CISA (ICS)
01/27/2026
Summary Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. The following versions of iba Systems ibaPDA are affected: ibaPDA (CVE-2025-14988) CVSS Vendor Equipment Vulnerabilities v3 9.8 iba Systems iba Systems ibaPDA Incorrect Permission Assignment for Critical Resource Background Critical Infrastructure Sectors: …
CISA (ICS)
01/27/2026
Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Metasys Products are affected: Metasys Application and Data Server (ADS) (CVE-2025-26385) Metasys Extended Application and Data Server (ADX) (CVE-2025-26385) Metasys LCS8500 (CVE-2025-26385) Metasys NAE8500 (CVE-2025-26385) …
CISA (ICS)
01/27/2026
Summary Schneider Electric is aware of multiple vulnerabilities with EmberZNet disclosed by Silicon Labs. Many vendors, including Schneider Electric, use Silicon Labs’ Zigbee processors in their offers. The following have denial of service vulnerabilities: Wiser iTRV, Wiser RTR, Wiser UFH, Wiser Heat Switch, Wiser Boiler Relay, cFMT (Exaact, Elko, Odace, …
CISA (ICS)
01/22/2026
Summary Successful exploitation of this vulnerability could allow an authenticated attacker to escalate their privileges and control devices outside of their authorized scope. The following versions of Hubitat Elevation Hubs are affected: Elevation C3 (CVE-2026-1201) Elevation C4 (CVE-2026-1201) Elevation C5 (CVE-2026-1201) Elevation C7 (CVE-2026-1201) Elevation C8 (CVE-2026-1201) Elevation C8 pro …
CISA (ICS)
01/22/2026
Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate users, escalate privileges, gain unauthorized access to systems and services, and decrypt sensitive data. The following versions of AutomationDirect CLICK Programmable Logic Controller are affected: CLICK Programmable Logic Controller (CVE-2025-67652, CVE-2025-25051) CLICK Programmable Logic Controller (CVE-2025-67652, CVE-2025-25051) CLICK …
CISA (ICS)
01/22/2026
Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix 5370 are affected: CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CVSS Vendor Equipment Vulnerabilities v3 6.5 Rockwell Automation Rockwell Automation CompactLogix 5370 Improper Validation of Specified …
CISA (ICS)
01/22/2026
Summary Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. The following versions of Weintek cMT X Series HMI EasyWeb Service are affected: cMT3072XH (CVE-2025-14750, CVE-2025-14751) cMT3072XH(T) (CVE-2025-14750, CVE-2025-14751) cMT-SVRX-820 (CVE-2025-14750, CVE-2025-14751) cMT-CTRL01 (CVE-2025-14750, CVE-2025-14751) CVSS Vendor Equipment Vulnerabilities …
CISA (ICS)
01/22/2026
Summary Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. The following versions of Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool are affected: iSTAR Configuration Utility (ICU) tool (CVE-2025-26386) CVSS Vendor Equipment Vulnerabilities v3 …