Bulletins

CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.

The following versions of CubeSpace CW0057 Reaction Wheel are affected:

  • CW0057 Reaction Wheel
CVSS Vendor Equipment
CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.

The following versions of ST Engineering iDirect iQ-Series Terminals are affected:

  • Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)
  • 3315‑Series terminals <=4.5.2.1 …
CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.

The following versions of Gardyn IoT Hub are affected:

  • Home Firmware
  • Studio Firmware
  • Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477)
CISA (ALL)
06/30/2026

View CSAF

Summary

An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data.

The following versions of XZ Utils vulnerability impacting B&R Products …

CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems.

The following versions of StoneFly Storage Concentrator are affected:

CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance.

The following versions of Frangoteam FUXA SCADA/HMI are affected:

  • FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207)
CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included …

CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files.

The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected: