✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Chemicals
Breach intelligence, attack campaigns, and threat reports targeting the Chemicals sector.
Explore Other Sectors
Chemicals Threat Reports
ABB Freelance Security Lock Vulnerability CVE-2025-7064
In June 2026, a vulnerability identified as CVE-2025-7064 was disclosed in ABB's Freelance Security Lock software. This authentication bypass flaw allows attackers to access underlying Windows OS functions even when Freelance Operations is active, depending on system configuration and user permissions. Affected versions include Freelance through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai)) The vulnerability has a CVSS score of 6.6, indicating a medium severity level. While no active exploitation has been reported, organizations using the affected versions should assess their exposure and apply patches as recommended by ABB. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai))
2 days ago
Kill Chain
Critical Vulnerability in AzeoTech DAQFactory: CVE-2026-12390
In June 2026, a critical vulnerability (CVE-2026-12390) was identified in AzeoTech's DAQFactory software, versions 21.1 and prior. This Type Confusion flaw allows attackers to execute arbitrary code by tricking users into opening malicious .ctl files. The vulnerability poses significant risks to systems utilizing DAQFactory, potentially leading to unauthorized access and control. The disclosure underscores the ongoing challenges in securing industrial control systems, especially as attackers increasingly target such environments. Organizations are urged to apply recommended mitigations promptly to prevent exploitation and maintain operational integrity.
6 days ago
Kill Chain
Kodak Data Breach 2026: ShinyHunters Extortion Group Claims Responsibility
In June 2026, Kodak confirmed a data breach after the ShinyHunters extortion group claimed responsibility for accessing over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. The attackers threatened to leak the exfiltrated data if their demands were not met by June 18, 2026. Kodak engaged external cybersecurity experts and law enforcement to investigate the incident and mitigate potential threats to their systems and operations. This incident underscores the escalating threat posed by cyber extortion groups like ShinyHunters, who have been linked to multiple high-profile data breaches in 2026, including attacks on Oracle PeopleSoft servers and various universities. Organizations must enhance their cybersecurity measures to protect sensitive data and prevent similar breaches.
1 week ago
Kill Chain
Cyberattacks on U.S. Fuel Tank Monitoring Systems: A 2026 Overview
In June 2026, U.S. critical infrastructure sectors, including energy and transportation, faced cyberattacks targeting internet-exposed Automatic Tank Gauge (ATG) systems. These systems, essential for monitoring fuel and liquid levels, were compromised by threat actors exploiting vulnerabilities such as default passwords and command execution flaws. The attackers manipulated system settings, altered tank readings, and disabled alerts, posing significant operational and safety risks. In response, agencies like CISA, NSA, and FBI issued joint advisories urging organizations to secure ATG systems by removing them from public internet access, enforcing strong credentials, and applying necessary patches. This incident underscores the escalating threat to industrial control systems and the urgent need for enhanced cybersecurity measures to protect critical infrastructure from sophisticated cyber threats.
2 weeks ago
Kill Chain
Over 900 US Gas Station Tank Gauge Systems Exposed to Cyberattacks
In June 2026, over 900 Automatic Tank Gauge (ATG) systems across the United States were found exposed online, making them vulnerable to cyberattacks. ATG systems are critical for monitoring fuel and chemical storage tanks in various sectors, including energy and transportation. Threat actors exploited security flaws such as hardcoded credentials and authentication bypasses to gain unauthorized access, potentially leading to operational disruptions and safety hazards. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/amp/?utm_source=openai)) This incident underscores the growing threat to critical infrastructure from cyberattacks targeting industrial control systems. Organizations must prioritize securing internet-exposed devices to prevent similar vulnerabilities from being exploited in the future.
2 weeks ago
Kill Chain
CISA Issues Warning on Cyberattacks Targeting Fuel Tank Monitoring Systems
In June 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, and Department of Energy, issued a warning about cyberattacks targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across critical infrastructure sectors. Attackers exploited vulnerabilities such as authentication bypasses, hardcoded credentials, and command-execution flaws to gain unauthorized access, allowing them to alter network settings, tank volumes, and pump controls. This manipulation could disable alerts and hinder operators from accurately monitoring tank levels, increasing the risk of leaks or equipment failures. This incident underscores the growing threat to operational technology (OT) systems within critical infrastructure. The exploitation of ATG systems highlights the need for enhanced cybersecurity measures, including restricting internet exposure, implementing strong authentication protocols, and applying timely security updates to prevent unauthorized access and potential operational disruptions.
3 weeks ago
Kill Chain
Urgent Advisory: Securing Automatic Tank Gauge Systems Against Cyber Threats
In April 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with multiple federal partners, issued an urgent advisory regarding active cyberattacks targeting Automatic Tank Gauge (ATG) systems across the United States. These systems, integral to monitoring fuel storage tanks in sectors such as Energy, Chemical, Food and Agriculture, and Transportation, were found to be vulnerable due to internet exposure and weak authentication mechanisms. Threat actors exploited these weaknesses to gain unauthorized access, potentially allowing them to manipulate tank levels, disable alarms, and disrupt operations. While no physical damage was reported, the incidents underscored significant cybersecurity gaps in critical infrastructure. ([infoodandfuel.org](https://www.infoodandfuel.org/news/cybersecurity-alert-automatic-tank-gauge-systems-targeted?utm_source=openai)) This advisory highlights the escalating threat landscape for operational technology (OT) systems, emphasizing the need for immediate action to secure ATG systems. The incidents serve as a stark reminder of the vulnerabilities present in internet-exposed OT devices and the potential for malicious actors to exploit these weaknesses to disrupt essential services.
3 weeks ago
Kill Chain
Critical DoS Vulnerability in ABB B&R Automation Runtime (CVE-2025-3450)
In October 2025, ABB identified a critical vulnerability (CVE-2025-3450) in the System Diagnostics Manager (SDM) component of B&R Automation Runtime versions prior to 6.3 and Q4.93. This flaw allows unauthenticated, network-based attackers to delete data, leading to denial-of-service conditions. The vulnerability stems from improper resource locking within the SDM, potentially causing affected systems to cease operation upon exploitation. ABB has released updates to address this issue and recommends users upgrade to Automation Runtime versions 6.3 or Q4.93 to mitigate the risk. This incident underscores the importance of timely patch management and robust network security practices, especially in critical infrastructure sectors where such vulnerabilities can have significant operational impacts.
1 month ago
Kill Chain
Critical Vulnerability in ABB Ability™ zenon: CVE-2025-8754
In August 2025, a critical vulnerability (CVE-2025-8754) was identified in ABB's Ability™ zenon software, versions 7.50 through 14. This flaw allows unauthenticated remote attackers to access critical functions, potentially leading to denial-of-service conditions in industrial control environments. The vulnerability arises from missing authentication mechanisms in the Remote Transport Service, enabling unauthorized system reboots. ([cve.org](https://www.cve.org/CVERecord?id=CVE-2025-8754&utm_source=openai)) The incident underscores the importance of robust authentication protocols in industrial control systems. As cyber threats targeting critical infrastructure continue to evolve, organizations must prioritize timely vulnerability assessments and implement comprehensive security measures to mitigate potential risks.
1 month ago
Kill Chain
ABB MConfig Vulnerability CVE-2025-9970: Cleartext Storage of Sensitive Information
In October 2025, ABB disclosed a vulnerability (CVE-2025-9970) in its MConfig software versions up to 1.4.9.21, where sensitive information was stored in cleartext within memory. This flaw could allow attackers with local access to extract credentials, potentially compromising system integrity. ABB released version 1.4.9.22 to address this issue. This incident underscores the critical importance of secure memory handling practices in software development, especially for applications managing sensitive data. Organizations are reminded to promptly apply security patches and review software for similar vulnerabilities to prevent unauthorized access.
1 month ago
Kill Chain
ScadaBR 1.2.0 Vulnerabilities: A Wake-Up Call for SCADA Security
In May 2026, multiple critical vulnerabilities were identified in ScadaBR version 1.2.0, an open-source SCADA platform widely used in critical infrastructure sectors. These vulnerabilities include missing authentication for critical functions (CVE-2026-8602), OS command injection (CVE-2026-8603), cross-site request forgery (CVE-2026-8604), and the use of hard-coded credentials (CVE-2026-8605). Exploitation of these flaws could allow unauthenticated attackers to execute arbitrary code, manipulate sensor readings, and gain administrative access to the system, posing significant risks to operational technology environments. ([windowsforum.com](https://windowsforum.com/threads/cisa-warns-scadabr-1-2-0-flaws-enable-unauthenticated-rce-protect-ot-exposure.418951/post-978793?utm_source=openai)) The discovery of these vulnerabilities underscores the ongoing challenges in securing SCADA systems, especially those exposed to the internet or integrated with IT networks. Organizations must reassess their security postures, implement robust access controls, and ensure timely updates to mitigate such risks.
1 month ago
Kill Chain
Critical Vulnerability in Siemens gWAP: CVE-2026-40175
In May 2026, Siemens disclosed a critical vulnerability (CVE-2026-40175) in its gPROMS Web Applications Publisher (gWAP), stemming from the integration of a vulnerable version of the Axios HTTP client library. This flaw allows attackers to exploit prototype pollution in third-party dependencies, potentially leading to remote code execution or full cloud environment compromise. Siemens has released version 3.1.1 to address this issue and strongly recommends users update immediately. This incident underscores the risks associated with third-party software components in supply chains. Organizations must remain vigilant, ensuring all integrated libraries are up-to-date and secure to prevent similar vulnerabilities from being exploited.
1 month ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports