a><sup> </sup>MITRE and ATT&CK are registered trademarks of The MITRE Corporation. MITRE DEFEND is a trademark of the MITRE Corporation.</p>\n<p><a class=\"ck-anchor\" id=\"Foot13\"><sup>13</sup></a> <a href=\"https://www.cve.org/CVERecord?id=CVE-2008-4128\" target=\"_blank\">CVE-2008-4128</a> only affects end-of-life Cisco devices.</p>\n<h2><strong>Disclaimer of Endorsement</strong></h2>\n<p>The information and opinions contained in this document are provided \"as is\" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.</p>\n<h2><strong>Purpose</strong></h2>\n<p>This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats, and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.</p>\n<h2><strong>Contact</strong></h2>\n<p><strong>United States organizations</strong></p>\n<ul>\n<li><strong>National Security Agency (NSA)</strong>\n<ul>\n<li>Cybersecurity Report Feedback: <a href=\"mailto:CybersecurityReports@nsa.gov\">CybersecurityReports@nsa.gov</a> </li>\n<li>Defense Industrial Base Inquiries and Cybersecurity Services: <a href=\"mailto:DIB_Defense@cyber.nsa.gov\">DIB_Defense@cyber.nsa.gov</a> </li>\n<li>Media Inquiries / Press Desk: NSA Media Relations: 443-634-0721, <a href=\"mailto:MediaRelations@nsa.gov\">MediaRelations@nsa.gov</a></li>\n</ul>\n</li>\n<li><strong>Cybersecurity and Infrastructure Security Agency (CISA)</strong> and<strong> Federal Bureau of Investigation (FBI)</strong>\n<ul>\n<li> U.S. organizations are encouraged to report suspicious or criminal activity related to information in this advisory to CISA via the agency’s <a href=\"https://myservices.cisa.gov/irf\" title=\"Incident Reporting System\">Incident Reporting System</a>, its 24/7 Operations Center (<a href=\"mailto:report@cisa.gov\">report@cisa.gov</a> or 888-282-0870), or your <a href=\"https://www.fbi.gov/contact-us/field-offices\" target=\"_blank\">local FBI field office</a>. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact. </li>\n</ul>\n</li>\n<li><strong>United States Department of Defense Cyber Crime Center (DC3) </strong>\n<ul>\n<li>Defense Industrial Base Inquiries and Cybersecurity Services: <a href=\"mailto:DC3.DCISE@us.af.mil\">DC3.DCISE@us.af.mil</a> </li>\n<li>Defense Industrial Base mandatory cyber incident reporting as required by 10 U.S. Code Sections 391 and 393 and Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 is submitted at <a href=\"https://dibnet.dod.mil/\" target=\"_blank\" title=\"https://dibnet.dod.mil/\">https://dibnet.dod.mil</a>.</li>\n<li> Media Inquiries / Press Desk: <a href=\"mailto:DC3.Information@us.af.mil\">DC3.Information@us.af.mil</a></li>\n</ul>\n</li>\n</ul>\n<p><strong>Australian organizations</strong></p>\n<ul>\n<li><strong>Australian Signals Directorate</strong>\n<ul>\n<li>Visit <a href=\"https://www.cyber.gov.au/about-us/about-asd-acsc/contact-us#no-back\" target=\"_blank\">cyber.gov.au</a> or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.</li>\n</ul>\n</li>\n</ul>\n<p><strong>Canadian organizations</strong></p>\n<ul type=\"disc\">\n<li>The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment, encourages Canadian organizations to report cyber incidents and to strengthen the security of their networking devices. \n<ul>\n<li>Report an incident or suspicious activity to the Cyber Centre by email at <a href=\"mailto:contact@cyber.gc.ca\">contact@cyber.gc.ca</a>, online via the reporting tool <a href=\"https://www.cyber.gc.ca/en/incident-management\" target=\"_blank\">Report a cyber incident - Canadian Centre for Cyber Security</a> or by phone at 1-833-CYBER-88 (1-833-292-3788).</li>\n</ul>\n</li>\n</ul>\n<p><strong>New Zealand organizations</strong></p>\n<ul type=\"disc\">\n<li>New Zealand National Cyber Security Centre (NCSC-NZ): <a href=\"mailto:info@ncsc.govt.nz\">info@ncsc.govt.nz</a></li>\n</ul>\n<p><strong>United Kingdom organizations</strong></p>\n<ul>\n<li>Report significant cyber security incidents to <a href=\"https://ncsc.gov.uk/report-an-incident\" target=\"_blank\">ncsc.gov.uk/report-an-incident</a> (monitored 24/7)</li>\n</ul>\n<p><strong>Estonia organizations</strong></p>\n<ul>\n<li>Estonian Foreign Intelligence Service (EFIS): <a href=\"mailto:info@valisluureamet.ee\">info@valisluureamet.ee</a></li>\n</ul>\n<p><strong>Finnish organizations</strong></p>\n<ul>\n<li>Finnish Security and Intelligence Service: <a href=\"https://supo.fi/en/contact\" target=\"_blank\">supo.fi/en/contact</a></li>\n</ul>\n<p><strong>French organizations</strong></p>\n<ul type=\"disc\">\n<li>French organizations are encouraged to report suspicious activity or incident related information found in this advisory by contacting ANSSI/CERT-FR at: <a href=\"mailto:cert-fr@ssi.gouv.fr\">cert-fr@ssi.gouv.fr</a> or by phone at: 3218 or +33 9 70 83 32 18.</li>\n</ul>\n<p><strong>Italian Organizations</strong></p>\n<ul>\n<li>Italian External Intelligence and Security Agency (AISE): \n<ul>\n<li>Visit <a href=\"https://www.sicurezzanazionale.gov.it/\" target=\"_blank\">https://www.sicurezzanazionale.gov.it/</a> </li>\n</ul>\n</li>\n<li>Italian Internal Intelligence and Security Agency (AISI): \n<ul>\n<li>Visit <a href=\"https://www.sicurezzanazionale.gov.it/\" target=\"_blank\">https://www.sicurezzanazionale.gov.it/</a> </li>\n</ul>\n</li>\n</ul>\n<h2><a class=\"ck-anchor\" id=\"AppA\"><strong>Appendix A: MITRE ATT&CK tactics and techniques</strong></a></h2>\n<p>See <a href=\"#Table1\"><strong>Table 1</strong></a> through <a href=\"#Table10\"><strong>Table 10</strong></a> for all the threat actor tactics and techniques referenced in this advisory.</p>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 1: Reconnaissance</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><a class=\"ck-anchor\" id=\"Table1\"></a><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Active Scanning: Scanning IP Blocks</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1595/001/\" target=\"_blank\">T1595.001</a></td>\n<td>Scan range of IP addresses</td>\n</tr>\n<tr>\n<td>Active Scanning: Vulnerability Scanning</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1595/002/\" target=\"_blank\">T1595.002</a></td>\n<td>Scan victims for vulnerabilities that can be used during targeting</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 2: Resource Development</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Acquire Infrastructure: Virtual Private Servers </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1583/003/\" target=\"_blank\">T1583.003</a> </td>\n<td>Leverage VPS as infrastructure </td>\n</tr>\n<tr>\n<td>Compromise Infrastructure: Network Devices </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1584/008/\" target=\"_blank\">T1584.008</a> </td>\n<td>Compromise intermediate routers </td>\n</tr>\n<tr>\n<td>Obtain Capabilities: Exploits </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1588/005/\" target=\"_blank\">T1588.005</a> </td>\n<td>Use publicly available code to exploit vulnerable devices </td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 3: Initial Access</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Exploit Public-Facing Application </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1190/\" target=\"_blank\">T1190</a> </td>\n<td>Exploit publicly known CVEs </td>\n</tr>\n<tr>\n<td>Proxy</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1090/\" target=\"_blank\">T1090</a></td>\n<td>Use a connection proxy to direct network traffic </td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 4: Execution</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>System Services</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1569/\" target=\"_blank\">T1569</a></td>\n<td>Executing commands via SNMP</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 5: Privilege Escalation</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Exploitation for Privilege Escalation</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1068/\" target=\"_blank\">T1068</a></td>\n<td>Exploit publicly known CVEs for escalated privileges</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 6: Stealth</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Obfuscated Files or Information</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1027/\" target=\"_blank\">T1027</a></td>\n<td>Obfuscate source IP addresses in system logs, as actions may be recorded as originating from local IP addresses</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 7: Credential Access</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>OS Credential Dumping</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1003/\" target=\"_blank\">T1003</a></td>\n<td>Collect router configuration with weak Cisco Type 7 passwords and Type 0</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 8: Collection</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Data from Configuration Repository: SNMP (MIB Dump) </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1602/001/\" target=\"_blank\">T1602.001</a> </td>\n<td>Target MIB to collect network information via SNMP </td>\n</tr>\n<tr>\n<td>Data from Configuration Repository: Network Device Configuration Dump</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1602/002/\" target=\"_blank\">T1602.002</a></td>\n<td>Acquire credentials by collecting network device configurations</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 9: Command and Control</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Proxy </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1090/\" target=\"_blank\">T1090</a> </td>\n<td>Use VPS for C2 </td>\n</tr>\n<tr>\n<td>Application Layer Protocol </td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1071/\" target=\"_blank\">T1071</a> </td>\n<td>Open and expose a variety of different services, including TFTP and FTP</td>\n</tr>\n</tbody>\n</table>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 10: Exfiltration</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><a class=\"ck-anchor\" id=\"Table10\"></a><strong>Technique Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Use</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Exfiltration Over Alternative Protocol</td>\n<td><a href=\"https://attack.mitre.org/versions/v19/techniques/T1048/\" target=\"_blank\">T1048</a></td>\n<td>Exfiltrating over a different protocol than that of the existing command and control channel. </td>\n</tr>\n</tbody>\n</table>\n<h2><strong>Appendix B: MITRE D3FEND countermeasures</strong></h2>\n<p>See <a href=\"#Table11\"><strong>Table 11</strong></a> for a mapping of several of the cybersecurity countermeasures mentioned in this advisory.</p>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<caption>Table 11: MITRE D3FEND Countermeasures</caption>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">\n<p class=\"text-align-center\"><a class=\"ck-anchor\" id=\"Table11\"></a><strong>Countermeasure Title</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>ID</strong></p>\n</th>\n<th role=\"columnheader\">\n<p class=\"text-align-center\"><strong>Description</strong></p>\n</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Application Configuration Hardening</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:ApplicationConfigurationHardening\" target=\"_blank\">D3-ACH</a></td>\n<td>\n<ul type=\"disc\">\n<li>Use SNMPv3 and disable SNMPv1 and SNMPv2. </li>\n<li>Use SNMP allowlisting to restrict access to OIDs and MIBs. </li>\n<li>Disable Cisco Smart Install.</li>\n</ul>\n</td>\n</tr>\n<tr>\n<td>Message Authentication</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:MessageAuthentication\" target=\"_blank\">D3-MAN</a></td>\n<td>\n<ul>\n<li>Use SNMPv3 with strong authentication.</li>\n</ul>\n</td>\n</tr>\n<tr>\n<td>Message Encryption</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:MessageEncryption\" target=\"_blank\">D3-MENCR</a></td>\n<td>\n<ul>\n<li>Use SNMPv3 to encrypt payloads.</li>\n</ul>\n</td>\n</tr>\n<tr>\n<td>Credential Hardening</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:CredentialHardening\" target=\"_blank\">D3-CH</a></td>\n<td>\n<ul>\n<li>Use strong, unique passwords and store them securely.</li>\n</ul>\n</td>\n</tr>\n<tr>\n<td>Platform Monitoring</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:PlatformMonitoring\" target=\"_blank\">D3-PM</a></td>\n<td>\n<ul type=\"disc\">\n<li>Monitor for unusual credentials. </li>\n<li>Monitor SNMP Set-Requests for OIDs targeting sensitive device data.</li>\n</ul>\n</td>\n</tr>\n<tr>\n<td>Network Traffic Filtering</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:NetworkTrafficFiltering\" target=\"_blank\">D3-NTF</a></td>\n<td>\n<ul type=\"disc\">\n<li>Use ACLs to only allow management protocols from management devices. </li>\n<li>Block TFTP, SMI, and SNMP at edge firewalls.</li>\n</ul>\n</td>\n</tr>\n<tr>\n<td>Network Vulnerability Assessment</td>\n<td><a href=\"https://d3fend.mitre.org/technique/d3f:NetworkVulnerabilityAssessment\" target=\"_blank\">D3-NVA</a></td>\n<td>\n<ul>\n<li>Use an attack surface management service.</li>\n</ul>\n</td>\n</tr>\n</tbody>\n</table>\n", "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a", "image": "https://www.cisa.gov/sites/default/files/styles/large/public/2026-07/Figure%201%20FSB%20Center%2016%20activity%20and%20recommended%20mitigation%20actions.png?itok=oYxdyna4", "published": "Mon, 13 Jul 26 12:00:00 +0000" } }, { "id": "128136e355ee373d956957ede344920afcc7b4aa", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Adds Two Known Exploited Vulnerabilities to Catalog", "summary": "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog o…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/10/cisa-adds-two-known-exploited-vulnerabilities-catalog", "image": "", "published": "2026-07-10T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "CISA Adds Two Known Exploited Vulnerabilities to Catalog", "summary": "<p>CISA has added two new vulnerabilities to its <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>\n<ul>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-48939\" target=\"_blank\">CVE-2026-48939</a> iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability</li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-56291\" target=\"_blank\">CVE-2026-56291</a> Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability</li>\n</ul>\n<p>These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.</p>\n<p><a href=\"https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk\">Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk</a> establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.</p>\n<p>While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">KEV Catalog vulnerabilities</a>. CISA will continue to add vulnerabilities to the catalog that meet the <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog/reducing-significant-risk-known-exploited-vulnerabilities\">specified criteria</a>.</p>\n<p>Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s <a href=\"https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_1Zwu52kgK2OYf3w\" target=\"_blank\">KEV Nomination Form</a>. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. </p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/10/cisa-adds-two-known-exploited-vulnerabilities-catalog", "image": "", "published": "Fri, 10 Jul 26 12:00:00 +0000" } }, { "id": "95822e545b53dd8d0c0211a2fa18bd5833655533", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "OpenPLC v3", "summary": "View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user. The following versions of OpenPLC v3 are affected: OpenPLC v3 CVSS Vendor Equipment Vulnerabilities v3 9.9 OpenPLC OpenPLC v3 External Control of File Name or Path Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-14480 OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑sup…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01", "image": "", "published": "2026-07-09T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "OpenPLC v3", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-190-01.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user.</strong></p>\n<p>The following versions of OpenPLC v3 are affected:</p>\n<ul>\n<li>OpenPLC v3</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 9.9</td>\n<td>OpenPLC</td>\n<td>OpenPLC v3</td>\n<td>External Control of File Name or Path</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>United States</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-14480</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attacker‑controlled absolute paths, an authenticated user can write arbitrary files anywhere writable by the OpenPLC webserver process. In the default build pipeline, all C++ source files within the OpenPLC runtime core directory are automatically compiled into the executable runtime binary. By writing a malicious .cpp file into this directory, an authenticated attacker can escalate the arbitrary file write into arbitrary native code execution when the operator triggers a normal program compilation and runtime start.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-14480\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>OpenPLC v3</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>OpenPLC</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>OpenPLC OpenPLC: v3</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>OpenPLC recommends users upgrade to OpenPLC v4 as OpenPLC v3 is end-of-life and is no longer receiving patches, bug fixes, or security updates.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/73.html\">CWE-73 External Control of File Name or Path</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>9.9</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Grady DeRosa reported this vulnerability to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p>\n<p>Do not click web links or open attachments in unsolicited email messages.</p>\n<p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p>\n<p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p>\n<p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-09</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-09</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01", "image": "", "published": "Thu, 09 Jul 26 12:00:00 +0000" } }, { "id": "140a466f5f5b7a970a04499e5b2498a94948a40f", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Schneider Electric Easergy MiCOM Px40 Series", "summary": "View CSAF Summary Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The [Easergy MiCOM Px40](https://www.se.com/ww/en/product-subcategory/4725-easergy-micom-px40-series/?filter=business-6-medium-voltage-distribution-and-grid-automation) is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol. The following versions of Schneider Electric Easergy MiCOM Px40 Series are affected: Easergy MiCOM P14x All versions prior to B4A Easergy MiCOM P24x All versions prior to D3A Easergy MiCOM P341 All versions prior to E3F Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F Easergy MiCOM P442, P444 All versions prior to E3A Easergy MiCOM P443, P445, P446, P543, P544, P545, P546…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03", "image": "", "published": "2026-07-09T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Schneider Electric Easergy MiCOM Px40 Series", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-190-03.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The [Easergy MiCOM Px40](https://www.se.com/ww/en/product-subcategory/4725-easergy-micom-px40-series/?filter=business-6-medium-voltage-distribution-and-grid-automation) is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol.</strong></p>\n<p>The following versions of Schneider Electric Easergy MiCOM Px40 Series are affected:</p>\n<ul>\n<li>Easergy MiCOM P14x All versions prior to B4A</li>\n<li>Easergy MiCOM P24x All versions prior to D3A</li>\n<li>Easergy MiCOM P341 All versions prior to E3F</li>\n<li>Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F</li>\n<li>Easergy MiCOM P442, P444 All versions prior to E3A</li>\n<li>Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All versions prior to H6A</li>\n<li>Easergy MiCOM P841 All versions prior to G6A</li>\n<li>Easergy MiCOM P643 All versions prior to B3F</li>\n<li>Easergy MiCOM P642, P645 All versions prior to B4A</li>\n<li>Easergy MiCOM P741, P742, P743 All versions prior to B2A</li>\n<li>Easergy MiCOM P746 All versions prior to B4E</li>\n<li>Easergy MiCOM P746 All versions prior to C4E</li>\n<li>Easergy MiCOM P849 All versions prior to B4A</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 5.3</td>\n<td>Schneider Electric</td>\n<td>Schneider Electric Easergy MiCOM Px40 Series</td>\n<td>Use of Hard-coded Credentials</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Transportation Systems</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>France</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-4832</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-4832\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric Easergy MiCOM Px40 Series</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Schneider Electric</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Easergy MiCOM P14x All versions prior to B4A, Easergy MiCOM P24x All versions prior to D3A, Easergy MiCOM P341 All versions prior to E3F, Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F, Easergy MiCOM P442 P444 All versions prior to E3A, Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All versions prior to H6A, Easergy MiCOM P841 All versions prior to G6A, Easergy MiCOM P643 All versions prior to B3F, Easergy MiCOM P642, P645 All versions prior to B4A, Easergy MiCOM P741, P742, P743 All versions prior to B2A, Easergy MiCOM P746 All versions prior to B4E, Easergy MiCOM P746 All versions prior to C4E, Easergy MiCOM P849 All versions prior to B4A</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>For customers who do not require SNMP Contact Schneider Electric's [Customer Care Center](https://www.se.com/ww/en/work/support/contacts.jsp) to upgrade the Firmware to a version without SNMP functionality. If customers choose not to apply the upgrade provided above, they should immediately apply the following mitigations to reduce the risk of exploit: * Use relays only in a protected network environment, * Use firewalls to protect and separate the control system network from other networks, * Use VPN (Virtual Private Networks) tunnels if remote access is required. For customers who require SNMP Please immediately apply the following mitigations to reduce the risk of exploit: * Use relays only in a protected network environment, * Use firewalls to protect and separate the control system network from other networks, * Use VPN (Virtual Private Networks) tunnels if remote access is required.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/798.html\">CWE-798 Use of Hard-coded Credentials</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Schneider Electric CPCERT reported this vulnerability to CISA.</li>\n</ul>\n<hr>\n<h2>General Security Recommendations</h2>\n<p>We strongly recommend the following industry cybersecurity best practices. * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.</p>\n<hr>\n<h2>For More Information</h2>\n<p>This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric's products, visit the company's cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp</p>\n<hr>\n<h2>LEGAL DISCLAIMER</h2>\n<p>THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION</p>\n<hr>\n<h2>About Schneider Electric</h2>\n<p>Schneider's purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On. Our mission is to be the trusted partner in Sustainability and Efficiency. We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers. We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all. www.se.com</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of Schneider Electric CPCERT SEVD-2026-104-03 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric CPCERT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-04-14</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-04-14</td>\n<td>1</td>\n<td>Original Release</td>\n</tr>\n<tr>\n<td>2026-05-12</td>\n<td>2</td>\n<td>Updated the risk associated with successful exploitation of this vulnerability and revised the remediation table to a mitigation table to emphasize that multiple mitigation options are available.</td>\n</tr>\n<tr>\n<td>2026-07-09</td>\n<td>3</td>\n<td>Initial CISA Republication of Schneider Electric CPCERT SEVD-2026-104-03 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03", "image": "", "published": "Thu, 09 Jul 26 12:00:00 +0000" } }, { "id": "1401f999eb669587c5a7f7d0856475a7fe582784", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Schneider Electric PowerChute Serial Shutdown", "summary": "View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02", "image": "", "published": "2026-07-09T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Schneider Electric PowerChute Serial Shutdown", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-190-02.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information.</strong></p>\n<p>The following versions of Schneider Electric PowerChute Serial Shutdown are affected:</p>\n<ul>\n<li>PowerChute Serial Shutdown <=1.4 </li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 6.1</td>\n<td>SuSE, Schneider Electric, Red Hat, Microsoft</td>\n<td>Schneider Electric PowerChute Serial Shutdown</td>\n<td>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>France</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2399</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2399\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>The following product versions have been fixed: PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2399.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2399.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2399.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/22.html\">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.1</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\">CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>6.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2404</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to improper output encoding, which may allow crafted input to be reflected in log files in unexpected ways.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2404\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2404.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2404.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2404.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/116.html\">CWE-116 Improper Encoding or Escaping of Output</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>6.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2402</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to insufficient limitations on repeated authentication attempts across multiple endpoints.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2402\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>(CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>(CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2402.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2402.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2402.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/307.html\">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>6.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2405</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to uncontrolled resource consumption when certain system operations are triggered excessively.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2405\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2405.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2405.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2405.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/400.html\">CWE-400 Uncontrolled Resource Consumption</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2403</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to improper validation of quantity‑related inputs, which can cause event and data logs to be truncated. As a result, important audit information may be lost, reducing visibility into system behavior.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2403\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2403.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2403.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2403.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/1284.html\">CWE-1284 Improper Validation of Specified Quantity in Input</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2400</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to improper handling of newline sequences in certain inputs, enabling unexpected modification of configuration‑related data.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2400\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2400.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2400.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2400.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-2401</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PowerChute is vulnerable to improper logging of sensitive information when certain user‑triggered operations occur.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-2401\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Schneider Electric PowerChute Serial Shutdown</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/</a></p>\n<p><strong>Vendor fix</strong><br>SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).<br><a href=\"https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/\">https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/</a></p>\n<p><strong>Mitigation</strong><br>Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\">https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN</a></p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2401.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2401.</p>\n<p><strong>Vendor fix</strong><br>PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2401.</p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf</a></p>\n<p><strong>Vendor fix</strong><br>For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).<br><a href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json\">https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/532.html\">CWE-532 Insertion of Sensitive Information into Log File</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>2.8</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N\">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>2.4</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Schneider Electric reported these vulnerabilities to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p>\n<p>Do not click web links or open attachments in unsolicited email messages.</p>\n<p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p>\n<p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p>\n<p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-04-14</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-04-14</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n<tr>\n<td>2026-07-09</td>\n<td>2</td>\n<td>Initial Republication of Schneider Electric CPCERT SEVD-2026-104-01</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02", "image": "", "published": "Thu, 09 Jul 26 12:00:00 +0000" } }, { "id": "e53b1542855044b17d327e0135df9f6570a8ba40", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Adds Three Known Exploited Vulnerabilities to Catalog", "summary": "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically t…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-three-known-exploited-vulnerabilities-catalog", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "CISA Adds Three Known Exploited Vulnerabilities to Catalog", "summary": "<p>CISA has added three new vulnerabilities to its <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>\n<ul>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-48908\" target=\"_blank\">CVE-2026-48908</a> JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability</li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-55255\" target=\"_blank\">CVE-2026-55255</a> Langflow Authorization Bypass Through User-Controlled Key Vulnerability </li>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-56290\" target=\"_blank\">CVE-2026-56290</a> Joomlack Page Builder Improper Access Control Vulnerability</li>\n</ul>\n<p>These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.</p>\n<p><a href=\"https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk\">Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk</a> establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.</p>\n<p>While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">KEV Catalog vulnerabilities</a>. CISA will continue to add vulnerabilities to the catalog that meet the <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog/reducing-significant-risk-known-exploited-vulnerabilities\">specified criteria</a>.</p>\n<p>Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s <a href=\"https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_1Zwu52kgK2OYf3w\" target=\"_blank\">KEV Nomination Form</a>. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. </p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-three-known-exploited-vulnerabilities-catalog", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "6b0a24ef73e478e8d0f84acd0eb7197498f88e62", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Hitachi Energy PROMOD V", "summary": "View CSAF Summary Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access. The following versions of Hitachi Energy PROMOD V are affected: PROMOD V vers:PROMOD_V/Running PROMOD V->Digipede Grid. Alternatively, refer to the same section in the online help contained in the application. MitigationApply general mitigation factors Relevant CWE: CWE-1428 Reliance on HTTP instead of HTTPS Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 4.0 7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Acknowledgments Hitachi Energy Internal Team Notice The information in this d…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-02", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Hitachi Energy PROMOD V", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-02.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access.</strong></p>\n<p>The following versions of Hitachi Energy PROMOD V are affected:</p>\n<ul>\n<li>PROMOD V vers:PROMOD_V/<=1.0.10</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 7.1</td>\n<td>Hitachi Energy</td>\n<td>Hitachi Energy PROMOD V</td>\n<td>Reliance on HTTP instead of HTTPS</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Energy</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Switzerland</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-10763</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-10763\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Hitachi Energy PROMOD V</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Hitachi Energy</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>PROMOD V versions 1.0.10 and prior</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Upgrade to version 1.0.11 and enable HTTPS on Digipede server. [2] Refer to “1.0.11 PROMOD V User Guide”, Section 2 Essential Skills->Running PROMOD V->Digipede Grid. Alternatively, refer to the same section in the online help contained in the application.</p>\n<p><strong>Mitigation</strong><br>Apply general mitigation factors</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/1428.html\">CWE-1428 Reliance on HTTP instead of HTTPS</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.1</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Hitachi Energy Internal Team</li>\n</ul>\n<hr>\n<h2>Notice</h2>\n<p>The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p>\n<hr>\n<h2>Support</h2>\n<p>For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.</p>\n<hr>\n<h2>General Mitigation Factors</h2>\n<p>Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. Additional information on Industrial Control Systems Cybersecurity Best Practices can be found in the Hitachi Energy “Industrial Control Systems Cybersecurity Best Practices” Cybersecurity Notification. [1]</p>\n<hr>\n<h2>SSVC</h2>\n<p>SSVCv2/E:N/A:N/2026-06-29T12:01:59Z/</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000250 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-30</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-30</td>\n<td>1</td>\n<td>Initial public release</td>\n</tr>\n<tr>\n<td>2026-07-07</td>\n<td>2</td>\n<td>Initial CISA Republication of Hitachi Energy PSIRT 8DBD000250 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-02", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "22dd860ce0bd9bd89c59eb5955fa8ff88e73db9a", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Labcenter Proteus 9", "summary": "View CSAF Summary Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations. The following versions of Labcenter Proteus 9 are affected: Proteus 9.1_SP4_Build_42914 CVSS Vendor Equipment Vulnerabilities v3 7.8 Labcenter Electronics Labcenter Proteus 9 Out-of-bounds Write, Stack-based Buffer Overflow, Use After Free Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Defense Industrial Base, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: United Kingdom Vulnerabilities Expand All + CVE-2026-42953 The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memo…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Labcenter Proteus 9", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-06.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations.</strong></p>\n<p>The following versions of Labcenter Proteus 9 are affected:</p>\n<ul>\n<li>Proteus 9.1_SP4_Build_42914</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 7.8</td>\n<td>Labcenter Electronics</td>\n<td>Labcenter Proteus 9</td>\n<td>Out-of-bounds Write, Stack-based Buffer Overflow, Use After Free</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Communications, Critical Manufacturing, Defense Industrial Base, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>United Kingdom</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-42953</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-42953\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Labcenter Proteus 9</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Labcenter Electronics</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Labcenter Electronics Proteus: 9.1_SP4_Build_42914</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.</p>\n<p><strong>Mitigation</strong><br>If you have questions or need help please contact Labcenter or your local distributor.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/787.html\">CWE-787 Out-of-bounds Write</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.4</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-49033</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-49033\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Labcenter Proteus 9</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Labcenter Electronics</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Labcenter Electronics Proteus: 9.1_SP4_Build_42914</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.</p>\n<p><strong>Mitigation</strong><br>If you have questions or need help please contact Labcenter or your local distributor.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/121.html\">CWE-121 Stack-based Buffer Overflow</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.4</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-42958</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-42958\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Labcenter Proteus 9</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Labcenter Electronics</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Labcenter Electronics Proteus: 9.1_SP4_Build_42914</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.</p>\n<p><strong>Mitigation</strong><br>If you have questions or need help please contact Labcenter or your local distributor.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/416.html\">CWE-416 Use After Free</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.4</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Michael Heinzl reported these vulnerabilities to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p>\n<p>Do not click web links or open attachments in unsolicited email messages.</p>\n<p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p>\n<p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p>\n<p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-07</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-07</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "e8277f189a1e584618129d20c7cc6c0442b33b9d", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Siemens SINEC OS", "summary": "View CSAF Summary SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/cork. The \"*copied\" also needs to be updated such that a proper error can be returned to the caller, sendmsg. It fails to allocate psock->cork. Nothing has been corked so far, so this patch simply sets \"*copied\" to 0. [0]: WARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983 Modules linked in: CPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156 Code: 0f 0b 90 e9 62 f…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Siemens SINEC OS", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-05.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version.</strong></p>\n<p>The following versions of Siemens SINEC OS are affected:</p>\n<ul>\n<li>RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/<4.0 </li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 9.8</td>\n<td>Siemens</td>\n<td>Siemens SINEC OS</td>\n<td>Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Resource Shutdown or Release, Integer Overflow or Wraparound, Stack-based Buffer Overflow, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Uncontrolled Recursion, Out-of-bounds Read, Covert Timing Channel, Improper Input Validation, Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Improper Update of Reference Count, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Multiple Releases of Same Resource or Handle, Permissive Regular Expression, Expired Pointer Dereference, Incorrect Bitwise Shift of Integer, Out-of-bounds Write, User Interface (UI) Misrepresentation of Critical Information, Improper Access Control, Insertion of Sensitive Information Into Sent Data, Inefficient Algorithmic Complexity, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Authentication Bypass by Primary Weakness, NULL Pointer Dereference, Active Debug Code, Loop with Unreachable Exit Condition ('Infinite Loop'), Missing Synchronization, External Control of File Name or Path, Privilege Dropping / Lowering Errors, Use of Web Browser Cache Containing Sensitive Information</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Germany</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-1352</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-1352\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/119.html\">CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-1376</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-1376\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/404.html\">CWE-404 Improper Resource Shutdown or Release</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>2.5</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-6052</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-6052\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/190.html\">CWE-190 Integer Overflow or Wraparound</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>3.7</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-6141</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-6141\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/121.html\">CWE-121 Stack-based Buffer Overflow</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>3.3</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-6170</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-6170\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/121.html\">CWE-121 Stack-based Buffer Overflow</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>2.5</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-7039</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-7039\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/22.html\">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>3.7</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-8732</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\"</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-8732\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/674.html\">CWE-674 Uncontrolled Recursion</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>3.3</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-9086</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-9086\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/125.html\">CWE-125 Out-of-bounds Read</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.5</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-9230</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-9230\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/125.html\">CWE-125 Out-of-bounds Read</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.5</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-9231</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-9231\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/385.html\">CWE-385 Covert Timing Channel</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-9232</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-9232\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/125.html\">CWE-125 Out-of-bounds Read</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-10966</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-10966\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-13465</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-13465\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/1321.html\">CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.2</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-13601</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-13601\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/190.html\">CWE-190 Integer Overflow or Wraparound</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-39913</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. syzbot reported the splat below. [0] The repro does the following: 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes) 2. Attach the prog to a SOCKMAP 3. Add a socket to the SOCKMAP 4. Activate fault injection 5. Send data less than cork_bytes At 5., the data is carried over to the next sendmsg() as it is smaller than the cork_bytes specified by bpf_msg_cork_bytes(). Then, tcp_bpf_send_verdict() tries to allocate psock->cork to hold the data, but this fails silently due to fault injection + __GFP_NOWARN. If the allocation fails, we need to revert the sk->sk_forward_alloc change done by sk_msg_alloc(). Let's call sk_msg_free() when tcp_bpf_send_verdict fails to allocate psock->cork. The \"*copied\" also needs to be updated such that a proper error can be returned to the caller, sendmsg. It fails to allocate psock->cork. Nothing has been corked so far, so this patch simply sets \"*copied\" to 0. [0]: WARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983 Modules linked in: CPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156 Code: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc RSP: 0018:ffffc90000a08b48 EFLAGS: 00010246 RAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80 RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000 RBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4 R10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380 R13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872 FS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0 Call Trace: __sk_destruct+0x86/0x660 net/core/sock.c:2339 rcu_do_batch kernel/rcu/tree.c:2605 [inline] rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-39913\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40214</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages. 1) 1-a. Create a single cyclic reference with many sockets 1-b. close() all sockets 1-c. Trigger GC 2) 2-a. Pass sk-A to an embryo sk-B 2-b. Pass sk-X to sk-X 2-c. Trigger GC 3) 3-a. accept() the embryo sk-B 3-b. Pass sk-B to sk-C 3-c. close() the in-flight sk-A 3-d. Trigger GC As of 2-c, sk-A and sk-X are linked to unix_unvisited_vertices, and unix_walk_scc() groups them into two different SCCs: unix_sk(sk-A)->vertex->scc_index = 2 (UNIX_VERTEX_INDEX_START) unix_sk(sk-X)->vertex->scc_index = 3 Once GC completes, unix_graph_grouped is set to true. Also, unix_graph_maybe_cyclic is set to true due to sk-X's cyclic self-reference, which makes close() trigger GC. At 3-b, unix_add_edge() allocates unix_sk(sk-B)->vertex and links it to unix_unvisited_vertices. unix_update_graph() is called at 3-a. and 3-b., but neither unix_graph_grouped nor unix_graph_maybe_cyclic is changed because both sk-B's listener and sk-C are not in-flight. 3-c decrements sk-A's file refcnt to 1. Since unix_graph_grouped is true at 3-d, unix_walk_scc_fast() is finally called and iterates 3 sockets sk-A, sk-B, and sk-X: sk-A -> sk-B (-> sk-C) sk-X -> sk-X This is totally fine. All of them are not yet close()d and should be grouped into different SCCs. However, unix_vertex_dead() misjudges that sk-A and sk-B are in the same SCC and sk-A is dead. unix_sk(sk-A)->scc_index == unix_sk(sk-B)->scc_index <-- Wrong! && sk-A's file refcnt == unix_sk(sk-A)->vertex->out_degree ^-- 1 in-flight count for sk-B -> sk-A is dead !? The problem is that unix_add_edge() does not initialise scc_index. Stage 1) is used for heap spraying, making a newly allocated vertex have vertex->scc_index == 2 (UNIX_VERTEX_INDEX_START) set by unix_walk_scc() at 1-c. Let's track the max SCC index from the previous unix_walk_scc() call and assign the max + 1 to a new vertex's scc_index. This way, we can continue to avoid Tarjan's algorithm while preventing misjudgments.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40214\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40248</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on signal/timeout. Keep the logic for unconnected sockets: they don't linger, can't be placed in a sockmap, are rejected by sendmsg().</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40248\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40250</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries to access this, when request_irq() fails due to exhausted IRQ vectors. This commit modifies the cleanup to remove only the specific IRQ mapping that was just added. This prevents removal of other valid mappings and ensures precise cleanup of the failed IRQ allocation's associated glue object. Note: This error is observed when both fwctl and rds configs are enabled. [1] mlx5_core 0000:05:00.0: Successfully registered panic handler for port 1 mlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to request irq. err = -28 infiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while trying to test write-combining support mlx5_core 0000:05:00.0: Successfully unregistered panic handler for port 1 mlx5_core 0000:06:00.0: Successfully registered panic handler for port 1 mlx5_core 0000:06:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to request irq. err = -28 infiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while trying to test write-combining support mlx5_core 0000:06:00.0: Successfully unregistered panic handler for port 1 mlx5_core 0000:03:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to request irq. err = -28 mlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to request irq. err = -28 general protection fault, probably for non-canonical address 0xe277a58fde16f291: 0000 [#1] SMP NOPTI RIP: 0010:free_irq_cpu_rmap+0x23/0x7d Call Trace: ? show_trace_log_lvl+0x1d6/0x2f9 ? show_trace_log_lvl+0x1d6/0x2f9 ? mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core] ? __die_body.cold+0x8/0xa ? die_addr+0x39/0x53 ? exc_general_protection+0x1c4/0x3e9 ? dev_vprintk_emit+0x5f/0x90 ? asm_exc_general_protection+0x22/0x27 ? free_irq_cpu_rmap+0x23/0x7d mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core] irq_pool_request_vector+0x7d/0x90 [mlx5_core] mlx5_irq_request+0x2e/0xe0 [mlx5_core] mlx5_irq_request_vector+0xad/0xf7 [mlx5_core] comp_irq_request_pci+0x64/0xf0 [mlx5_core] create_comp_eq+0x71/0x385 [mlx5_core] ? mlx5e_open_xdpsq+0x11c/0x230 [mlx5_core] mlx5_comp_eqn_get+0x72/0x90 [mlx5_core] ? xas_load+0x8/0x91 mlx5_comp_irqn_get+0x40/0x90 [mlx5_core] mlx5e_open_channel+0x7d/0x3c7 [mlx5_core] mlx5e_open_channels+0xad/0x250 [mlx5_core] mlx5e_open_locked+0x3e/0x110 [mlx5_core] mlx5e_open+0x23/0x70 [mlx5_core] __dev_open+0xf1/0x1a5 __dev_change_flags+0x1e1/0x249 dev_change_flags+0x21/0x5c do_setlink+0x28b/0xcc4 ? __nla_parse+0x22/0x3d ? inet6_validate_link_af+0x6b/0x108 ? cpumask_next+0x1f/0x35 ? __snmp6_fill_stats64.constprop.0+0x66/0x107 ? __nla_validate_parse+0x48/0x1e6 __rtnl_newlink+0x5ff/0xa57 ? kmem_cache_alloc_trace+0x164/0x2ce rtnl_newlink+0x44/0x6e rtnetlink_rcv_msg+0x2bb/0x362 ? __netlink_sendskb+0x4c/0x6c ? netlink_unicast+0x28f/0x2ce ? rtnl_calcit.isra.0+0x150/0x146 netlink_rcv_skb+0x5f/0x112 netlink_unicast+0x213/0x2ce netlink_sendmsg+0x24f/0x4d9 __sock_sendmsg+0x65/0x6a ____sys_sendmsg+0x28f/0x2c9 ? import_iovec+0x17/0x2b ___sys_sendmsg+0x97/0xe0 __sys_sendmsg+0x81/0xd8 do_syscall_64+0x35/0x87 entry_SYSCALL_64_after_hwframe+0x6e/0x0 RIP: 0033:0x7fc328603727 Code: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 0b ed ff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 44 ed ff ff 48 RSP: 002b:00007ffe8eb3f1a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc328603727 RDX: 0000000000000000 RSI: 00007ffe8eb3f1f0 RDI: 000000000000000d RBP: 00007ffe8eb3f1f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00000000000 ---truncated---</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40250\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40251</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to \"Unset parent for all rate objects\". However, it was only calling the driver-specific `rate_leaf_parent_set` or `rate_node_parent_set` ops and decrementing the parent's refcount, without actually setting the `devlink_rate->parent` pointer to NULL. This leaves a dangling pointer in the `devlink_rate` struct, which cause refcount error in netdevsim[1] and mlx5[2]. In addition, this is inconsistent with the behavior of `devlink_nl_rate_parent_node_set`, where the parent pointer is correctly cleared. This patch fixes the issue by explicitly setting `devlink_rate->parent` to NULL after notifying the driver, thus fulfilling the function's documented behavior for all rate objects. [1] repro steps: echo 1 > /sys/bus/netdevsim/new_device devlink dev eswitch set netdevsim/netdevsim1 mode switchdev echo 1 > /sys/bus/netdevsim/devices/netdevsim1/sriov_numvfs devlink port function rate add netdevsim/netdevsim1/test_node devlink port function rate set netdevsim/netdevsim1/128 parent test_node echo 1 > /sys/bus/netdevsim/del_device dmesg: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 8 PID: 1530 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0 CPU: 8 UID: 0 PID: 1530 Comm: bash Not tainted 6.18.0-rc4+ #1 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x42/0xe0 Call Trace: devl_rate_leaf_destroy+0x8d/0x90 __nsim_dev_port_del+0x6c/0x70 [netdevsim] nsim_dev_reload_destroy+0x11c/0x140 [netdevsim] nsim_drv_remove+0x2b/0xb0 [netdevsim] device_release_driver_internal+0x194/0x1f0 bus_remove_device+0xc6/0x130 device_del+0x159/0x3c0 device_unregister+0x1a/0x60 del_device_store+0x111/0x170 [netdevsim] kernfs_fop_write_iter+0x12e/0x1e0 vfs_write+0x215/0x3d0 ksys_write+0x5f/0xd0 do_syscall_64+0x55/0x10f0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 [2] devlink dev eswitch set pci/0000:08:00.0 mode switchdev devlink port add pci/0000:08:00.0 flavour pcisf pfnum 0 sfnum 1000 devlink port function rate add pci/0000:08:00.0/group1 devlink port function rate set pci/0000:08:00.0/32768 parent group1 modprobe -r mlx5_ib mlx5_fwctl mlx5_core dmesg: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 7 PID: 16151 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0 CPU: 7 UID: 0 PID: 16151 Comm: bash Not tainted 6.17.0-rc7_for_upstream_min_debug_2025_10_02_12_44 #1 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x42/0xe0 Call Trace: devl_rate_leaf_destroy+0x8d/0x90 mlx5_esw_offloads_devlink_port_unregister+0x33/0x60 [mlx5_core] mlx5_esw_offloads_unload_rep+0x3f/0x50 [mlx5_core] mlx5_eswitch_unload_sf_vport+0x40/0x90 [mlx5_core] mlx5_sf_esw_event+0xc4/0x120 [mlx5_core] notifier_call_chain+0x33/0xa0 blocking_notifier_call_chain+0x3b/0x50 mlx5_eswitch_disable_locked+0x50/0x110 [mlx5_core] mlx5_eswitch_disable+0x63/0x90 [mlx5_core] mlx5_unload+0x1d/0x170 [mlx5_core] mlx5_uninit_one+0xa2/0x130 [mlx5_core] remove_one+0x78/0xd0 [mlx5_core] pci_device_remove+0x39/0xa0 device_release_driver_internal+0x194/0x1f0 unbind_store+0x99/0xa0 kernfs_fop_write_iter+0x12e/0x1e0 vfs_write+0x215/0x3d0 ksys_write+0x5f/0xd0 do_syscall_64+0x53/0x1f0 entry_SYSCALL_64_after_hwframe+0x4b/0x53</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40251\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/911.html\">CWE-911 Improper Update of Reference Count</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.1</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40252</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array. Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access. Found by Linux Verification Center (linuxtesting.org) with SVACE.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40252\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40254</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the set(nsh(...)) action is completely wrong. It runs through the nsh_key_put_from_nlattr() function that is the same function that validates NSH keys for the flow match and the push_nsh() action. However, the set(nsh(...)) has a very different memory layout. Nested attributes in there are doubled in size in case of the masked set(). That makes proper validation impossible. There is also confusion in the code between the 'masked' flag, that says that the nested attributes are doubled in size containing both the value and the mask, and the 'is_mask' that says that the value we're parsing is the mask. This is causing kernel crash on trying to write into mask part of the match with SW_FLOW_KEY_PUT() during validation, while validate_nsh() doesn't allocate any memory for it: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary) RIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch] Call Trace: validate_nsh+0x60/0x90 [openvswitch] validate_set.constprop.0+0x270/0x3c0 [openvswitch] __ovs_nla_copy_actions+0x477/0x860 [openvswitch] ovs_nla_copy_actions+0x8d/0x100 [openvswitch] ovs_packet_cmd_execute+0x1cc/0x310 [openvswitch] genl_family_rcv_msg_doit+0xdb/0x130 genl_family_rcv_msg+0x14b/0x220 genl_rcv_msg+0x47/0xa0 netlink_rcv_skb+0x53/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x280/0x3b0 netlink_sendmsg+0x1f7/0x430 ____sys_sendmsg+0x36b/0x3a0 ___sys_sendmsg+0x87/0xd0 __sys_sendmsg+0x6d/0xd0 do_syscall_64+0x7b/0x2c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e The third issue with this process is that while trying to convert the non-masked set into masked one, validate_set() copies and doubles the size of the OVS_KEY_ATTR_NSH as if it didn't have any nested attributes. It should be copying each nested attribute and doubling them in size independently. And the process must be properly reversed during the conversion back from masked to a non-masked variant during the flow dump. In the end, the only two outcomes of trying to use this action are either validation failure or a kernel crash. And if somehow someone manages to install a flow with such an action, it will most definitely not do what it is supposed to, since all the keys and the masks are mixed up. Fixing all the issues is a complex task as it requires re-writing most of the validation code. Given that and the fact that this functionality never worked since introduction, let's just remove it altogether. It's better to re-introduce it later with a proper implementation instead of trying to fix it in stable releases.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40254\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40257</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcp_pm_del_add_timer() mptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, &entry->add_timer) while another might have free entry already, as reported by syzbot. Add RCU protection to fix this issue. Also change confusing add_timer variable with stop_timer boolean. syzbot report: BUG: KASAN: slab-use-after-free in __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616 Read of size 4 at addr ffff8880311e4150 by task kworker/1:1/44 CPU: 1 UID: 0 PID: 44 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Workqueue: events mptcp_worker Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616 sk_stop_timer_sync+0x1b/0x90 net/core/sock.c:3631 mptcp_pm_del_add_timer+0x283/0x310 net/mptcp/pm.c:362 mptcp_incoming_options+0x1357/0x1f60 net/mptcp/options.c:1174 tcp_data_queue+0xca/0x6450 net/ipv4/tcp_input.c:5361 tcp_rcv_established+0x1335/0x2670 net/ipv4/tcp_input.c:6441 tcp_v4_do_rcv+0x98b/0xbf0 net/ipv4/tcp_ipv4.c:1931 tcp_v4_rcv+0x252a/0x2dc0 net/ipv4/tcp_ipv4.c:2374 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:239 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 __netif_receive_skb_one_core net/core/dev.c:6079 [inline] __netif_receive_skb+0x143/0x380 net/core/dev.c:6192 process_backlog+0x31e/0x900 net/core/dev.c:6544 __napi_poll+0xb6/0x540 net/core/dev.c:7594 napi_poll net/core/dev.c:7657 [inline] net_rx_action+0x5f7/0xda0 net/core/dev.c:7784 handle_softirqs+0x22f/0x710 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] __local_bh_enable_ip+0x1a0/0x2e0 kernel/softirq.c:302 mptcp_pm_send_ack net/mptcp/pm.c:210 [inline] mptcp_pm_addr_send_ack+0x41f/0x500 net/mptcp/pm.c:-1 mptcp_pm_worker+0x174/0x320 net/mptcp/pm.c:1002 mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Allocated by task 44: kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 poison_kmalloc_redzone mm/kasan/common.c:400 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417 kasan_kmalloc include/linux/kasan.h:262 [inline] __kmalloc_cache_noprof+0x1ef/0x6c0 mm/slub.c:5748 kmalloc_noprof include/linux/slab.h:957 [inline] mptcp_pm_alloc_anno_list+0x104/0x460 net/mptcp/pm.c:385 mptcp_pm_create_subflow_or_signal_addr+0xf9d/0x1360 net/mptcp/pm_kernel.c:355 mptcp_pm_nl_fully_established net/mptcp/pm_kernel.c:409 [inline] __mptcp_pm_kernel_worker+0x417/0x1ef0 net/mptcp/pm_kernel.c:1529 mptcp_pm_worker+0x1ee/0x320 net/mptcp/pm.c:1008 mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Freed by task 6630: kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587 kasan_save_free_info mm/kasan/kasan.h:406 [inline] poison_slab_object m ---truncated---</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40257\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40258</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt if the work was scheduled. This refcount will be released by mptcp_worker(). [A] if (schedule_work(...)) { [B] sock_hold(sk); return true; } Problem is that mptcp_worker() can run immediately and complete before [B] We need instead : sock_hold(sk); if (schedule_work(...)) return true; sock_put(sk); [1] refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25 Call Trace: __refcount_add include/linux/refcount.h:-1 [inline] __refcount_inc include/linux/refcount.h:366 [inline] refcount_inc include/linux/refcount.h:383 [inline] sock_hold include/net/sock.h:816 [inline] mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943 mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __run_timer_base+0x648/0x970 kernel/time/timer.c:2384 run_timer_base kernel/time/timer.c:2393 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403 handle_softirqs+0x22f/0x710 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] run_ktimerd+0xcf/0x190 kernel/softirq.c:1138 smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40258\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/362.html\">CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40261</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to complete before returning, and an error can cause ->ioerr_work to be queued after cancel_work_sync() had been called. Move the call to cancel_work_sync() to be after nvme_fc_delete_association() to ensure ->ioerr_work is not running when the nvme_fc_ctrl object is freed. Otherwise the following can occur: [ 1135.911754] list_del corruption, ff2d24c8093f31f8->next is NULL [ 1135.917705] ------------[ cut here ]------------ [ 1135.922336] kernel BUG at lib/list_debug.c:52! [ 1135.926784] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm: kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary) [ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS 2.5.4 01/16/2025 [ 1135.950969] Workqueue: 0x0 (nvme-wq) [ 1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f [ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7 70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07 45 fe ff <0f> 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff 0f 0b [ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046 [ 1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX: 0000000000000000 [ 1135.992148] RDX: 0000000000000000 RSI: ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0 [ 1135.999278] RBP: ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08 [ 1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12: ff2d24c78697c100 [ 1136.013546] R13: fffffffffffffff8 R14: 0000000000000000 R15: ff2d24c78697c0c0 [ 1136.020677] FS: 0000000000000000(0000) GS:ff2d24d6bfa00000(0000) knlGS:0000000000000000 [ 1136.028765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1136.034510] CR2: 00007fd207f90b80 CR3: 000000163ea22003 CR4: 0000000000f73ef0 [ 1136.041641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 1136.055910] PKRU: 55555554 [ 1136.058623] Call Trace: [ 1136.061074] [ 1136.063179] ? show_trace_log_lvl+0x1b0/0x2f0 [ 1136.067540] ? show_trace_log_lvl+0x1b0/0x2f0 [ 1136.071898] ? move_linked_works+0x4a/0xa0 [ 1136.075998] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.081744] ? __die_body.cold+0x8/0x12 [ 1136.085584] ? die+0x2e/0x50 [ 1136.088469] ? do_trap+0xca/0x110 [ 1136.091789] ? do_error_trap+0x65/0x80 [ 1136.095543] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.101289] ? exc_invalid_op+0x50/0x70 [ 1136.105127] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.110874] ? asm_exc_invalid_op+0x1a/0x20 [ 1136.115059] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.120806] move_linked_works+0x4a/0xa0 [ 1136.124733] worker_thread+0x216/0x3a0 [ 1136.128485] ? __pfx_worker_thread+0x10/0x10 [ 1136.132758] kthread+0xfa/0x240 [ 1136.135904] ? __pfx_kthread+0x10/0x10 [ 1136.139657] ret_from_fork+0x31/0x50 [ 1136.143236] ? __pfx_kthread+0x10/0x10 [ 1136.146988] ret_from_fork_asm+0x1a/0x30 [ 1136.150915]</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40261\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/1341.html\">CWE-1341 Multiple Releases of Same Resource or Handle</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.6</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40262</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be \"priv\" but we accidentally pass \"&priv\" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_action() function is called. Remove the &.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40262\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40263</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access is observed in cros_ec_keyb_process() when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work() in such case. Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: input_event cros_ec_keyb_work blocking_notifier_call_chain ec_irq_thread It's still unknown about why the kernel receives such malformed event, in any cases, the kernel shouldn't access `ckdev->idev` and friends if the driver doesn't intend to initialize them.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40263\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40264</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrb_params in case of OS2BMC be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL at be_send_pkt_to_bmc() call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific packet, as commit bc0c3405abbb (\"be2net: fix a Tx stall bug caused by a specific ipv6 packet\") states. The correct way would be to pass the wrb_params from be_xmit().</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40264\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40271</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \\ NULL pde(tun2)</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40271\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/625.html\">CWE-625 Permissive Regular Expression</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40278</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . [net?] KMSAN: kernel-infoleak in __skb_datagram_iter In tcf_ife_dump(), the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nla_put() copies the entire structure into a netlink message, these uninitialized bytes leaked to userspace. Initialize the structure with memset before assigning its fields to ensure all members and padding are cleared prior to beign copied. This change silences the KMSAN report and prevents potential information leaks from the kernel memory. This fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures no infoleak.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40278\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40280</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reinit_self(). [0] The array is protected by RTNL, but tipc_mon_reinit_self() iterates over it without RTNL. tipc_mon_reinit_self() is called from tipc_net_finalize(), which is always under RTNL except for tipc_net_finalize_work(). Let's hold RTNL in tipc_net_finalize_work(). [0]: BUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 Read of size 1 at addr ffff88805eae1030 by task kworker/0:7/5989 CPU: 0 UID: 0 PID: 5989 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Workqueue: events tipc_net_finalize_work Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568 kasan_check_byte include/linux/kasan.h:399 [inline] lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 rtlock_slowlock kernel/locking/rtmutex.c:1894 [inline] rwbase_rtmutex_lock_state kernel/locking/spinlock_rt.c:160 [inline] rwbase_write_lock+0xd3/0x7e0 kernel/locking/rwbase_rt.c:244 rt_write_lock+0x76/0x110 kernel/locking/spinlock_rt.c:243 write_lock_bh include/linux/rwlock_rt.h:99 [inline] tipc_mon_reinit_self+0x79/0x430 net/tipc/monitor.c:718 tipc_net_finalize+0x115/0x190 net/tipc/net.c:140 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Allocated by task 6089: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:388 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:405 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x1a8/0x320 mm/slub.c:4407 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1039 [inline] tipc_mon_create+0xc3/0x4d0 net/tipc/monitor.c:657 tipc_enable_bearer net/tipc/bearer.c:357 [inline] __tipc_nl_bearer_enable+0xe16/0x13f0 net/tipc/bearer.c:1047 __tipc_nl_compat_doit net/tipc/netlink_compat.c:371 [inline] tipc_nl_compat_doit+0x3bc/0x5f0 net/tipc/netlink_compat.c:393 tipc_nl_compat_handle net/tipc/netlink_compat.c:-1 [inline] tipc_nl_compat_recv+0x83c/0xbe0 net/tipc/netlink_compat.c:1321 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x846/0xa10 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x21c/0x270 net/socket.c:729 ____sys_sendmsg+0x508/0x820 net/socket.c:2614 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668 __sys_sendmsg net/socket.c:2700 [inline] __do_sys_sendmsg net/socket.c:2705 [inline] __se_sys_sendmsg net/socket.c:2703 [inline] __x64_sys_sendmsg+0x1a1/0x260 net/socket.c:2703 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/ ---truncated---</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40280\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/825.html\">CWE-825 Expired Pointer Dereference</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40281</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto syzbot reported a possible shift-out-of-bounds [1] Blamed commit added rto_alpha_max and rto_beta_max set to 1000. It is unclear if some sctp users are setting very large rto_alpha and/or rto_beta. In order to prevent user regression, perform the test at run time. Also add READ_ONCE() annotations as sysctl values can change under us. [1] UBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41 shift exponent 64 is too large for 32-bit type 'unsigned int' CPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:233 [inline] __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494 sctp_transport_update_rto.cold+0x1c/0x34b net/sctp/transport.c:509 sctp_check_transmitted+0x11c4/0x1c30 net/sctp/outqueue.c:1502 sctp_outq_sack+0x4ef/0x1b20 net/sctp/outqueue.c:1338 sctp_cmd_process_sack net/sctp/sm_sideeffect.c:840 [inline] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1372 [inline]</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40281\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/1335.html\">CWE-1335 Incorrect Bitwise Shift of Integer</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.4</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-40345</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-40345\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/787.html\">CWE-787 Out-of-bounds Write</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.8</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-46394</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-46394\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/451.html\">CWE-451 User Interface (UI) Misrepresentation of Critical Information</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>3.2</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N\">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-49794</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-49794\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/825.html\">CWE-825 Expired Pointer Dereference</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>9.1</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-49795</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-49795\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/825.html\">CWE-825 Expired Pointer Dereference</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.5</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-49796</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-49796\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/125.html\">CWE-125 Out-of-bounds Read</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>9.1</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-60876</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-60876\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/284.html\">CWE-284 Improper Access Control</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-66035</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-66035\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/201.html\">CWE-201 Insertion of Sensitive Information Into Sent Data</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8.6</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-66382</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-66382\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/407.html\">CWE-407 Inefficient Algorithmic Complexity</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>2.9</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-66412</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-66412\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/79.html\">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-69720</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-69720\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/121.html\">CWE-121 Stack-based Buffer Overflow</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.3</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L\">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-71185</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-71185\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-71186</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-71186\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-71188</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-71188\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-71189</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-71189\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-71190</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-71190\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2025-71191</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 (\"dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()\") fixed the leak in a couple of error paths but the reference is still leaking on successful allocation.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2025-71191\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-1484</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-1484\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/787.html\">CWE-787 Out-of-bounds Write</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>4.2</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L\">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-1489</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-1489\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/787.html\">CWE-787 Out-of-bounds Write</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.4</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-3784</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-3784\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/305.html\">CWE-305 Authentication Bypass by Primary Weakness</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-22610</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-22610\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/79.html\">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-22976</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset `qfq_class->leaf_qdisc->q.qlen > 0` does not imply that the class itself is active. Two qfq_class objects may point to the same leaf_qdisc. This happens when: 1. one QFQ qdisc is attached to the dev as the root qdisc, and 2. another QFQ qdisc is temporarily referenced (e.g., via qdisc_get() / qdisc_put()) and is pending to be destroyed, as in function tc_new_tfilter. When packets are enqueued through the root QFQ qdisc, the shared leaf_qdisc->q.qlen increases. At the same time, the second QFQ qdisc triggers qdisc_put and qdisc_destroy: the qdisc enters qfq_reset() with its own q->q.qlen == 0, but its class's leaf qdisc->q.qlen > 0. Therefore, the qfq_reset would wrongly deactivate an inactive aggregate and trigger a null-deref in qfq_deactivate_agg: [ 0.903172] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 0.903571] #PF: supervisor write access in kernel mode [ 0.903860] #PF: error_code(0x0002) - not-present page [ 0.904177] PGD 10299b067 P4D 10299b067 PUD 10299c067 PMD 0 [ 0.904502] Oops: Oops: 0002 [#1] SMP NOPTI [ 0.904737] CPU: 0 UID: 0 PID: 135 Comm: exploit Not tainted 6.19.0-rc3+ #2 NONE [ 0.905157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014 [ 0.905754] RIP: 0010:qfq_deactivate_agg (include/linux/list.h:992 (discriminator 2) include/linux/list.h:1006 (discriminator 2) net/sched/sch_qfq.c:1367 (discriminator 2) net/sched/sch_qfq.c:1393 (discriminator 2)) [ 0.906046] Code: 0f 84 4d 01 00 00 48 89 70 18 8b 4b 10 48 c7 c2 ff ff ff ff 48 8b 78 08 48 d3 e2 48 21 f2 48 2b 13 48 8b 30 48 d3 ea 8b 4b 18 0 Code starting with the faulting instruction =========================================== 0: 0f 84 4d 01 00 00 je 0x153 6: 48 89 70 18 mov %rsi,0x18(%rax) a: 8b 4b 10 mov 0x10(%rbx),%ecx d: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx 14: 48 8b 78 08 mov 0x8(%rax),%rdi 18: 48 d3 e2 shl %cl,%rdx 1b: 48 21 f2 and %rsi,%rdx 1e: 48 2b 13 sub (%rbx),%rdx 21: 48 8b 30 mov (%rax),%rsi 24: 48 d3 ea shr %cl,%rdx 27: 8b 4b 18 mov 0x18(%rbx),%ecx ... [ 0.907095] RSP: 0018:ffffc900004a39a0 EFLAGS: 00010246 [ 0.907368] RAX: ffff8881043a0880 RBX: ffff888102953340 RCX: 0000000000000000 [ 0.907723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 0.908100] RBP: ffff888102952180 R08: 0000000000000000 R09: 0000000000000000 [ 0.908451] R10: ffff8881043a0000 R11: 0000000000000000 R12: ffff888102952000 [ 0.908804] R13: ffff888102952180 R14: ffff8881043a0ad8 R15: ffff8881043a0880 [ 0.909179] FS: 000000002a1a0380(0000) GS:ffff888196d8d000(0000) knlGS:0000000000000000 [ 0.909572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.909857] CR2: 0000000000000000 CR3: 0000000102993002 CR4: 0000000000772ef0 [ 0.910247] PKRU: 55555554 [ 0.910391] Call Trace: [ 0.910527] [ 0.910638] qfq_reset_qdisc (net/sched/sch_qfq.c:357 net/sched/sch_qfq.c:1485) [ 0.910826] qdisc_reset (include/linux/skbuff.h:2195 include/linux/skbuff.h:2501 include/linux/skbuff.h:3424 include/linux/skbuff.h:3430 net/sched/sch_generic.c:1036) [ 0.911040] __qdisc_destroy (net/sched/sch_generic.c:1076) [ 0.911236] tc_new_tfilter (net/sched/cls_api.c:2447) [ 0.911447] rtnetlink_rcv_msg (net/core/rtnetlink.c:6958) [ 0.911663] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6861) [ 0.911894] netlink_rcv_skb (net/netlink/af_netlink.c:2550) [ 0.912100] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344) [ 0.912296] ? __alloc_skb (net/core/skbuff.c:706) [ 0.912484] netlink_sendmsg (net/netlink/af ---truncated---</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-22976\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/476.html\">CWE-476 NULL Pointer Dereference</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-22977</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sock_recv_errqueue skbuff_fclone_cache was created without defining a usercopy region, [1] unlike skbuff_head_cache which properly whitelists the cb[] field. [2] This causes a usercopy BUG() when CONFIG_HARDENED_USERCOPY is enabled and the kernel attempts to copy sk_buff.cb data to userspace via sock_recv_errqueue() -> put_cmsg(). The crash occurs when: 1. TCP allocates an skb using alloc_skb_fclone() (from skbuff_fclone_cache) [1] 2. The skb is cloned via skb_clone() using the pre-allocated fclone [3] 3. The cloned skb is queued to sk_error_queue for timestamp reporting 4. Userspace reads the error queue via recvmsg(MSG_ERRQUEUE) 5. sock_recv_errqueue() calls put_cmsg() to copy serr->ee from skb->cb [4] 6. __check_heap_object() fails because skbuff_fclone_cache has no usercopy whitelist [5] When cloned skbs allocated from skbuff_fclone_cache are used in the socket error queue, accessing the sock_exterr_skb structure in skb->cb via put_cmsg() triggers a usercopy hardening violation: [ 5.379589] usercopy: Kernel memory exposure attempt detected from SLUB object 'skbuff_fclone_cache' (offset 296, size 16)! [ 5.382796] kernel BUG at mm/usercopy.c:102! [ 5.383923] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 5.384903] CPU: 1 UID: 0 PID: 138 Comm: poc_put_cmsg Not tainted 6.12.57 #7 [ 5.384903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 5.384903] RIP: 0010:usercopy_abort+0x6c/0x80 [ 5.384903] Code: 1a 86 51 48 c7 c2 40 15 1a 86 41 52 48 c7 c7 c0 15 1a 86 48 0f 45 d6 48 c7 c6 80 15 1a 86 48 89 c1 49 0f 45 f3 e8 84 27 88 ff <0f> 0b 490 [ 5.384903] RSP: 0018:ffffc900006f77a8 EFLAGS: 00010246 [ 5.384903] RAX: 000000000000006f RBX: ffff88800f0ad2a8 RCX: 1ffffffff0f72e74 [ 5.384903] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff87b973a0 [ 5.384903] RBP: 0000000000000010 R08: 0000000000000000 R09: fffffbfff0f72e74 [ 5.384903] R10: 0000000000000003 R11: 79706f6372657375 R12: 0000000000000001 [ 5.384903] R13: ffff88800f0ad2b8 R14: ffffea00003c2b40 R15: ffffea00003c2b00 [ 5.384903] FS: 0000000011bc4380(0000) GS:ffff8880bf100000(0000) knlGS:0000000000000000 [ 5.384903] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5.384903] CR2: 000056aa3b8e5fe4 CR3: 000000000ea26004 CR4: 0000000000770ef0 [ 5.384903] PKRU: 55555554 [ 5.384903] Call Trace: [ 5.384903] [ 5.384903] __check_heap_object+0x9a/0xd0 [ 5.384903] __check_object_size+0x46c/0x690 [ 5.384903] put_cmsg+0x129/0x5e0 [ 5.384903] sock_recv_errqueue+0x22f/0x380 [ 5.384903] tls_sw_recvmsg+0x7ed/0x1960 [ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5 [ 5.384903] ? schedule+0x6d/0x270 [ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5 [ 5.384903] ? mutex_unlock+0x81/0xd0 [ 5.384903] ? __pfx_mutex_unlock+0x10/0x10 [ 5.384903] ? __pfx_tls_sw_recvmsg+0x10/0x10 [ 5.384903] ? _raw_spin_lock_irqsave+0x8f/0xf0 [ 5.384903] ? _raw_read_unlock_irqrestore+0x20/0x40 [ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5 The crash offset 296 corresponds to skb2->cb within skbuff_fclones: - sizeof(struct sk_buff) = 232 - offsetof(struct sk_buff, cb) = 40 - offset of skb2.cb in fclones = 232 + 40 = 272 - crash offset 296 = 272 + 24 (inside sock_exterr_skb.ee) This patch uses a local stack variable as a bounce buffer to avoid the hardened usercopy check failure. [1] https://elixir.bootlin.com/linux/v6.12.62/source/net/ipv4/tcp.c#L885 [2] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5104 [3] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5566 [4] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5491 [5] https://elixir.bootlin.com/linux/v6.12.62/source/mm/slub.c#L5719</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-22977\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/489.html\">CWE-489 Active Debug Code</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23025</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: prevent pcp corruption with SMP=n The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0 CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470 Call Trace: __dump_stack (lib/dump_stack.c:95) dump_stack_lvl (lib/dump_stack.c:123) dump_stack (lib/dump_stack.c:130) spin_dump (kernel/locking/spinlock_debug.c:71) do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?) _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138) __free_frozen_pages (mm/page_alloc.c:2973) ___free_pages (mm/page_alloc.c:5295) __free_pages (mm/page_alloc.c:5334) tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290) ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289) ? rcu_core (kernel/rcu/tree.c:?) rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861) rcu_core_si (kernel/rcu/tree.c:2879) handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623) __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725) irq_exit_rcu (kernel/softirq.c:741) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052) RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) free_pcppages_bulk (mm/page_alloc.c:1494) drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632) __drain_all_pages (mm/page_alloc.c:2731) drain_all_pages (mm/page_alloc.c:2747) kcompactd (mm/compaction.c:3115) kthread (kernel/kthread.c:465) ? __cfi_kcompactd (mm/compaction.c:3166) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork (arch/x86/kernel/process.c:164) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork_asm (arch/x86/entry/entry_64.S:255) Matthew has analyzed the report and identified that in drain_page_zone() we are in a section protected by spin_lock(&pcp->lock) and then get an interrupt that attempts spin_trylock() on the same lock. The code is designed to work this way without disabling IRQs and occasionally fail the trylock with a fallback. However, the SMP=n spinlock implementation assumes spin_trylock() will always succeed, and thus it's normally a no-op. Here the enabled lock debugging catches the problem, but otherwise it could cause a corruption of the pcp structure. The problem has been introduced by commit 574907741599 (\"mm/page_alloc: leave IRQs enabled for per-cpu page allocations\"). The pcp locking scheme recognizes the need for disabling IRQs to prevent nesting spin_trylock() sections on SMP=n, but the need to prevent the nesting in spin_lock() has not been recognized. Fix it by introducing local wrappers that change the spin_lock() to spin_lock_iqsave() with SMP=n and use them in all places that do spin_lock(&pcp->lock). [vbabka@suse.cz: add pcp_ prefix to the spin_lock_irqsave wrappers, per Steven]</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23025\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23026</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes unreachable and cannot be freed Fix this by using a temporary variable to hold the krealloc() result and only updating gchan->config when the allocation succeeds. Found via static analysis and code review.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23026\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23030</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with the child_np has been released, the code will jump to the put_child label and will call the of_node_put() again if the devm_request_threaded_irq() fails. These cause a double free bug. Fix by returning directly to avoid the duplicate of_node_put().</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23030\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23031</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23031\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23032</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm \"mkdir\", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23032\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23033</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resource leak in the probe error paths. Add dma_pool_destroy() in both error paths to properly release the allocated dma_pool resource.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23033\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23037</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x_open() to return early, skipping the cleanup label 'free_urbs', which leads to the anchored URBs being leaked. As pointed out by maintainer Vincent Mailhol, the driver is designed to handle partial URB allocation gracefully. Therefore, partial allocation should not be treated as a fatal error. Modify es58x_alloc_rx_urbs() to return 0 if at least one URB has been allocated, restoring the intended behavior and preventing the leak in es58x_open().</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23037\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23038</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak. Fix this by jumping to the out_err_drain_dsaddrs label, which properly frees the dsaddrs list before cleaning up other resources.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23038\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23111</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that are already active (they don't need re-activation) and process elements that are inactive (they need to be restored). Instead, the current code does the opposite: it skips inactive elements and processes active ones. Compare the non-catchall activate callback, which is correct: nft_mapelem_activate(): if (nft_set_elem_active(ext, iter->genmask)) return 0; /* skip active, process inactive */ With the buggy catchall version: nft_map_catchall_activate(): if (!nft_set_elem_active(ext, genmask)) continue; /* skip inactive, process active */ The consequence is that when a DELSET operation is aborted, nft_setelem_data_activate() is never called for the catchall element. For NFT_GOTO verdict elements, this means nft_data_hold() is never called to restore the chain->use reference count. Each abort cycle permanently decrements chain->use. Once chain->use reaches zero, DELCHAIN succeeds and frees the chain while catchall verdict elements still reference it, resulting in a use-after-free. This is exploitable for local privilege escalation from an unprivileged user via user namespaces + nftables on distributions that enable CONFIG_USER_NS and CONFIG_NF_TABLES. Fix by removing the negation so the check matches nft_mapelem_activate(): skip active elements, process inactive ones.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23111\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23112</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23112\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>9.8</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23220</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In __process_request(), if check_sign_req() returns an error, set_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called. set_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resetting next_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain is lost. Consequently, is_chained_smb2_message() continues to point to the same request header instead of advancing. If the header's NextCommand field is non-zero, the function returns true, causing __handle_ksmbd_work() to repeatedly process the same failed request in an infinite loop. This results in the kernel log being flooded with \"bad smb2 signature\" messages and high CPU usage. This patch fixes the issue by changing the return value from SERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that the processing loop terminates immediately rather than attempting to continue from an invalidated offset.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23220\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/835.html\">CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23222</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too small allocation. Use sizeof(*new_sg) to get the correct object size.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23222\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23228</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this counter. Replace free_transport() with ksmbd_tcp_disconnect().</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23228\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23229</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23229\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/820.html\">CWE-820 Missing Synchronization</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23230</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23230\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23231</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_register_hook() then fails, the error path calls nft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy() with no RCU grace period in between. This creates two use-after-free conditions: 1) Control-plane: nf_tables_dump_chains() traverses table->chains under rcu_read_lock(). A concurrent dump can still be walking the chain when the error path frees it. 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly installs the IPv4 hook before IPv6 registration fails. Packets entering nft_do_chain() via the transient IPv4 hook can still be dereferencing chain->blob_gen_X when the error path frees the chain. Add synchronize_rcu() between nft_chain_del() and the chain destroy so that all RCU readers -- both dump threads and in-flight packet evaluation -- have finished before the chain is freed.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23231\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.8</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23236</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23236\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.3</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-23238</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if the requested block size is incompatible with the block device's configuration. This can be triggered by setting a loop device's block size larger than PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs filesystem on that device. When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the device has logical_block_size=32768, bdev_validate_blocksize() fails because the requested size is smaller than the device's logical block size. sb_set_blocksize() returns 0 (failure), but romfs ignores this and continues mounting. The superblock's block size remains at the device's logical block size (32768). Later, when sb_bread() attempts I/O with this oversized block size, it triggers a kernel BUG in folio_set_bh(): kernel BUG at fs/buffer.c:1582! BUG_ON(size > PAGE_SIZE); Fix by checking the return value of sb_set_blocksize() and failing the mount with -EINVAL if it returns 0.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-23238\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/20.html\">CWE-20 Improper Input Validation</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.5</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-24515</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-24515\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/476.html\">CWE-476 NULL Pointer Dereference</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>2.9</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-25210</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-25210\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/190.html\">CWE-190 Integer Overflow or Wraparound</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L\">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-26157</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-26157\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/73.html\">CWE-73 External Control of File Name or Path</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-26158</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-26158\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/73.html\">CWE-73 External Control of File Name or Path</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-35535</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-35535\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/271.html\">CWE-271 Privilege Dropping / Lowering Errors</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.4</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-41918</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-41918\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens SINEC OS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00)</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Update to V4.0 or later version<br><a href=\"https://support.industry.siemens.com/cs/ww/en/view/110002573/\">https://support.industry.siemens.com/cs/ww/en/view/110002573/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/525.html\">CWE-525 Use of Web Browser Cache Containing Sensitive Information</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.7</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Siemens ProductCERT reported these vulnerabilities to CISA.</li>\n</ul>\n<hr>\n<h2>General Recommendations</h2>\n<p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p>\n<hr>\n<h2>Additional Resources</h2>\n<p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p>\n<hr>\n<h2>Terms of Use</h2>\n<p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-253495 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-02</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-02</td>\n<td>1</td>\n<td>Publication Date</td>\n</tr>\n<tr>\n<td>2026-07-07</td>\n<td>2</td>\n<td>Initial CISA Republication of Siemens ProductCERT SSA-253495 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "863a7fd12dd9ba344ea44bc4b58040e29efdb9c1", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Digi International PortServer TS, Digi One SP IA", "summary": "View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts. The following versions of Digi International PortServer TS, Digi One SP IA are affected: PortServer TS Digi One SP Digi One SP IA Digi One IA CVSS Vendor Equipment Vulnerabilities v3 5.9 Digi International Digi International PortServer TS, Digi One SP IA Incorrect Authorization, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Background Critical Infrastructure Sectors: Critical Manufacturing, Communications, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12352 The vulnerability allows an unauthenticated actor to bypass authenticat…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Digi International PortServer TS, Digi One SP IA", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-07.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.</strong></p>\n<p>The following versions of Digi International PortServer TS, Digi One SP IA are affected:</p>\n<ul>\n<li>PortServer TS</li>\n<li>Digi One SP</li>\n<li>Digi One SP IA</li>\n<li>Digi One IA</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 5.9</td>\n<td>Digi International</td>\n<td>Digi International PortServer TS, Digi One SP IA</td>\n<td>Incorrect Authorization, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Communications, Information Technology, Transportation Systems</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>United States</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-12352</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-12352\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Digi International PortServer TS, Digi One SP IA</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Digi International</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Digi International PortServer TS: <Firmware_2025, Digi International Digi One SP: <Firmware_2025, Digi International Digi One SP IA: <Firmware_2025, Digi International Digi One IA: <Firmware_2025</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:</p>\n<p><strong>Vendor fix</strong><br>For Digi PortServer TS: Enable HTTPS on the web server.