Author: Admin @CloudCentric

CVE-2026-33892

Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.

Affected Products

Siemens Industrial Edge Management

Vendor:
Siemens

Product Version:
Industrial Edge Management Pro V1, Industrial Edge Management Pro V2, Industrial Edge Management Virtual

Product Status:
known_affected

Remediations

Mitigation
Ensure network access to affected products is limited to trusted parties only

Vendor fix
Update to V1.15.17 or later version
https://iehub.eu1.edge.siemens.cloud/

Vendor fix
Update to V2.1.1 or later version
https://iehub.eu1.edge.siemens.cloud/

Vendor fix
Update to V2.8.0 or later version
https://iehub.eu1.edge.siemens.cloud/

Relevant CWE: CWE-305 Authentication Bypass by Primary Weakness

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Acknowledgments

Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-609469 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-04-14

Date	Revision	Summary
2026-04-14	1	Publication Date
2026-04-21	2	Initial CISA Republication of Siemens ProductCERT SSA-609469 advisory

Legal Notice and Terms of Use

SenseLive X3050

Written by Admin @CloudCentric on April 21, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device.

The following versions of SenseLive X3050 are affected:

X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE-2026-40623, CVE-2026-27841, CVE-2026-40620, CVE-2026-35064, CVE-2026-25775)

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.8	SenseLive	SenseLive X3050	Authentication Bypass Using an Alternate Path or Channel, Insufficient Session Expiration, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information, Missing Authorization, Cross-Site Request Forgery (CSRF)

Background

Critical Infrastructure Sectors: Critical Manufacturing, Water and Wastewater, Energy, Information Technology
Countries/Areas Deployed: Worldwide
Company Headquarters Location: India

Vulnerabilities

CVE-2026-40630

A vulnerability in the X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Mitigation
SenseLive did not respond to CISA’s requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact
https://senselive.io/contact

Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25720

A vulnerability exists in the X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-613 Insufficient Session Expiration

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVE-2026-35503

A vulnerability in the X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-798 Use of Hard-coded Credentials

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-39462

A vulnerability exists in the X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-522 Insufficiently Protected Credentials

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-27843

A vulnerability exists in the X3050’s web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires specialized technical access via the console to perform a factory reset, resulting in a total denial-of-service for the gateway and its connected RS-485 downstream systems.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2026-40431

A vulnerability exists in the X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2026-40623

A vulnerability in the X3050’s web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2026-27841

A vulnerability in the X3050’s web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user’s browser to submit unauthorized configuration requests to the device.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVE-2026-40620

A vulnerability in the X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-35064

A vulnerability in the X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2026-25775

A vulnerability in X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

Affected Products

SenseLive X3050

Vendor:
SenseLive

Product Version:
SenseLive X3050: V1.523

Product Status:
known_affected

Remediations

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

Jithin Nambiar J reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-04-21

Date	Revision	Summary
2026-04-21	1	Initial Publication

Legal Notice and Terms of Use

Delta Electronics ASDA-Soft

Written by Admin @CloudCentric on April 16, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

The following versions of Delta Electronics ASDA-Soft are affected:

ASDA-Soft <=V7.2.2.0

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	Delta Electronics	Delta Electronics ASDA-Soft	Stack-based Buffer Overflow

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan

Vulnerabilities

CVE-2026-5726

A stack-based buffer overflow vulnerability is triggered in ASDA-Soft version 7.2.0.0 during the parsing of malformed .par files.

Affected Products

Delta Electronics ASDA-Soft

Vendor:
Delta Electronics

Product Version:
Delta Electronics ASDA-Soft: <=V7.2.2.0

Product Status:
known_affected

Remediations

Vendor fix
Delta Electronics recommends users download and upgrade ASDA-Soft to v7.2.6.0 or later. If you have any product-related support concerns, contact Delta via the portal page at https://www.deltaww.com/en-US/service-support/contact-us?type=1 for any information or materials you may require.
https://www.deltaww.com/en-US/service-support/contact-us?type=1

Mitigation
Delta Electronics provides the following general recommendations: Do not click on untrusted internet links or open unsolicited attachments in emails. Avoid exposing control systems and equipment to the Internet. Place control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use a secure access method, such as a virtual private network (VPN).

Mitigation
For more information, see Delta Electronics advisory Delta-PCSA-2026-00007 athttps://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

Feng Xiong of TrendAI Zero Day Initiative reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

Initial Release Date: 2026-04-16

Date	Revision	Summary
2026-04-16	1	Initial Publication

Legal Notice and Terms of Use

Anviz Multiple Products

Written by Admin @CloudCentric on April 16, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications, and ultimately obtain full control over affected devices.

The following versions of Anviz Multiple Products are affected:

CX2 Lite Firmware vers:all/* (CVE-2026-32648, CVE-2026-40461, CVE-2026-35682, CVE-2026-35546, CVE-2026-40066, CVE-2026-33569)
CX7 Firmware vers:all/* (CVE-2026-33093, CVE-2026-35061, CVE-2026-32648, CVE-2026-40461, CVE-2026-35546, CVE-2026-40066, CVE-2026-32324, CVE-2026-31927, CVE-2026-33569)
CrossChex Standard vers:all/* (CVE-2026-40434, CVE-2026-32650)

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.8	Anviz	Anviz Multiple Products	Missing Authorization, Missing Authentication for Critical Function, Improper Neutralization of Special Elements used in a Command (‘Command Injection’), Download of Code Without Integrity Check, Use of Hard-coded Cryptographic Key, Relative Path Traversal, Cleartext Transmission of Sensitive Information, Improper Verification of Source of a Communication Channel, Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)

Background

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Defense Industrial Base, Energy, Financial Services, Food and Agriculture, Government Services and Facilities, Healthcare and Public Health, Information Technology, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

CVE-2026-33093

CX7 is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Mitigation
Anviz did not respond to CISA’s attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.
https://www.anviz.com/contact-us.html

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2026-35061

CX7 is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2026-32648

CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX2 Lite Firmware: vers:all/*, Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2026-40461

CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX2 Lite Firmware: vers:all/*, Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2026-35682

CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX2 Lite Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-35546

CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX2 Lite Firmware: vers:all/*, Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-40066

CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX2 Lite Firmware: vers:all/*, Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-494 Download of Code Without Integrity Check

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-32324

CX7 is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-321 Use of Hard-coded Cryptographic Key

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.7	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2026-31927

CX7 is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-23 Relative Path Traversal

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVE-2026-33569

CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CX2 Lite Firmware: vers:all/*, Anviz CX7 Firmware: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2026-40434

CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CrossChex Standard: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-940 Improper Verification of Source of a Communication Channel

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.1	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2026-32650

CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

Affected Products

Anviz Multiple Products

Vendor:
Anviz

Product Version:
Anviz CrossChex Standard: vers:all/*

Product Status:
known_affected

Remediations

Relevant CWE: CWE-757 Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Acknowledgments

An anonymous researcher reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-04-16

Date	Revision	Summary
2026-04-16	1	Initial Publication

Legal Notice and Terms of Use

Horner Automation Cscape and XL4, XL7 PLC

Written by Admin @CloudCentric on April 16, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services.

The following versions of Horner Automation Cscape and XL4, XL7 PLC are affected:

Cscape v10.0
XL7 PLC v15.60
XL4 PLC v16.32.0

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.1	Horner Automation	Horner Automation Cscape and XL4, XL7 PLC	Weak Password Requirements

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

Affected Products

Horner Automation Cscape and XL4, XL7 PLC

Vendor:
Horner Automation

Product Version:
Horner Automation Cscape: v10.0, Horner Automation XL7 PLC: v15.60, Horner Automation XL4 PLC: v16.32.0

Product Status:
known_affected

Remediations

Vendor fix
Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware. https://hornerautomation.com/cscape-software-free/cscape-software/.
https://hornerautomation.com/cscape-software-free/cscape-software/

Mitigation
For more information, see Horner Automation’s release notes.

