Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
18 articles

#ICS

All CosmicBytez Labs articles tagged #ICS, across news, security advisories, how-to guides, and projects.

  • SecurityJul 14, 2026

    OpENer CIP Integer Overflow — CVE-2026-51536

    A critical integer truncation vulnerability in OpENer 2.3.0 allows network attackers to trigger heap corruption or denial of service by sending malformed CIP packets. CVSS 9.1. Affects industrial EtherNet/IP stacks.

  • SecurityJul 14, 2026

    OpENer Out-of-Bounds Read in CIP ForwardOpen — CVE-2026-51537

    A critical out-of-bounds read vulnerability in OpENer 2.3.0 allows unauthenticated attackers to crash industrial EtherNet/IP devices by sending malformed CIP ForwardOpen packets. CVSS 9.1.

  • SecurityJul 14, 2026

    OpENer EtherNet/IP Session Access Control Bypass — CVE-2026-51538

    A critical access control vulnerability in OpENer 2.3.0 allows unauthenticated attackers to send privileged encapsulation commands using arbitrary session handles, bypassing session ownership validation. CVSS 9.1.

  • SecurityJul 8, 2026

    CVE-2026-9695: DELMIA Apriso Manufacturing MES — Improper Authentication Enables Privileged Server Access

    A critical CVSS 9.8 improper authentication vulnerability in Dassault Systèmes DELMIA Apriso (releases 2020–2026) allows unauthenticated attackers to gain...

  • SecurityJun 27, 2026

    CVE-2025-55017: Apache IoTDB Critical Path Traversal Vulnerability

    Critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.5. Users must upgrade...

  • SecurityJun 27, 2026

    CVE-2025-64152: Apache IoTDB Second Critical Path Traversal Flaw

    A second critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.6. Patch to 1.3.6 or...

  • NewsJun 26, 2026

    CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

    CISA has added CVE-2026-12569, a critical remote code execution vulnerability in PTC Windchill PDMlink and FlexPLM, to its Known Exploited Vulnerabilities...

  • NewsJun 26, 2026

    First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

    CISA has added CVE-2026-12569, a remote code execution flaw in PTC Windchill, to its Known Exploited Vulnerabilities catalog after confirming active...

  • NewsJun 25, 2026

    Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack

    California Water Service has confirmed that Iranian hacker group Handala's cyberattack was limited to IT systems, with Mandiant's investigation finding no...

  • NewsJun 21, 2026

    Accenture to Acquire Majority Stake in Dragos, runZero, and NetRise in $4.1 Billion OT Cybersecurity Push

    Accenture's $4.1 billion acquisition of Dragos (valued at $3.25B), runZero, and NetRise marks the largest consolidation in operational technology...

  • SecurityJun 13, 2026

    CVE-2026-12183: Critical Auth Bypass in Gas Station Automation System

    A CVSS 9.8 authentication bypass in Nefteprodukttekhnika's BUK TS-G Gas Station Automation System allows any unauthenticated attacker to gain full...

  • SecurityJun 4, 2026

    CVE-2026-49186: Critical MQTT Broker Wildcard ACL Bypass

    A critical CVSS 9.8 vulnerability in a local MQTT broker fails to enforce topic-level ACLs, allowing any client to use wildcard characters to enumerate hidden…

  • SecurityMay 22, 2026

    CVE-2026-5433: Honeywell CNM Critical Command Injection RCE

    A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...

  • NewsMay 10, 2026

    ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days

    This week's ThreatsDay threat roundup covers Microsoft Edge storing passwords in plaintext, industrial control system zero-days under active exploitation,...

  • SecurityApr 18, 2026

    CVE-2026-6284: PLC Brute Force Password Bypass (CVSS 9.1)

    A critical vulnerability in a programmable logic controller allows unauthenticated network attackers to brute force weak passwords and gain full...

  • SecurityApr 4, 2026

    CVE-2017-20237: Hirschmann HiVision Auth Bypass Enables

    A critical authentication bypass in Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 allows unauthenticated remote attackers to...

  • SecurityApr 1, 2026

    CVE-2026-1579: MAVLink Protocol Unauthenticated Shell Access

    A critical CVSS 9.8 vulnerability in the MAVLink drone communication protocol allows unauthenticated attackers to send arbitrary SERIAL_CONTROL commands —...

  • NewsFeb 6, 2026

    Cyberattacks on Critical Infrastructure Double in Q1 2026

    Dragos and Mandiant report a 112% increase in cyberattacks targeting energy, water, and transportation systems in the first quarter of 2026, with...