All CosmicBytez Labs articles tagged #ICS, across news, security advisories, how-to guides, and projects.
A critical integer truncation vulnerability in OpENer 2.3.0 allows network attackers to trigger heap corruption or denial of service by sending malformed CIP packets. CVSS 9.1. Affects industrial EtherNet/IP stacks.
A critical out-of-bounds read vulnerability in OpENer 2.3.0 allows unauthenticated attackers to crash industrial EtherNet/IP devices by sending malformed CIP ForwardOpen packets. CVSS 9.1.
A critical access control vulnerability in OpENer 2.3.0 allows unauthenticated attackers to send privileged encapsulation commands using arbitrary session handles, bypassing session ownership validation. CVSS 9.1.
A critical CVSS 9.8 improper authentication vulnerability in Dassault Systèmes DELMIA Apriso (releases 2020–2026) allows unauthenticated attackers to gain...
Critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.5. Users must upgrade...
A second critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.6. Patch to 1.3.6 or...
CISA has added CVE-2026-12569, a critical remote code execution vulnerability in PTC Windchill PDMlink and FlexPLM, to its Known Exploited Vulnerabilities...
CISA has added CVE-2026-12569, a remote code execution flaw in PTC Windchill, to its Known Exploited Vulnerabilities catalog after confirming active...
California Water Service has confirmed that Iranian hacker group Handala's cyberattack was limited to IT systems, with Mandiant's investigation finding no...
Accenture's $4.1 billion acquisition of Dragos (valued at $3.25B), runZero, and NetRise marks the largest consolidation in operational technology...
A CVSS 9.8 authentication bypass in Nefteprodukttekhnika's BUK TS-G Gas Station Automation System allows any unauthenticated attacker to gain full...
A critical CVSS 9.8 vulnerability in a local MQTT broker fails to enforce topic-level ACLs, allowing any client to use wildcard characters to enumerate hidden…
A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...
This week's ThreatsDay threat roundup covers Microsoft Edge storing passwords in plaintext, industrial control system zero-days under active exploitation,...
A critical vulnerability in a programmable logic controller allows unauthenticated network attackers to brute force weak passwords and gain full...
A critical authentication bypass in Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 allows unauthenticated remote attackers to...
A critical CVSS 9.8 vulnerability in the MAVLink drone communication protocol allows unauthenticated attackers to send arbitrary SERIAL_CONTROL commands —...
Dragos and Mandiant report a 112% increase in cyberattacks targeting energy, water, and transportation systems in the first quarter of 2026, with...