</p>\n<p><strong>Mitigation</strong><br>Alternatively, disable the web server when it is not actively being used for configuration.</p>\n<p><strong>Mitigation</strong><br>Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.</p>\n<p><strong>Vendor fix</strong><br>For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.</p>\n<p><strong>Mitigation</strong><br>The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.</p>\n<p><strong>Mitigation</strong><br>Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.</p>\n<p><strong>Mitigation</strong><br>Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.</p>\n<p><strong>Mitigation</strong><br>For assistance users should contact Digi International's support team https://www.digi.com/support.<br><a href=\"https://www.digi.com/support\">https://www.digi.com/support</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/863.html\">CWE-863 Incorrect Authorization</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.2</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-12948</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-12948\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Digi International PortServer TS, Digi One SP IA</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Digi International</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Digi International PortServer TS: <Firmware_2025, Digi International Digi One SP: <Firmware_2025, Digi International Digi One SP IA: <Firmware_2025, Digi International Digi One IA: <Firmware_2025</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:</p>\n<p><strong>Vendor fix</strong><br>For Digi PortServer TS: Enable HTTPS on the web server.</p>\n<p><strong>Mitigation</strong><br>Alternatively, disable the web server when it is not actively being used for configuration.</p>\n<p><strong>Mitigation</strong><br>Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.</p>\n<p><strong>Vendor fix</strong><br>For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.</p>\n<p><strong>Mitigation</strong><br>Digi International recommends users perform the following actions regarding XSS: Digi International will not provide a firmware fix for products affected by CVE-2026-12948, which are approaching end-of-life. Digi International recommends users upgrade to the Digi Connect EZ or Digi Connect EZ TS as a long-term solution.</p>\n<p><strong>Mitigation</strong><br>The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.</p>\n<p><strong>Mitigation</strong><br>Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.</p>\n<p><strong>Mitigation</strong><br>Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.</p>\n<p><strong>Mitigation</strong><br>For assistance users should contact Digi International's support team https://www.digi.com/support.<br><a href=\"https://www.digi.com/support\">https://www.digi.com/support</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/79.html\">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>3.8</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>4.8</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>nviCloud reported these vulnerabilities to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-07</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-07</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "21d3a04e1f5ac7b6e142db4d6e02f9e10f1e5984", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Hitachi Energy e-mesh EMS", "summary": "View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy e-mesh EMS are affected: Hitachi Energy e-mesh EMS 4.1.6, 4.4.2, 4.7.0 CVSS Vendor Equipment Vulnerabilities v3 8.1 Hitachi Energy Hitachi Energy e-mesh EMS Heap-based Buffer Overflow Background Critical Infrastructure Sectors: Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-42945 NGINX Plus and NGINX Open Source used in e-mesh EMS have a vulne…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-03", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Hitachi Energy e-mesh EMS", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-03.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.</strong></p>\n<p>The following versions of Hitachi Energy e-mesh EMS are affected:</p>\n<ul>\n<li>Hitachi Energy e-mesh EMS 4.1.6, 4.4.2, 4.7.0</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 8.1</td>\n<td>Hitachi Energy</td>\n<td>Hitachi Energy e-mesh EMS</td>\n<td>Heap-based Buffer Overflow</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Energy</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Switzerland</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-42945</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>NGINX Plus and NGINX Open Source used in e-mesh EMS have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. e-mesh EMS versions using NGINX v1.30.0 and below are affected.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-42945\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Hitachi Energy e-mesh EMS</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Hitachi Energy</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>e-mesh EMS versions 4.1.6, e-mesh EMS versions 4.4.2, e-mesh EMS versions 4.7.0</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>Apply hotfix for respective e-mesh EMS versions to update NGINX to either v1.30.2 or latest</p>\n<p><strong>Mitigation</strong><br>Ensure rewrite configuration does not contain \"?\" to replace unnamed captures, and ensure ASLR is set to active (value=2) across all deployment targets covering all 3 versions.</p>\n<p><strong>Mitigation</strong><br>Underlying Ubuntu Server 20.04 LTS is End of Life. For e-mesh EMS versions 4.1.6/4.4.2 using Ubuntu 20.04 LTS, upgrade to Ubuntu Server 22.04, or 24.04, or activate Ubuntu Pro/ESM as an interim measure.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/122.html\">CWE-122 Heap-based Buffer Overflow</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8.1</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>9.2</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Hitachi Energy Internal Team</li>\n</ul>\n<hr>\n<h2>Notice</h2>\n<p>The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p>\n<hr>\n<h2>Support</h2>\n<p>For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.</p>\n<hr>\n<h2>General Mitigation Factors</h2>\n<p>Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. Additional information on Industrial Control Systems Cybersecurity Best Practices can be found in the Hitachi Energy “Industrial Control Systems Cybersecurity Best Practices” Cybersecurity Notification. [1]</p>\n<hr>\n<h2>SSVC</h2>\n<p>SSVCv2/E:N/A:N/2026-06-29T17:00:59Z/</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000253 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-30</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-30</td>\n<td>1</td>\n<td>Initial public release</td>\n</tr>\n<tr>\n<td>2026-07-07</td>\n<td>2</td>\n<td>Initial CISA Republication of Hitachi Energy PSIRT 8DBD000253 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-03", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "8cb9bfa83a5eee5028985644823ee2572802f3a6", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Hydro-Québec Le Circuit Electrique charging station backend", "summary": "View CSAF Summary Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected: Le Circuit Electrique charging station backend CVSS Vendor Equipment Vulnerabilities v3 9.8 Hydro-Québec Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration Background Critical Infrastructure Sectors: Transportation Systems Countries/Areas Deployed: Canada Company Headquarters Location: Canada Vulnerabilities Expand All + CVE-2026-20744 The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation. View CVE Details Affected Products Hydro-Québec Le Circuit …", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Hydro-Québec Le Circuit Electrique charging station backend", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-01.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack.</strong></p>\n<p>The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected:</p>\n<ul>\n<li>Le Circuit Electrique charging station backend</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 9.8</td>\n<td>Hydro-Québec</td>\n<td>Hydro-Québec Le Circuit Electrique charging station backend</td>\n<td>Improper Access Control, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Transportation Systems</li>\n<li><strong>Countries/Areas Deployed: </strong>Canada</li>\n<li><strong>Company Headquarters Location: </strong>Canada</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-20744</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-20744\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Hydro-Québec Le Circuit Electrique charging station backend</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Hydro-Québec</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Hydro-Québec Le Circuit Electrique charging station backend: <June_2026</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/284.html\">CWE-284 Improper Access Control</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>9.8</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>9.3</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-42952</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a Denial-of-Service attack.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-42952\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Hydro-Québec Le Circuit Electrique charging station backend</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Hydro-Québec</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Hydro-Québec Le Circuit Electrique charging station backend: <June_2026</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/307.html\">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.5</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-44383</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-44383\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Hydro-Québec Le Circuit Electrique charging station backend</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Hydro-Québec</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Hydro-Québec Le Circuit Electrique charging station backend: <June_2026</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/613.html\">CWE-613 Insufficient Session Expiration</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.5</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>An anonymous researcher reported these vulnerabilities to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-07</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-07</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "3474c69f0d4b797b94e5b5b2fe8d5b96c47e85c6", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Siemens Mendix Studio Pro", "summary": "View CSAF Summary Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Mendix Studio Pro are affected: Mendix Studio Pro 10.11 vers:all/* Mendix Studio Pro 10.12 vers:all/* Mendix Studio Pro 10.13 vers:all/* Mendix Studio Pro 10.14 vers:all/* Mendix Studio Pro 10.15 vers:all/* Mendix Studio Pro 10.16 vers:all/* Mendix Studio Pro 10.17 vers:all/* Mendix Studio Pro 10.18 vers:all/* Men…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-04", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Siemens Mendix Studio Pro", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-04.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.</strong></p>\n<p>The following versions of Siemens Mendix Studio Pro are affected:</p>\n<ul>\n<li>Mendix Studio Pro 10.11 vers:all/*</li>\n<li>Mendix Studio Pro 10.12 vers:all/* </li>\n<li>Mendix Studio Pro 10.13 vers:all/*</li>\n<li>Mendix Studio Pro 10.14 vers:all/* </li>\n<li>Mendix Studio Pro 10.15 vers:all/* </li>\n<li>Mendix Studio Pro 10.16 vers:all/* </li>\n<li>Mendix Studio Pro 10.17 vers:all/* </li>\n<li>Mendix Studio Pro 10.18 vers:all/* </li>\n<li>Mendix Studio Pro 10.19 vers:all/* </li>\n<li>Mendix Studio Pro 10.20 vers:all/* </li>\n<li>Mendix Studio Pro 10.21 vers:all/* </li>\n<li>Mendix Studio Pro 10.22 vers:all/* </li>\n<li>Mendix Studio Pro 10.23 vers:all/* </li>\n<li>Mendix Studio Pro 10.24 vers:intdot/<10.24.21</li>\n<li>Mendix Studio Pro 11.0 vers:all/* </li>\n<li>Mendix Studio Pro 11.1 vers:all/* </li>\n<li>Mendix Studio Pro 11.10 vers:all/* </li>\n<li>Mendix Studio Pro 11.11 vers:all/* </li>\n<li>Mendix Studio Pro 11.2 vers:all/* </li>\n<li>Mendix Studio Pro 11.3 vers:all/* </li>\n<li>Mendix Studio Pro 11.4 vers:all/* </li>\n<li>Mendix Studio Pro 11.5 vers:all/* </li>\n<li>Mendix Studio Pro 11.6 vers:intdot/<11.6.7 </li>\n<li>Mendix Studio Pro 11.7 vers:all/* </li>\n<li>Mendix Studio Pro 11.8 vers:all/*</li>\n<li>Mendix Studio Pro 11.9 vers:all/* </li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 5.4</td>\n<td>Siemens</td>\n<td>Siemens Mendix Studio Pro</td>\n<td>Improper Control of Generation of Code ('Code Injection')</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>Germany</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-48192</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-48192\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Siemens Mendix Studio Pro</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Siemens</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Mendix Studio Pro 10.11, Mendix Studio Pro 10.12, Mendix Studio Pro 10.13, Mendix Studio Pro 10.14, Mendix Studio Pro 10.15, Mendix Studio Pro 10.16, Mendix Studio Pro 10.17, Mendix Studio Pro 10.18, Mendix Studio Pro 10.19, Mendix Studio Pro 10.20, Mendix Studio Pro 10.21, Mendix Studio Pro 10.22, Mendix Studio Pro 10.23, Mendix Studio Pro 10.24 < V10.24.21, Mendix Studio Pro 11.0, Mendix Studio Pro 11.1, Mendix Studio Pro 11.10, Mendix Studio Pro 11.11, Mendix Studio Pro 11.2, Mendix Studio Pro 11.3, Mendix Studio Pro 11.4, Mendix Studio Pro 11.5, Mendix Studio Pro 11.6 < V11.6.7, Mendix Studio Pro 11.7, Mendix Studio Pro 11.8, Mendix Studio Pro 11.9</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>No fix planned</strong><br>Currently no fix is planned</p>\n<p><strong>Vendor fix</strong><br>Update to V10.24.21 or later version<br><a href=\"https://docs.mendix.com/releasenotes/studio-pro/10.24/\">https://docs.mendix.com/releasenotes/studio-pro/10.24/</a></p>\n<p><strong>Vendor fix</strong><br>Update to V11.6.7 or later version<br><a href=\"https://docs.mendix.com/releasenotes/studio-pro/11.6/\">https://docs.mendix.com/releasenotes/studio-pro/11.6/</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/94.html\">CWE-94 Improper Control of Generation of Code ('Code Injection')</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.4</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N\">CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Siemens ProductCERT reported this vulnerability to CISA.</li>\n</ul>\n<hr>\n<h2>General Recommendations</h2>\n<p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p>\n<hr>\n<h2>Additional Resources</h2>\n<p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p>\n<hr>\n<h2>Terms of Use</h2>\n<p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<hr>\n<h2>Advisory Conversion Disclaimer</h2>\n<p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-779310 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-06-30</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-06-30</td>\n<td>1</td>\n<td>Publication Date</td>\n</tr>\n<tr>\n<td>2026-07-07</td>\n<td>2</td>\n<td>Initial CISA Republication of Siemens ProductCERT SSA-779310 advisory</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-04", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "dd12a5cc4bab08dd0c96a5a912a3e9864b999f4b", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Adds One Known Exploited Vulnerability to Catalog", "summary": "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk v…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-one-known-exploited-vulnerability-catalog", "image": "", "published": "2026-07-07T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "CISA Adds One Known Exploited Vulnerability to Catalog", "summary": "<p>CISA has added one new vulnerability to its <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>\n<ul>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-48282\" target=\"_blank\">CVE-2026-48282</a> Adobe ColdFusion Path Traversal Vulnerability</li>\n</ul>\n<p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.</p>\n<p><a href=\"https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk\">Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk</a> establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.</p>\n<p>While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">KEV Catalog vulnerabilities</a>. CISA will continue to add vulnerabilities to the catalog that meet the <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities\">specified criteria</a>.</p>\n<p>Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s <a href=\"https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_1Zwu52kgK2OYf3w\" target=\"_blank\">KEV Nomination Form</a>. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. </p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-one-known-exploited-vulnerability-catalog", "image": "", "published": "Tue, 07 Jul 26 12:00:00 +0000" } }, { "id": "743c14d97ebe8be6820ec877b1d60e99ecedd7a6", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "Gardyn IoT Hub", "summary": "View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03", "image": "", "published": "2026-07-02T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "Gardyn IoT Hub", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.</strong></p>\n<p>The following versions of Gardyn IoT Hub are affected:</p>\n<ul>\n<li>Home Firmware</li>\n<li>Studio Firmware</li>\n<li>Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477)</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 10</td>\n<td>Gardyn</td>\n<td>Gardyn IoT Hub</td>\n<td>Use of Hard-coded Credentials, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improper Neutralization of HTTP Headers for Scripting Syntax</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Food and Agriculture</li>\n<li><strong>Countries/Areas Deployed: </strong>United States</li>\n<li><strong>Company Headquarters Location: </strong>United States</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-13768</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-13768\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Gardyn IoT Hub</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Gardyn</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Gardyn Home Firmware: <master.627, Gardyn Studio Firmware: <master.627, Gardyn Cloud API: <2.12.2026</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.</p>\n<p><strong>Mitigation</strong><br>Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p>\n<p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/<br><a href=\"https://mygardyn.com/security/\">https://mygardyn.com/security/</a></p>\n<p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com<br><a href=\"mailto:support@mygardyn.com\">mailto:support@mygardyn.com</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/798.html\">CWE-798 Use of Hard-coded Credentials</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>10</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>9.5</td>\n<td>CRITICAL</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L\">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-55726</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-55726\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Gardyn IoT Hub</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Gardyn</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Gardyn Home Firmware: <master.627, Gardyn Studio Firmware: <master.627, Gardyn Cloud API: <2.12.2026</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.</p>\n<p><strong>Mitigation</strong><br>Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p>\n<p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/<br><a href=\"https://mygardyn.com/security/\">https://mygardyn.com/security/</a></p>\n<p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com<br><a href=\"mailto:support@mygardyn.com\">mailto:support@mygardyn.com</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/497.html\">CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.3</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>6.9</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-54477</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-54477\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>Gardyn IoT Hub</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>Gardyn</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>Gardyn Home Firmware: <master.627, Gardyn Studio Firmware: <master.627, Gardyn Cloud API: <2.12.2026</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.</p>\n<p><strong>Mitigation</strong><br>Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p>\n<p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/<br><a href=\"https://mygardyn.com/security/\">https://mygardyn.com/security/</a></p>\n<p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com<br><a href=\"mailto:support@mygardyn.com\">mailto:support@mygardyn.com</a></p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/644.html\">CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>5.4</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>5.1</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Michael Groberman reported these vulnerabilities to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-02</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-02</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03", "image": "", "published": "Thu, 02 Jul 26 12:00:00 +0000" } }, { "id": "4370385b60727ff993765267dc2dc6e3efbd2565", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CubeSpace CW0057 Reaction Wheel", "summary": "View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas Deployed: Worldwide Company Headquarters Location: South Africa Vulnerabilities Expand All + CVE-2026-13743 CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication. View CVE Details Affected Products CubeSpace CW0057…", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-02", "image": "", "published": "2026-07-02T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "CubeSpace CW0057 Reaction Wheel", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-02.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.</strong></p>\n<p>The following versions of CubeSpace CW0057 Reaction Wheel are affected:</p>\n<ul>\n<li>CW0057 Reaction Wheel</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 6.1</td>\n<td>CubeSpace</td>\n<td>CubeSpace CW0057 Reaction Wheel</td>\n<td>Improper Verification of Cryptographic Signature</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Communications</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>South Africa</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-13743</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-13743\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>CubeSpace CW0057 Reaction Wheel</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>CubeSpace</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>CubeSpace CW0057 Reaction Wheel: <firmware_5.0.20</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Vendor fix</strong><br>CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed‑boot functionality, particularly the fully immutable mode, to achieve full security.</p>\n<p><strong>Mitigation</strong><br>CubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, CubeSpace offers optional cryptographic secure boot of varying security levels which customers can enable. Given the physical-access prerequisite and the availability of recovery, CubeSpace assesses the practical risk as low.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/347.html\">CWE-347 Improper Verification of Cryptographic Signature</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>6.1</td>\n<td>MEDIUM</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\">CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>3.3</td>\n<td>LOW</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\">CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Anthony Rose reported this vulnerability to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p>\n<p>Do not click web links or open attachments in unsolicited email messages.</p>\n<p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p>\n<p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p>\n<p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-02</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-02</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-02", "image": "", "published": "Thu, 02 Jul 26 12:00:00 +0000" } }, { "id": "96eb4789f037ae680c44dafd2e363cc1a22e23f9", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "ST Engineering iDirect iQ-Series Terminals", "summary": "View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01", "image": "", "published": "2026-07-02T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "ST Engineering iDirect iQ-Series Terminals", "summary": "<p><a href=\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json\"><strong>View CSAF</strong></a></p>\n<h2>Summary</h2>\n<p><strong>Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.</strong></p>\n<p>The following versions of ST Engineering iDirect iQ-Series Terminals are affected:</p>\n<ul>\n<li>Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)</li>\n<li>3315‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)</li>\n<li>9‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)</li>\n</ul>\n<div class=\"csaf-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS</th>\n<th role=\"columnheader\">Vendor</th>\n<th role=\"columnheader\">Equipment</th>\n<th role=\"columnheader\">Vulnerabilities</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>v3 8.1</td>\n<td>ST Engineering iDirect</td>\n<td>ST Engineering iDirect iQ-Series Terminals</td>\n<td>Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF)</td>\n</tr>\n</tbody>\n</table>\n</div>\n<h3>Background</h3>\n<ul>\n<li><strong>Critical Infrastructure Sectors: </strong>Communications, Defense Industrial Base, Energy, Government Services and Facilities, Transportation Systems</li>\n<li><strong>Countries/Areas Deployed: </strong>Worldwide</li>\n<li><strong>Company Headquarters Location: </strong>United States</li>\n</ul>\n<hr>\n<h2>Vulnerabilities</h2>\n<div class=\"csaf-accordion\">\n<p><a class=\"csaf-accordion-toggle-all\" href=\"#\">Expand All +</a></p>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-38059</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-38059\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ST Engineering iDirect iQ-Series Terminals</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ST Engineering iDirect</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ST Engineering iDirect Evolution iQ‑Series terminals: <=4.5.2.1, ST Engineering iDirect 3315‑Series terminals: <=4.5.2.1, ST Engineering iDirect 9‑Series terminals: <=4.5.2.1</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.</p>\n<p><strong>Mitigation</strong><br>Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s/login.<br><a href=\"https://support.idirect.net/s/login\">https://support.idirect.net/s/login</a></p>\n<p><strong>Mitigation</strong><br>Restrict management interfaces to trusted networks (e.g., VPN, ACLs).</p>\n<p><strong>Mitigation</strong><br>Avoid exposing administrative APIs to the public internet.</p>\n<p><strong>Mitigation</strong><br>Enforce strong authentication practices.</p>\n<p><strong>Mitigation</strong><br>Monitor for anomalous API activity and unexpected device reboots.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/306.html\">CWE-306 Missing Authentication for Critical Function</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>7.5</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>8.7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n<h3><a class=\"csaf-accordion-toggle\" href=\"#\">CVE-2026-38057</a></h3>\n<div class=\"csaf-accordion-content\">\n<p>The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition.</p>\n<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-38057\">View CVE Details</a></p>\n<hr>\n<h4>Affected Products</h4>\n<h5>ST Engineering iDirect iQ-Series Terminals</h5>\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\"><strong>Vendor:</strong><br>ST Engineering iDirect</div>\n<div class=\"ics-version\"><strong>Product Version:</strong><br>ST Engineering iDirect Evolution iQ‑Series terminals: <=4.5.2.1, ST Engineering iDirect 3315‑Series terminals: <=4.5.2.1, ST Engineering iDirect 9‑Series terminals: <=4.5.2.1</div>\n<div class=\"ics-status\"><strong>Product Status:</strong><br>known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n<h6>Remediations</h6>\n<p><strong>Mitigation</strong><br>ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.</p>\n<p><strong>Mitigation</strong><br>Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s/login.<br><a href=\"https://support.idirect.net/s/login\">https://support.idirect.net/s/login</a></p>\n<p><strong>Mitigation</strong><br>Restrict management interfaces to trusted networks (e.g., VPN, ACLs).</p>\n<p><strong>Mitigation</strong><br>Avoid exposing administrative APIs to the public internet.</p>\n<p><strong>Mitigation</strong><br>Enforce strong authentication practices.</p>\n<p><strong>Mitigation</strong><br>Monitor for anomalous API activity and unexpected device reboots.</p>\n</div>\n<p><strong>Relevant CWE:</strong> <a href=\"https://cwe.mitre.org/data/definitions/352.html\">CWE-352 Cross-Site Request Forgery (CSRF)</a></p>\n<hr>\n<h4>Metrics</h4>\n<div class=\"csaf-table csaf-metrics-table\">\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">CVSS Version</th>\n<th role=\"columnheader\">Base Score</th>\n<th role=\"columnheader\">Base Severity</th>\n<th role=\"columnheader\">Vector String</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>3.1</td>\n<td>8.1</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H</a></td>\n</tr>\n<tr>\n<td>4.0</td>\n<td>7</td>\n<td>HIGH</td>\n<td><a href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N\">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N</a></td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n<hr>\n<h2>Acknowledgments</h2>\n<ul>\n<li>Ahmed Alqahtani of Aramco reported these vulnerabilities to CISA</li>\n</ul>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n<p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p>\n<hr>\n<h2>Recommended Practices</h2>\n<p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.</p>\n<p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p>\n<p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p>\n<p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p>\n<p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p>\n<p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p>\n<p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p>\n<p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p>\n<p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p>\n<p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p>\n<p>Do not click web links or open attachments in unsolicited email messages.</p>\n<p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p>\n<p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p>\n<p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p>\n<hr>\n<h2>Revision History</h2>\n<ul>\n<li><strong>Initial Release Date: </strong>2026-07-02</li>\n</ul>\n<table class=\"tablesaw tablesaw-stack\" data-tablesaw-mode=\"stack\" data-tablesaw-minimap>\n<thead>\n<tr>\n<th role=\"columnheader\" data-tablesaw-priority=\"persist\">Date</th>\n<th role=\"columnheader\">Revision</th>\n<th role=\"columnheader\">Summary</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>2026-07-02</td>\n<td>1</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<hr>\n<h2>Legal Notice and Terms of Use</h2>\n", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01", "image": "", "published": "Thu, 02 Jul 26 12:00:00 +0000" } }, { "id": "eefe077b5e3ebe0d7b85ae536c0d6f82de2a38d9", "source_id": "cisa_advisories", "source": "CISA Cybersecurity Advisories", "category": "security", "engine": "rss", "title": "CISA Adds One Known Exploited Vulnerability to Catalog", "summary": "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while def…", "url": "https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog", "image": "", "published": "2026-07-01T12:00:00+00:00", "score": 67, "color": "#ff5bd1", "raw": { "title": "CISA Adds One Known Exploited Vulnerability to Catalog", "summary": "<p>CISA has added one new vulnerability to its <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>\n<ul>\n<li><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-45659\" target=\"_blank\">CVE-2026-45659</a> Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability</li>\n</ul>\n<p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.</p>\n<p><a href=\"https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk\">Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk</a> establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.</p>\n<p>While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\">KEV Catalog vulnerabilities</a>. CISA will continue to add vulnerabilities to the catalog that meet the <a href=\"https://www.cisa.gov/known-exploited-vulnerabilities\">specified criteria</a>.</p>\n<p>Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s <a href=\"https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_1Zwu52kgK2OYf3w\">KEV Nomination Form</a>. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. </p>\n", "url": "https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog", "image": "", "published": "Wed, 01 Jul 26 12:00:00 +0000" } } ], "count": 25, "cached_at": "2026-07-15T04:35:01+00:00" }
Save file
Quick jump
open a path
Open