Bulletins

CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.

The following versions of ST Engineering iDirect iQ-Series Terminals are affected:

  • Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)
  • 3315‑Series terminals <=4.5.2.1 …
CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.

The following versions of CubeSpace CW0057 Reaction Wheel are affected:

  • CW0057 Reaction Wheel
CVSS Vendor Equipment
CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.

The following versions of Gardyn IoT Hub are affected:

  • Home Firmware
  • Studio Firmware
  • Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477)
CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement.

The following versions of Delta Electronics DVP12SE PLC are affected:

  • DVP12SE PLC vers:all/* …
CISA (ALL)
06/30/2026

View CSAF

Summary

An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data.

The following versions of XZ Utils vulnerability impacting B&R Products …

CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included …

CISA (ALL)
06/30/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes.

The following versions of OFFIS DCMTK Toolkit are affected:

  • DCMTK <=3.7.0 (CVE-2026-50003, CVE-2026-50254, CVE-2026-35505, CVE-2026-52868, CVE-2026-44628)
CISA (ALL)
06/30/2026

View CSAF

Summary

Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation …