Skip to main content
(844) 422-7000

Author: Admin @CloudCentric

Hitachi Energy SuprOS

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

The following versions of Hitachi Energy SuprOS are affected:

  • SuprOS vers:SuprOS/<=9.2.1, 9.2.2.0 (CVE-2025-7740, CVE-2025-7740)
CVSS Vendor Equipment Vulnerabilities
v3 8.8 Hitachi Energy Hitachi Energy SuprOS Use of Default Credentials

Background

  • Critical Infrastructure Sectors: Energy, Transportation Systems, Government Services and Facilities
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2025-7740

A default credentials vulnerability exists in the SuprOS product. If exploited, this could allow an authenticated local attacker to gain access through an admin account created during product deployment.

View CVE Details

Affected Products

Hitachi Energy SuprOS
Vendor:
Hitachi Energy
Product Version:
SuprOS 9.2.1 and below, SuprOS 9.2.2.0
Product Status:
known_affected
Remediations

Mitigation
Remove unwanted accounts and/or change the default passwords. Refer to the Secure Deployment Guidelines document as described in chapter 4.3

Mitigation
Upon clean install, change the root password

Mitigation
If updated from previous version, remove unwanted accounts and/or change the default passwords. Refer to the Secure Deployment Guidelines document as described in chapter 4.3

Vendor fix
Hitachi Energy recommends that customers apply the update and take recommended actions at the earliest convenience

Mitigation
While reviewing the recommended immediate actions, assess the risk exposure of affected products within the operational environment and update or upgrade if necessary

Relevant CWE: CWE-1392 Use of Default Credentials

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Acknowledgments

  • Hitachi Energy reported this vulnerability to CISA.

Notice

The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

Support

For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.

General Mitigation Factors

It is highly recommended to deploy the product following the “SuprOS Security Deployment Guidelines” document. Customers should maintain their systems with products running on supported versions and follow maintenance releases. Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000223 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-01-27
Date Revision Summary
2026-01-27 1 Initial public release
2026-02-12 2 Initial CISA Republication of Hitachi Energy 8DBD000223 advisory

Legal Notice and Terms of Use

Airleader Master

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution.

The following versions of Airleader Master are affected:

  • Airleader Master <=6.381 (CVE-2026-1358)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Airleader GmbH Airleader Master Unrestricted Upload of File with Dangerous Type

Background

  • Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, Water and Wastewater
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

View CVE Details

Affected Products

Airleader Master
Vendor:
Airleader GmbH
Product Version:
Airleader GmbH Airleader Master: <=6.381
Product Status:
known_affected
Remediations

Vendor fix
Airleader recommends that users upgrade Airleader Master to version 6.386 or later.

Mitigation
Users of Airleader Master are encouraged to reach out to Airleader via email or submit a web form for more information and mitigation assistance.

Mitigation
Users of Airleader Master are encouraged to reach out to Airleader via email or submit a web form for more information and mitigation assistance.

Relevant CWE: CWE-434 Unrestricted Upload of File with Dangerous Type

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • Angel Lomeli of SySS GmbH reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-02-12
Date Revision Summary
2026-02-12 1 Initial Publication

Legal Notice and Terms of Use

TP-Link Systems Inc. VIGI Series IP Camera

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras.

The following versions of TP-Link Systems Inc. VIGI Series IP Camera are affected:

  • VIGI Cx45 Series Models C345, C445 <=3.1.0_Build_250820_Rel.57668n (CVE-2026-0629)
  • VIGI Cx55 Series Models C355, C455 <=3.1.0_Build_250820_Rel.58873n (CVE-2026-0629)
  • VIGI Cx85 Series Models C385, C485 <=3.0.2_Build_250630_Rel.71279n (CVE-2026-0629)
  • VIGI C340S Series <=3.1.0_Build_250625_Rel.65381n (CVE-2026-0629)
  • VIGI C540S Series Models C540S, EasyCam C540S <=3.1.0_Build_250625_Rel.66601n (CVE-2026-0629)
  • VIGI C540V Series <=2.1.0_Build_250702_Rel.54300n (CVE-2026-0629)
  • VIGI C250 Series <=2.1.0_Build_250702_Rel.54301n (CVE-2026-0629)
  • VIGI Cx50 Series Models C350, C450 <=2.1.0_Build_250702_Rel.54294n (CVE-2026-0629)
  • VIGI Cx20I (1.0) Series Models C220I 1.0, C320I 1.0, C420I 1.0 <=2.1.0_Build_251014_Rel.58331n (CVE-2026-0629)
  • VIGI Cx20I (1.20) Series Models C220I 1.20, C320I 1.20, C420I 1.20 <=2.1.0_Build_250701_Rel.44071n (CVE-2026-0629)
  • VIGI Cx30I (1.0) Series Models C230I 1.0, C330I 1.0, C430I 1.0 <=2.1.0_Build_250701_Rel.45506n (CVE-2026-0629)
  • VIGI Cx30I (1.20) Series Models C230I 1.20, C330I 1.20, C430I 1.20 <=2.1.0_Build_250701_Rel.44555n (CVE-2026-0629)
  • VIGI Cx30 (1.0) Series Models C230 1.0, C330 1.0, C430 1.0 <=2.1.0_Build_250701_Rel.46796n (CVE-2026-0629)
  • VIGI Cx30 (1.20) Series Models C230 1.20, C330 1.20, C430 1.20 <=2.1.0_Build_250701_Rel.46796n (CVE-2026-0629)
  • VIGI Cx40I (1.0) Series Models C240I 1.0, C340I 1.0, C440I 1.0 <=2.1.0_Build_250701_Rel.46003n (CVE-2026-0629)
  • VIGI Cx40I (1.20) Series Models C240I 1.20, C340I 1.20, C440I 1.20 <=2.1.0_Build_250701_Rel.45041n (CVE-2026-0629)
  • VIGI C230I Mini Series <=2.1.0_Build_250701_Rel.47570n (CVE-2026-0629)
  • VIGI C240 1.0 Series <=2.1.0_Build_250701_Rel.48425n (CVE-2026-0629)
  • VIGI C340 2.0 Series <=2.1.0_Build_250701_Rel.49304n (CVE-2026-0629)
  • VIGI C440 2.0 Series <=2.1.0_Build_250701_Rel.49778n (CVE-2026-0629)
  • VIGI C540 2.0 Series <=2.1.0_Build_250701_Rel.50397n (CVE-2026-0629)
  • VIGI C540‑4G Series <=2.2.0_Build_250826_Rel.56808n (CVE-2026-0629)
  • VIGI Cx40‑W Series Models C340‑W 2.0/2.20, C440‑W 2.0, C540‑W 2.0 <=2.1.1_Build_250717 (CVE-2026-0629)
  • VIGI Cx20 Series Models C320, C420 <=2.1.0_Build_250701_Rel.39597n (CVE-2026-0629)
  • VIGI InSight Sx45 Series Models S245, S345, S445 <=3.1.0_Build_250820_Rel.57668n (CVE-2026-0629)
  • VIGI InSight Sx55 Series Models S355, S455 <=3.1.0_Build_250820_Rel.58873n (CVE-2026-0629)
  • VIGI InSight Sx85 Series Models S285, S385 <=3.0.2_Build_250630_Rel.71279n (CVE-2026-0629)
  • VIGI InSight Sx45ZI Series Models S245ZI, S345ZI, S445ZI <=1.2.0_Build_250820_Rel.60930n (CVE-2026-0629)
  • VIGI InSight Sx85PI Series Models S385PI, S485PI <=1.2.0_Build_250827_Rel.66817n (CVE-2026-0629)
  • VIGI InSight S655I Series <=1.1.1_Build_250625_Rel.64224n (CVE-2026-0629)
  • VIGI InSight S345‑4G Series <=2.1.0_Build_250725_Rel.36867n (CVE-2026-0629)
  • VIGI InSight Sx25 Series Models S225, S325, S425 <=1.1.0_Build_250630_Rel.39597n (CVE-2026-0629)
CVSS Vendor Equipment Vulnerabilities
v3 8.8 TP-Link Systems Inc. TP-Link Systems Inc. VIGI Series IP Camera Improper Authentication

Background

  • Critical Infrastructure Sectors: Commercial Facilities
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2026-0629

An authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

View CVE Details

Affected Products

TP-Link Systems Inc. VIGI Series IP Camera
Vendor:
TP-Link Systems Inc.
Product Version:
TP-Link Systems Inc. VIGI Cx45 Series Models C345, C445: <=3.1.0_Build_250820_Rel.57668n, TP-Link Systems Inc. VIGI Cx55 Series Models C355, C455: <=3.1.0_Build_250820_Rel.58873n, TP-Link Systems Inc. VIGI Cx85 Series Models C385, C485: <=3.0.2_Build_250630_Rel.71279n, TP-Link Systems Inc. VIGI C340S Series: <=3.1.0_Build_250625_Rel.65381n, TP-Link Systems Inc. VIGI C540S Series Models C540S, EasyCam C540S: <=3.1.0_Build_250625_Rel.66601n, TP-Link Systems Inc. VIGI C540V Series: <=2.1.0_Build_250702_Rel.54300n, TP-Link Systems Inc. VIGI C250 Series: <=2.1.0_Build_250702_Rel.54301n, TP-Link Systems Inc. VIGI Cx50 Series Models C350, C450: <=2.1.0_Build_250702_Rel.54294n, TP-Link Systems Inc. VIGI Cx20I (1.0) Series Models C220I 1.0, C320I 1.0, C420I 1.0: <=2.1.0_Build_251014_Rel.58331n, TP-Link Systems Inc. VIGI Cx20I (1.20) Series Models C220I 1.20, C320I 1.20, C420I 1.20: <=2.1.0_Build_250701_Rel.44071n, TP-Link Systems Inc. VIGI Cx30I (1.0) Series Models C230I 1.0, C330I 1.0, C430I 1.0: <=2.1.0_Build_250701_Rel.45506n, TP-Link Systems Inc. VIGI Cx30I (1.20) Series Models C230I 1.20, C330I 1.20, C430I 1.20: <=2.1.0_Build_250701_Rel.44555n, TP-Link Systems Inc. VIGI Cx30 (1.0) Series Models C230 1.0, C330 1.0, C430 1.0: <=2.1.0_Build_250701_Rel.46796n, TP-Link Systems Inc. VIGI Cx30 (1.20) Series Models C230 1.20, C330 1.20, C430 1.20: <=2.1.0_Build_250701_Rel.46796n, TP-Link Systems Inc. VIGI Cx40I (1.0) Series Models C240I 1.0, C340I 1.0, C440I 1.0: <=2.1.0_Build_250701_Rel.46003n, TP-Link Systems Inc. VIGI Cx40I (1.20) Series Models C240I 1.20, C340I 1.20, C440I 1.20: <=2.1.0_Build_250701_Rel.45041n, TP-Link Systems Inc. VIGI C230I Mini Series: <=2.1.0_Build_250701_Rel.47570n, TP-Link Systems Inc. VIGI C240 1.0 Series: <=2.1.0_Build_250701_Rel.48425n, TP-Link Systems Inc. VIGI C340 2.0 Series: <=2.1.0_Build_250701_Rel.49304n, TP-Link Systems Inc. VIGI C440 2.0 Series: <=2.1.0_Build_250701_Rel.49778n, TP-Link Systems Inc. VIGI C540 2.0 Series: <=2.1.0_Build_250701_Rel.50397n, TP-Link Systems Inc. VIGI C540‑4G Series: <=2.2.0_Build_250826_Rel.56808n, TP-Link Systems Inc. VIGI Cx40‑W Series Models C340‑W 2.0/2.20, C440‑W 2.0, C540‑W 2.0: <=2.1.1_Build_250717, TP-Link Systems Inc. VIGI Cx20 Series Models C320, C420: <=2.1.0_Build_250701_Rel.39597n, TP-Link Systems Inc. VIGI InSight Sx45 Series Models S245, S345, S445: <=3.1.0_Build_250820_Rel.57668n, TP-Link Systems Inc. VIGI InSight Sx55 Series Models S355, S455: <=3.1.0_Build_250820_Rel.58873n, TP-Link Systems Inc. VIGI InSight Sx85 Series Models S285, S385: <=3.0.2_Build_250630_Rel.71279n, TP-Link Systems Inc. VIGI InSight Sx45ZI Series Models S245ZI, S345ZI, S445ZI: <=1.2.0_Build_250820_Rel.60930n, TP-Link Systems Inc. VIGI InSight Sx85PI Series Models S385PI, S485PI: <=1.2.0_Build_250827_Rel.66817n, TP-Link Systems Inc. VIGI InSight S655I Series: <=1.1.1_Build_250625_Rel.64224n, TP-Link Systems Inc. VIGI InSight S345‑4G Series: <=2.1.0_Build_250725_Rel.36867n, TP-Link Systems Inc. VIGI InSight Sx25 Series Models S225, S325, S425: <=1.1.0_Build_250630_Rel.39597n
Product Status:
known_affected
Remediations

Mitigation
TP-Link Systems Inc. strongly recommends that users with affected devices take the following actions:

Mitigation
Download and update to the latest firmware version to fix the vulnerability from the following links.

Mitigation
United States users should visit the TP-Link US Download Center here: https://www.vigi.com/us/support/download/.

Mitigation
Global English users should visit the TP-Link EN Download Center:https://www.vigi.com/es/support/download/.

Mitigation
India users should visit the TP-Link India Download Center:https://www.vigi.com/in/support/download/.

Mitigation
Please visit https://www.tp-link.com/us/support/faq/4906/ for the TP-Link advisory.

Relevant CWE: CWE-287 Improper Authentication

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • Arko Dhar of Redinent Innovations reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

  • Initial Release Date: 2026-02-05
Date Revision Summary
2026-02-05 1 Initial Publication

Legal Notice and Terms of Use

Mitsubishi Electric MELSEC iQ-R Series

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product.

The following versions of Mitsubishi Electric MELSEC iQ-R Series are affected:

  • MELSEC iQ-R Series R08/16/32/120PCPU firmware <=48 (CVE-2025-15080)
CVSS Vendor Equipment Vulnerabilities
v3 9.4 Mitsubishi Electric Mitsubishi Electric MELSEC iQ-R Series Improper Validation of Specified Quantity in Input

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Japan

Vulnerabilities

Expand All +

CVE-2025-15080

An information disclosure, information tampering, and denial-of-service vulnerability exists in Mitsubishi Electric proprietary protocol communication and SLMP communication used in FA products. An attacker may be able to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

View CVE Details

Affected Products

Mitsubishi Electric MELSEC iQ-R Series
Vendor:
Mitsubishi Electric
Product Version:
Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU firmware: <=48
Product Status:
known_affected
Remediations

Mitigation
Mitsubishi Electric recommends users of the affected products follow the procedure below to update firmware version 49 or later. Download the update file for the fixed version, the engineering software for firmware upgrade, and the manual from the download website at https://www.mitsubishielectric.com/fa/download/index.html . For details on updating the firmware, see MELSEC iQ-R Module Configuration Manual “Appendix 2 Firmware Update Function”.

Mitigation
Mitsubishi Electric recommends the following mitigations to reduce the risk of exploiting this vulnerability: Use a firewall or virtual private network (VPN) block access from untrusted networks and hosts using a firewall. Use the product within a LAN and block access from untrusted networks and hosts through a firewall. Use firewalls, IP filters, and similar controls to minimize connections to the product and prevent access from untrusted networks and hosts. For details on the IP filter function, refer to “IP Filter” in section 1.13, Security, of the MELSEC iQ-R Ethernet User’s Manual (Application). Restrict physical access to the affected product and its connected LAN.

Mitigation
For specific update instructions and additional details see the Mitsubishi Electric advisory at https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-020_en.pdf .

Mitigation
For further information, contact your local Mitsubishi Electric representative at https://www.mitsubishielectric.com/fa/service-support/index.html .

Relevant CWE: CWE-1284 Improper Validation of Specified Quantity in Input

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Acknowledgments

  • Mitsubishi Electric reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-02-05
Date Revision Summary
2026-02-05 1 Initial Republication of Mitsubishi Electric 2025-020

Legal Notice and Terms of Use

o6 Automation GmbH Open62541

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition and memory corruption.

The following versions of o6 Automation GmbH Open62541 are affected:

  • Open62541 >=1.5-rc1|<1.5-rc2 (CVE-2026-1301)
CVSS Vendor Equipment Vulnerabilities
v3 5.7 o6 Automation GmbH o6 Automation GmbH Open62541 Out-of-bounds Write

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-1301

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.

View CVE Details

Affected Products

o6 Automation GmbH Open62541
Vendor:
o6 Automation GmbH
Product Version:
o6 Automation GmbH Open62541: >=1.5-rc1|<1.5-rc2
Product Status:
known_affected
Remediations

Mitigation
o6 Automation GmbH recommends users upgrade to the stable release of v1.5.0.

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Acknowledgments

  • Andrew Fasano of NIST CAISI reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-02-05
Date Revision Summary
2026-02-05 1 Initial Publication

Legal Notice and Terms of Use

Ilevia EVE X1 Server

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information.

The following versions of Ilevia EVE X1 Server are affected:

  • EVE X1 <=4.7.18.0 (CVE-2025-34185, CVE-2025-34184, CVE-2025-34183, CVE-2025-34186, CVE-2025-34187, CVE-2025-34517, CVE-2025-34518, CVE-2025-34512, CVE-2025-34513)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Ilevia Ilevia EVE X1 Server Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Insertion of Sensitive Information into Log File, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Italy

Vulnerabilities

Expand All +

CVE-2025-34185

Ilevia EVE X1 Server contains a pre-authentication file disclosure vulnerability via the ‘db_log’ POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2025-34184

Ilevia EVE X1 Server contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the ‘passwd’ HTTP POST parameter, leading to full system compromise or denial of service.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-34183

Ilevia EVE X1 Server contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-532 Insertion of Sensitive Information into Log File

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-34186

Ilevia EVE X1/X5 Server contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary’s interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-34187

Ilevia EVE X1/X5 Server contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-34517

Ilevia EVE X1 Server firmware contains an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2025-34518

Ilevia EVE X1 Server firmware contains a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2025-34512

Ilevia EVE X1 Server firmware contains a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVE-2025-34513

Ilevia EVE X1 Server firmware contains an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

View CVE Details

Affected Products

Ilevia EVE X1 Server
Vendor:
Ilevia
Product Version:
Ilevia EVE X1: <=4.7.18.0
Product Status:
known_affected
Remediations

Mitigation
Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • Gjoko Krstic of Zero Science Lab reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-02-05
Date Revision Summary
2026-02-05 1 Initial Publication

Legal Notice and Terms of Use

Hitachi Energy XMC20

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if XMC20 devices are configured to use remote RADIUS authentication.

The following versions of Hitachi Energy XMC20 are affected:

  • XMC20 R18, vers:XMC20/<=R17A (CVE-2024-3596, CVE-2024-3596)
CVSS Vendor Equipment Vulnerabilities
v3 9 Hitachi Energy Hitachi Energy XMC20 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2024-3596

The RADIUS protocol under RFC 2865 is susceptible to forgery attacks by a local attacker. An attacker can modify any valid response (Access-Accept, Access-Reject, or Access-Challenge) into another response using a chosen-prefix collision attack targeting the MD5 Response Authenticator signature.

View CVE Details

Affected Products

Hitachi Energy XMC20
Vendor:
Hitachi Energy
Product Version:
XMC20 version R18, XMC20 version R17A and earlier
Product Status:
known_affected
Remediations

Mitigation
Enable the RADIUS Message-Authenticator option in both the XMC20 and RADIUS server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch.

Vendor fix
Update to XMC20 R18 and then enable the RADIUS Message-Authenticator option in both the XMC20 and RADIUS server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch.

Mitigation
If the upgrade is not possible, apply general mitigation factors with segmentation of FOX management traffic to minimize the risk.

Mitigation
For more information, see the associated Hitachi Energy cybersecurity advisory 8DBD000233 RADIUS MD5 Vulnerability in Hitachi Energy XMC20 product available in PDF format here https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233&LanguageCode=en&DocumentPartId=&Action=launch or JSON format here https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233-CSAF&LanguageCode=en&DocumentPartId=&Action=Launch.

Mitigation
Hitachi Energy recommends implementing security practices and firewall configurations to help protect process control networks from external attacks. Such practices include ensuring that process control systems are physically protected from unauthorized access, have no direct Internet connections, and are separated from other networks by a firewall system that minimizes exposed ports, and any additional ports should be evaluated on a case-by-case basis. Process control systems should not be used for web browsing, instant messaging, or email. Portable computers and removable storage media should be thoroughly scanned for malware before being connected to a control system. Organizations should enforce proper password policies and procedures.

Relevant CWE: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Acknowledgments

  • Hitachi Energy reported this vulnerability to CISA.

Notice

The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

Support

For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.

General Mitigation Factors

Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000233 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-01-27
Date Revision Summary
2026-01-27 1 Initial public release
2026-02-05 2 Initial CISA Republication of Hitachi Energy PSIRT 8DBD000233 advisory

Legal Notice and Terms of Use

Hitachi Energy FOX61x

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if FOX61x devices are configured to use remote RADIUS authentication.

The following versions of Hitachi Energy FOX61x are affected:

  • FOX61x R18, vers:FOX61x/<=R17A (CVE-2024-3596, CVE-2024-3596)
CVSS Vendor Equipment Vulnerabilities
v3 9 Hitachi Energy Hitachi Energy FOX61x Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2024-3596

The RADIUS protocol under RFC 2865 is vulnerable to forgery attacks that allow a local attacker to modify any valid response (Access-Accept, Access-Reject, or Access-Challenge) into another response by exploiting a chosen-prefix collision attack on the MD5 Response Authenticator signature..

View CVE Details

Affected Products

Hitachi Energy FOX61x
Vendor:
Hitachi Energy
Product Version:
FOX61x version R18, FOX61x version R17A and earlier
Product Status:
known_affected
Remediations

Mitigation
Enable the RADIUS Message-Authenticator option in both the FOX61x and RADIUS Server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029042&LanguageCode=en&DocumentPartId=R18&Action=launch.

Vendor fix
Update to FOX61x R18, then enable the RADIUS Message-Authenticator option in both the FOX61x and RADIUS Server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029042&LanguageCode=en&DocumentPartId=R18&Action=launch.

Mitigation
If the upgrade is not possible, apply general mitigation factors with segmentation of FOX management traffic to minimize the risk.

Mitigation
For more information, see the associated Hitachi Energy cybersecurity advisory 8DBD000225 Radius MD5 Vulnerability in Hitachi Energy FOX61x product at https://publisher.hitachienergy.com/preview?DocumentID=8DBD000225&LanguageCode=en or https://publisher.hitachienergy.com/preview?DocumentID=8DBD000225-CSAF&LanguageCode=en&DocumentPartId=&Action=Launch .

Mitigation
Hitachi Energy recommends implementing security practices and firewall configurations to help protect process control networks from external attacks. Such practices include ensuring that process control systems are physically protected from unauthorized access, have no direct Internet connections, and are separated from other networks by a firewall system that minimizes exposed ports, and any additional ports should be evaluated on a case-by-case basis. Process control systems should not be used for web browsing, instant messaging, or email. Portable computers and removable storage media should be thoroughly scanned for malware before being connected to a control system. Organizations should enforce proper password policies and procedures.

Relevant CWE: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Acknowledgments

  • Hitachi Energy reported this vulnerability to CISA.

Notice

The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

Support

For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.

General Mitigation Factors

Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000225 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-01-27
Date Revision Summary
2026-01-27 1 Initial public release
2026-02-05 2 Initial CISA Republication of Hitachi Energy PSIRT 8DBD000225 advisory

Legal Notice and Terms of Use

Yokogawa FAST/TOOLS

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks.

The following versions of Yokogawa FAST/TOOLS are affected:

  • FAST/TOOLS >=R9.01|<=R10.04 (CVE-2025-66594, CVE-2025-66595, CVE-2025-66597, CVE-2025-66598, CVE-2025-66599, CVE-2025-66600, CVE-2025-66601, CVE-2025-66602, CVE-2025-66603, CVE-2025-66604, CVE-2025-66605, CVE-2025-66606, CVE-2025-66607, CVE-2025-66608)
CVSS Vendor Equipment Vulnerabilities
v3 8.2 Yokogawa Yokogawa FAST/TOOLS Generation of Error Message Containing Sensitive Information, Cross-Site Request Forgery (CSRF), Use of a Broken or Risky Cryptographic Algorithm, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improperly Implemented Security Check for Standard, Reliance on IP Address for Authentication, Cleartext Transmission of Sensitive Information, Exposure of Private Personal Information to an Unauthorized Actor, Improper Neutralization of Invalid Characters in Identifiers in Web Pages, Path Traversal: ‘..filename’

Background

  • Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Japan

Vulnerabilities

Expand All +

CVE-2025-66594

Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-209 Generation of Error Message Containing Sensitive Information

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2025-66595

This product is vulnerable to cross-site request forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2025-66597

This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVE-2025-66598

This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2025-66599

Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2025-66600

This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-358 Improperly Implemented Security Check for Standard

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVE-2025-66601

This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-358 Improperly Implemented Security Check for Standard

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2025-66602

The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-291 Reliance on IP Address for Authentication

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2025-66603

The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-358 Improperly Implemented Security Check for Standard

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2025-66604

The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2025-66605

Since there are input fields on this web page with the autocomplete attribute enabled, the input content could be saved in the browser the user is using.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2025-66606

This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.4 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVE-2025-66607

The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-358 Improperly Implemented Security Check for Standard

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2025-66608

This product fails to adequately validate URLs. An attacker could send maliciously crafted requests to gain unauthorized access to files on the web server.

View CVE Details

Affected Products

Yokogawa FAST/TOOLS
Vendor:
Yokogawa
Product Version:
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
Product Status:
known_affected
Remediations

Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.

Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.

Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.

Relevant CWE: CWE-29 Path Traversal: ‘..filename’

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Acknowledgments

  • Yokogawa reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-02-10
Date Revision Summary
2026-02-10 1 Initial Republication of YSAR-26-0001-E

Legal Notice and Terms of Use

AVEVA PI Data Archive

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could result in a denial-of-service condition.

The following versions of AVEVA PI Data Archive are affected:

  • PI Data Archive PI Server <=2018_SP3_Patch_7 (CVE-2026-1507)
  • PI Data Archive PI Server 2023 (CVE-2026-1507)
  • PI Data Archive PI Server 2023_Patch_1 (CVE-2026-1507)
  • PI Data Archive PI Server 2024 (CVE-2026-1507)
CVSS Vendor Equipment Vulnerabilities
v3 7.5 AVEVA AVEVA PI Data Archive Uncaught Exception

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United Kingdom

Vulnerabilities

Expand All +

CVE-2026-1507

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial of service.

View CVE Details

Affected Products

AVEVA PI Data Archive
Vendor:
AVEVA
Product Version:
AVEVA PI Data Archive PI Server: <=2018_SP3_Patch_7, AVEVA PI Data Archive PI Server: 2023, AVEVA PI Data Archive PI Server: 2023_Patch_1, AVEVA PI Data Archive PI Server: 2024
Product Status:
known_affected
Remediations

Mitigation
AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users of affected product versions should apply security updates to mitigate the risk of exploit.

Mitigation
All impacted versions of PI Data Archive can be fixed by upgrading to PI Server 2024 R2 or later available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/8c9b0e8c-eb68-481f-b420-c87a253a4172.

Mitigation
PI Data Archive delivered by PI Server 2018 SP3 Patch 7 and prior can be fixed by upgrading to PI Server 2018 SP3 Patch 8 or higher available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/79492560-7e4c-4800-8bd7-40cce61a17d2.

Mitigation
The following general defensive measures are recommended:

Mitigation
Monitor liveness of services listed in your installation’s “PIadmpisrvstart.bat”.

Mitigation
Set the PI Data Archive Subsystem services to automatically restart.

Mitigation
PI Data Archive nodes should limit port 5450 inbound access to trusted workstations, users, and software.

Mitigation
For additional information please refer to AVEVA-2026-002(https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-002.pdf).

Relevant CWE: CWE-248 Uncaught Exception

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Acknowledgments

  • AVEVA reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-02-10
Date Revision Summary
2026-02-10 1 Initial Republication of AVEVA-2026-002

Legal Notice and Terms of Use