Relevant CWE: CWE-521 Weak Password Requirements

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Acknowledgments

An anonymous researcher reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-04-16

Date	Revision	Summary
2026-04-16	1	Initial Publication

Legal Notice and Terms of Use

AVEVA Pipeline Simulation

Written by Admin @CloudCentric on April 16, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records.

The following versions of AVEVA Pipeline Simulation are affected:

Pipeline Simulation <=2025_SP1_build_7.1.9497.6351

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.1	AVEVA	AVEVA Pipeline Simulation	Missing Authorization

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United Kingdom

Vulnerabilities

CVE-2026-5387

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

Affected Products

AVEVA Pipeline Simulation

Vendor:
AVEVA

Product Version:
AVEVA Pipeline Simulation: <=2025_SP1_build_7.1.9497.6351

Product Status:
known_affected

Remediations

Vendor fix
All affected versions can be fixed by upgrading to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher. (https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f)
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f

Mitigation
For more information, please see AVEVA’s security bulletin AVEVA-2026-004 (https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf).
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf

Vendor fix
Restrict Network Access: Implement host-based and/or network firewall controls on all nodes hosting the Pipeline Simulation Server API to ensure that only trusted Pipeline Simulation client systems are permitted to establish connections.

Mitigation
Enforce Secure Communication: Enable TLS for all API communications and ensure that server certificates are properly managed and protected to reduce the risk of manipulator-in-the-middle(MitM) attacks and tampering with data in transit.

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Acknowledgments

AVEVA reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-04-16

Date	Revision	Summary
2026-04-16	1	Initial Republication of AVEVA-2026-004

Legal Notice and Terms of Use

Contemporary Controls BASC 20T

Written by Admin @CloudCentric on April 9, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls.

The following versions of Contemporary Controls BASC 20T are affected:

BASControl20 3.1 (CVE-2025-13926)

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.8	Contemporary Controls Sedona Alliance	Contemporary Controls BASC 20T	Reliance on Untrusted Inputs in a Security Decision

Background

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

CVE-2025-13926

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.

Affected Products

Contemporary Controls BASC 20T

Vendor:
Contemporary Controls Sedona Alliance

Product Version:
Contemporary Controls Sedona Alliance BASControl20: 3.1

Product Status:
known_affected

Remediations

Mitigation
According to Contemporary Controls, the BASC-20T is an obsolete product. It is recommended that users of the affected product contact Contemporary Controls for additional information.
https://www.ccontrols.com/support/contacttech.htm

Relevant CWE: CWE-807 Reliance on Untrusted Inputs in a Security Decision

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

Joseph Fields of Naval Information Warfare Center Pacific reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-04-09

Date	Revision	Summary
2026-04-09	1	Initial Publication

Legal Notice and Terms of Use

GPL Odorizers GPL750

Written by Admin @CloudCentric on April 9, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line.

The following versions of GPL Odorizers GPL750 are affected:

GPL750 (XL4) >=v1.0|
GPL750 (XL4 Prime) >=v4.0|
GPL750 (XL7) >=v13.0|
GPL750 (XL7 Prime) >=v18.4|

CVSS	Vendor	Equipment	Vulnerabilities
v3 8.6	GPL Odorizers	GPL Odorizers GPL750	Missing Authentication for Critical Function

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

CVE-2026-4436

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

Affected Products

GPL Odorizers GPL750

Vendor:
GPL Odorizers

Product Version:
GPL Odorizers GPL750 (XL4): >=v1.0|<v6.0, GPL Odorizers GPL750 (XL4 Prime): >=v4.0|<v6.0, GPL Odorizers GPL750 (XL7): >=v13.0|<v20.0, GPL Odorizers GPL750 (XL7 Prime): >=v18.4|<v20.0

Product Status:
known_affected

Remediations

Mitigation
GPL Odorizers recommends users update to the latest software version of the GPL750 in connection with the latest firmware from Horner Automation for the XL4, XL4 Prime, XL7, and XL7 Prime devices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.
https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm

Mitigation
GPL Odorizers recommends users clear the old files from their microSD cards, keeping only the LOGS folder and the FIRMWARE.LIC file if they have a WebMI license. The compressed folder downloaded from the link above can then be extracted to the root directory of the microSD card. These files already include the corresponding firmware update. If users do not have IT permissions to access their microSD cards, GPL Odorizers can provide preconfigured SD cards that technicians can simply swap into their odorizers prior to installation.

Mitigation
For assistance in updating GPL Odorizers to the latest version, users should reach out to GPL Odorizers directly via phone number (303) 697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST.

Mitigation
Horner Automation offers firmware version 15.76 for their XL Series and version 17.30 for their XL Prime Series controllers https://hornerautomation.com/controller-firmware/. An installation guide is available for both the XL series and the XL Prime series.
https://hornerautomation.com/controller-firmware/

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Acknowledgments

An anonymous researcher reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-04-09

Date	Revision	Summary
2026-04-09	1	Initial Publication

Legal Notice and Terms of Use

Mitsubishi Electric GENESIS64 and ICONICS Suite products

Written by Admin @CloudCentric on April 7, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system.

The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected:

GENESIS64 <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
ICONICS Suite <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
MobileHMI <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
Hyper Historian <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
AnalytiX <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
MC Works 64 vers:all/* (CVE-2025-14815, CVE-2025-14816)
GENESIS <=11.02 (CVE-2025-14815, CVE-2025-14816)

CVSS	Vendor	Equipment	Vulnerabilities
v3 8.8	Mitsubishi Electric	Mitsubishi Electric GENESIS64 and ICONICS Suite products	Cleartext Storage of Sensitive Information, Cleartext Storage of Sensitive Information in GUI

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Mitsubishi Electric Iconics Digital Solutions is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.

Vulnerabilities

CVE-2025-14815

When the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication, the SQL Server credentials are stored in plaintext within the local SQLite file. This results in a vulnerability due to Cleartext Storage of Sensitive Information (CWE 312), which may lead to information disclosure, tampering, or denial of service (DoS).

Affected Products

Mitsubishi Electric GENESIS64 and ICONICS Suite products

Vendor:
Mitsubishi Electric

Product Version:
Mitsubishi Electric GENESIS64: <=10.97.3, Mitsubishi Electric ICONICS Suite: <=10.97.3, Mitsubishi Electric MobileHMI: <=10.97.3, Mitsubishi Electric Hyper Historian: <=10.97.3, Mitsubishi Electric AnalytiX: <=10.97.3, Mitsubishi Electric MC Works 64: vers:all/*, Mitsubishi Electric GENESIS: <=11.02, Mitsubishi Electric Iconics Digital Solutions GENESIS64: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions MobileHMI: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions Hyper Historian: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions AnalytiX: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS: <=11.02

Product Status:
known_affected

Remediations

Vendor fix
Mitsubishi Electric is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian and AnalytiX. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICSCache*.sdf”. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Vendor fix
Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian and AnalytiX. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICSCache*.sdf”. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at “https://iconics.com/about/security/cert”.
https://iconics.com/about/security/cert

Vendor fix
Mitsubishi Electric is releasing fixed version 11.03 or later for GENESIS. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICS11Cache*.sqlite3”. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Vendor fix
Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 11.03 or later for GENESIS. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICS11Cache*.sqlite3”. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at “https://iconics.com/about/security/cert”.
https://iconics.com/about/security/cert

No fix planned
There are no plans to release fixed version for MC Works64. For users of MC Works64, refer to the Mitsubishi Electric security advisory “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”, and take the actions described there.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Mitigation
For customer of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend performing the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICSCache*.sdf”.

Mitigation
For customer of GENESIS that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend performing the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICS11Cache*.sqlite3”.

Mitigation
For customer of MC Works 64, Mitsubishi Electric recommends performing the following step (1) and (2). (1)In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:ProgramDataICONICSCache*.sdf”.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend using Windows authentication instead of SQL authentication for the SQL server authentication method, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend configuring the PCs with the affected product installed so that only an administrator can log in, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend using the PCs with the affected product installed in the LAN and blocking remote login from untrusted networks and hosts, and from non-administrator users, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend blocking unauthorized access by using a firewall, virtual private network (VPN), etc. and allowing remote login only to administrator when internet access is required, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend restricting physical access to the PC with the affected product installed and to the network to which the PC is connected, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend preventing the user from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploiting this vulnerability.

Relevant CWE: CWE-312 Cleartext Storage of Sensitive Information

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2025-14816

In the Hyper Historian Splitter feature of the affected products, when SQL authentication is used for the SQL Server authentication, the SQL Server credentials are displayed in plain text in the GUI. This results in a vulnerability due to Cleartext Storage of Sensitive Information in GUI (CWE‑317 ), which may lead to information disclosure, tampering, or denial‑of‑service (DoS).

Affected Products

Mitsubishi Electric GENESIS64 and ICONICS Suite products

Vendor:
Mitsubishi Electric

Product Status:
known_affected

Remediations

Vendor fix
Mitsubishi Electric is releasing fixed version 11.03 or later for GENESIS. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Mitigation
For customer of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend performing the following steps (1) and (2). (1) Change the permissions of HHSplitter.exe so that only trusted administrators can execute it. (2) Delete HHSplitter.exe from the system if it is unnecessary.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend configuring the PCs with the affected product installed so that only an administrator can log in, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend using the PCs with the affected product installed in the LAN and blocking remote login from untrusted networks and hosts, and from non-administrator users, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend blocking unauthorized access by using a firewall, virtual private network (VPN), etc. and allowing remote login only to administrator when internet access is required, and from non-administrator users, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend restricting physical access to the PC with the affected product installed and the network to which the PC is connected, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend preventing the user from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploiting this vulnerability.

Relevant CWE: CWE-317 Cleartext Storage of Sensitive Information in GUI

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Acknowledgments

Mitsubishi Electric reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of CISA V20251021-001, V20251029-001 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact CISA directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-04-07

Date	Revision	Summary
2026-04-07	1	Initial Publication
2026-04-07	2	Initial CISA Republication of CISA V20251021-001, V20251029-001 advisory

Legal Notice and Terms of Use

Siemens SICAM 8 Products

Written by Admin @CloudCentric on April 2, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

Summary

Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: – SICAM A8000 Device firmware – CPCI85 for CP-8031/CP-8050 – SICORE for CP-8010/CP-8012 – RTUM85 for CP-8010/CP-8012 – SICAM EGS Device firmware – CPCI85 – SICAM S8000 – SICORE – RTUM85 Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens SICAM 8 Products are affected:

CPCI85 Central Processing/Communication vers:intdot/<26.10 (CVE-2026-27663, CVE-2026-27664)
RTUM85 RTU Base vers:intdot/<26.10 (CVE-2026-27663)
SICORE Base system vers:intdot/<26.10.0 (CVE-2026-27664)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.5	Siemens	Siemens SICAM 8 Products	Allocation of Resources Without Limits or Throttling, Out-of-bounds Write

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

CVE-2026-27663

The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.

Affected Products

Siemens SICAM 8 Products

Vendor:
Siemens

Product Version:
CPCI85 Central Processing/Communication, RTUM85 RTU Base

Product Status:
known_affected

Remediations

Vendor fix
Update to V26.10 or later version The firmware RTUM85 V26.10 is present within “CP-8010/CP-8012 Package” V26.10 https://support.industry.siemens.com/cs/ww/en/view/109972894/ and also within “SICAM S8000 Package” V26.10 https://support.industry.siemens.com/cs/document/109818240

Vendor fix
Update to V26.10 or later version The firmware CPCI85 V26.10 is present within “CP-8031/CP-8050 Package” V26.10 https://support.industry.siemens.com/cs/ww/en/view/109804985/ and also within “SICAM EGS Package” V26.10 https://support.industry.siemens.com/cs/document/109972536/

Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2026-27664

The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.