CISA (ICS)
01/22/2026
Summary Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. The following versions of Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool are affected: iSTAR Configuration Utility (ICU) tool (CVE-2025-26386) CVSS Vendor Equipment Vulnerabilities v3 …
SIEMENS CERT
01/22/2026
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
CISA (ICS)
01/20/2026
Summary Schneider Electric is aware of a vulnerability disclosed by INTEL used in the EcoStruxure™ Foxboro DCS product formerly known as Foxboro Evo Process Automation System and I/A Series. The [EcoStruxure™ Foxboro DCS product](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/#overview) is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates …
SIEMENS CERT
01/13/2026
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
SIEMENS CERT
01/13/2026
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, …
SIEMENS CERT
01/13/2026
Devices based on RUGGEDCOM ROX before V2.17 contain multiple high severity vulnerabilities. Siemens has released a new version for RUGGEDCOM ROX II family and recommends to update to the latest version.
SIEMENS CERT
01/13/2026
Siemens ET 200SP contains a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover. Siemens has released new versions for several affected products and recommends to update to the …
SIEMENS CERT
01/13/2026
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …