✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Chemical
Breach intelligence, attack campaigns, and threat reports targeting the Chemical sector.
Explore Other Sectors
Chemical Threat Reports
Critical Vulnerability in ABB AC500 V2 PLCs: CVE-2025-7745
In July 2025, a buffer over-read vulnerability, identified as CVE-2025-7745, was discovered in ABB's AC500 V2 programmable logic controllers (PLCs), affecting versions up to and including 2.5.2. This flaw could allow unauthorized access to fragments of previously transmitted Modbus telegrams, potentially exposing sensitive information. The vulnerability was reported by Reid Wightman of Dragos, Inc., and ABB released firmware version 2.5.3 to address the issue. The incident underscores the critical importance of timely patch management in industrial control systems (ICS). As cyber threats targeting ICS environments continue to evolve, organizations must remain vigilant in updating and securing their operational technology to prevent potential exploitation of such vulnerabilities.
1 month ago
Kill Chain
ABB Automation Builder Gateway Vulnerability Exposes Industrial Control Systems
In February 2026, ABB disclosed a vulnerability (CVE-2024-41975) in its Automation Builder Gateway for Windows, affecting versions prior to 2.9.0. The gateway, by default, listens on all network adapters on port 1217, allowing unauthenticated remote access. This configuration enables attackers to scan for connected Programmable Logic Controllers (PLCs). While PLC user management typically prevents unauthorized access, if disabled, attackers could potentially interact with the PLCs. ABB addressed this issue in version 2.9.0 by restricting the gateway's default access to local connections. ([cisa.gov](https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-04?utm_source=openai)) This incident underscores the critical importance of secure default configurations in industrial control systems. As cyber threats targeting operational technology environments increase, organizations must ensure that default settings do not expose systems to unnecessary risks. Regularly updating software and reviewing default configurations are essential steps in mitigating such vulnerabilities.
1 month ago
Kill Chain
Unveiling 'fast16': The Pre-Stuxnet Malware Targeting Engineering Software
In April 2026, SentinelOne researchers uncovered 'fast16,' a previously undocumented Lua-based malware framework dating back to 2005. This sophisticated tool targeted high-precision engineering and physics simulation software, subtly altering calculations to introduce systematic errors. Unlike typical malware of its era, fast16 was engineered for strategic sabotage, potentially undermining scientific research and engineering projects without immediate detection. The discovery of fast16 highlights the advanced capabilities of state-sponsored cyber operations predating known incidents like Stuxnet. It underscores the long-standing use of cyber tools for covert sabotage, emphasizing the need for vigilance in protecting critical infrastructure and sensitive research from such sophisticated threats.
2 months ago
Kill Chain
Critical Vulnerability in GPL Odorizers GPL750 Devices (CVE-2026-4436)
In April 2026, a critical vulnerability (CVE-2026-4436) was identified in GPL Odorizers' GPL750 devices, which are used for odorant injection in natural gas pipelines. This flaw allows low-privileged remote attackers to manipulate register values via Modbus packets, potentially leading to incorrect odorant levels being injected into gas lines. Affected versions include GPL750 (XL4) >=v1.0, GPL750 (XL4 Prime) >=v4.0, GPL750 (XL7) >=v13.0, and GPL750 (XL7 Prime) >=v18.4. The vulnerability has a CVSS v3 base score of 8.6, indicating high severity. ([gasodorizer.com](https://www.gasodorizer.com/odorization/gpl-750-odorant-injection/?utm_source=openai)) The exploitation of this vulnerability could result in significant safety hazards due to improper odorization of natural gas, which is essential for leak detection. Organizations using these devices are urged to update to the latest software versions and implement recommended mitigations to prevent potential exploitation. ([gasodorizer.com](https://www.gasodorizer.com/odorization/gpl-750-odorant-injection/?utm_source=openai))
2 months ago
Kill Chain
CISA Issues 2025 Industrial Control System Vulnerability Advisories
In December 2025, CISA disclosed six critical advisories highlighting a series of vulnerabilities across multiple industrial control system (ICS) products, including those from Güralp Systems, Johnson Controls, Hitachi Energy, Mitsubishi Electric, and Fuji Electric. The advisories detail software and firmware flaws that could allow unauthorized access, remote code execution, or complete system compromise in essential ICS devices. Exploitation could give attackers the means to disrupt critical infrastructure operations. Security teams are urged to apply mitigations, restrict network exposure, and follow vendor instructions to reduce risk. This incident underscores the growing frequency and severity of cybersecurity threats targeting ICS environments. With the expanding attack surface in operational technology (OT) networks, attackers increasingly focus on exploiting ICS vulnerabilities to disrupt important sectors. Regulators and asset owners are under pressure to implement robust, up-to-date defenses.
5 months ago
Kill Chain
AzeoTech DAQFactory 2025: Critical ICS Memory Flaws Open Path to Code Execution
In December 2025, critical memory corruption vulnerabilities were disclosed in AzeoTech DAQFactory, an industrial control system platform widely used in critical manufacturing. Attackers leveraging these flaws—such as out-of-bounds write, use-after-free, heap and stack buffer overflows, and type confusion—could upload malicious .ctl files, leading to potential arbitrary code execution or data disclosure. No remote exploitation was reported, but the flaws affect DAQFactory versions 20.7 (Build 2555) and earlier, impacting deployments worldwide. The incident underscores the persistent risk that memory-based vulnerabilities pose to ICS platforms, amplifying concerns about supply chain and file-based attacks in operational environments. Given ICS’s expanding attack surface and recent regulatory scrutiny, addressing patch management and limiting untrusted file handling remain crucial for minimizing operational risk.
5 months ago
Kill Chain
Critical OS Command Injection Vulnerability Hits Opto 22 ICS Devices in 2025
In November 2025, Opto 22 announced a critical vulnerability (CVE-2025-13087) affecting its GRV-EPIC and groov RIO programmable logic controllers. Discovered by security researchers from Meta, the flaw resides in the Groov Manage REST API, allowing attackers with administrative access to exploit improper neutralization of special elements and execute arbitrary shell commands as root on affected devices. This vulnerability places manufacturing environments deploying these controllers at risk of remote code execution and potential full device compromise, particularly in critical infrastructure operations worldwide. The incident highlights the continued targeting of industrial control systems by security researchers and underscores the urgency for timely patching in operational technology (OT) environments. With attackers increasingly seeking entry via API abuse and elevated privileges, organizations must remain vigilant against growing threats to cloud-connected OT and IIoT assets.
5 months ago
Kill Chain
AVEVA Edge 2025: Cryptographic Weakness Leaves Critical Manufacturing at Risk
In November 2025, AVEVA disclosed a critical vulnerability (CVE-2025-9317) in its Edge HMI/SCADA software (versions 2023 R2 and prior), stemming from the use of a broken or risky cryptographic algorithm. The flaw allows local attackers with read access to Edge project or cache files to reverse engineer both application-native and Active Directory passwords via brute-force techniques. This security gap exposes organizations using AVEVA Edge in the critical manufacturing sector to unauthorized credential recovery, potentially impacting operational technology environments on a global scale. The incident highlights increased scrutiny of industrial control software security, especially against a backdrop of escalating supply chain and OT attacks. Regulatory and compliance pressures are intensifying, and organizations are urged to prioritize cryptographic hygiene, proactive patching, and strict access controls to mitigate insider and lateral threat risks.
5 months ago
Kill Chain
CISA Issues 2025 Industrial Control Systems Vulnerability Alerts: What You Need to Know
In November 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control Systems (ICS) security advisories highlighting critical and high-severity vulnerabilities in products from Advantech (DeviceOn iEdge), Ubia (Ubox), ABB (FLXeon Controllers), and Hitachi Energy (Asset Suite). These advisories revealed weaknesses that allow threat actors to exploit unencrypted communications, weak authentication, and inadequate segmentation, which could enable remote attackers to gain unauthorized access, move laterally within ICS environments, or disrupt operations. The announcement underscores the ongoing risk posed to critical infrastructure from both targeted and opportunistic threats leveraging these flaws. This incident exemplifies a growing trend where attackers target ICS components and operational technology, exploiting security gaps often found in legacy or poorly maintained systems. As regulatory expectations rise and the threat landscape becomes more sophisticated, organizations must urgently prioritize ICS security, bolster monitoring, and implement zero trust architectures to defend critical infrastructure.
5 months ago
Kill Chain
Claroty Authentication Bypass Threatens OT Security in 2025
In early 2025, a critical vulnerability tracked as CVE-2025-54603 was discovered in Claroty’s industrial cybersecurity products, exposing operational technology (OT) networks and critical infrastructure to potential attacks and data theft. The flaw allowed threat actors to bypass authentication mechanisms, granting unauthorized access to sensitive network segments. Attackers leveraging this security gap could disrupt essential services, compromise confidential process data, and pose significant operational and safety risks. Claroty responded by issuing urgent patches to contain the exposure and mitigate ongoing threats. This incident highlights the increasing risk of authentication bypass exploits in OT environments, as threat actors target weak points in security architectures to gain privileged access. The event underscores an urgent need for robust, zero trust security frameworks and rapid vulnerability management in critical infrastructure sectors.
5 months ago
Kill Chain
CISA 2025 ICS Advisories Expose Widespread Industrial Control System Risks
In October 2025, CISA released thirteen industrial control systems (ICS) advisories highlighting critical security vulnerabilities across various products from leading vendors such as Rockwell Automation, Siemens, Hitachi Energy, Schneider Electric, and Delta Electronics. The disclosed vulnerabilities affected solutions commonly used in industrial environments, including HMIs, SCADA software, network management systems, and control processors. These weaknesses, if left unaddressed, could be leveraged by malicious actors for unauthorized access, lateral movement, or disruption of industrial processes, posing significant operational and safety risks to organizations dependent on ICS infrastructure. This mass vulnerability disclosure arrives amid an intensifying regulatory focus on the security of ICS and OT environments, paralleling a broader trend of increased adversary attention to unpatched operational technologies. Organizations must prioritize timely patching and hardened network segmentation to mitigate rapidly evolving threats and prevent cascading impacts across critical infrastructure.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports