✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Critical Manufacturing
Breach intelligence, attack campaigns, and threat reports targeting the Critical Manufacturing sector.
Explore Other Sectors
Critical Manufacturing Threat Reports
Siemens SIPROTEC 5 Vulnerability Exposes Critical Infrastructure to Potential Attacks
In June 2026, Siemens disclosed a vulnerability (CVE-2025-40808) in its SIPROTEC 5 devices, which are critical components in energy and industrial sectors. The flaw allows authenticated users to upload arbitrary files via the DIGSI 5 protocol, potentially leading to denial-of-service conditions or remote code execution. Siemens has released firmware updates to address this issue and recommends users upgrade to the latest versions to mitigate the risk. This incident underscores the importance of securing industrial control systems against authenticated insider threats. As cyberattacks targeting critical infrastructure become more sophisticated, organizations must prioritize timely patching and robust access controls to safeguard operational technology environments.
2 days ago
Kill Chain
Critical Security Flaws Discovered in Brickcom Cameras
In June 2026, critical vulnerabilities were identified in Brickcom cameras, specifically models Cube, Dome, Bullet, and Box version 3.2.3.5.6. These flaws, cataloged as CVE-2026-50245 and CVE-2026-50005, allow unauthenticated remote attackers to access live video feeds and still images via the /ONVIF endpoint without requiring authentication. Additionally, the use of default credentials enables silent access to camera feeds, compromising sensitive visual information and potentially granting administrative control over the devices. The exploitation of these vulnerabilities poses significant risks to sectors such as Commercial Facilities, Critical Manufacturing, Financial Services, and Healthcare, where surveillance systems are integral to security operations. The absence of authentication mechanisms in these cameras underscores the critical need for robust access controls and regular security assessments to prevent unauthorized access and data breaches.
1 week ago
Kill Chain
Critical Vulnerability in Schneider Electric's EcoStruxure Panel Server Devices (CVE-2026-6866)
In May 2026, Schneider Electric disclosed a vulnerability (CVE-2026-6866) in its EcoStruxure Panel Server devices, including models PAS400, PAS600, PAS600V2, PAS800, and PAS800V2, running firmware versions 002.005.000 and prior. This flaw, identified as CWE-1188, allows device credentials to revert to factory defaults under rare conditions, potentially enabling unauthorized access to operational technology (OT) networks. The vulnerability poses a significant risk to critical infrastructure sectors such as energy, utilities, and manufacturing, as it could lead to unauthorized disclosure of sensitive information. Schneider Electric has released firmware version 002.006.000 to address this issue. Organizations are urged to apply this update promptly to mitigate potential security breaches. ([techjacksolutions.com](https://techjacksolutions.com/scc-intel/schneider-electric-ecostruxure-panel-server-credential-reset-flaw-exposes-ot-gateways-in-critical-infrastructure/?utm_source=openai)) The incident underscores the importance of maintaining up-to-date firmware and implementing robust access controls in OT environments. As cyber threats targeting industrial control systems continue to evolve, ensuring the security of gateway devices like the EcoStruxure Panel Server is crucial to prevent unauthorized access and protect critical infrastructure.
2 weeks ago
Kill Chain
Critical XSS Vulnerability in CP Plus NVRs: CVE-2026-6824
In May 2026, a critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-6824, was discovered in CP Plus 8 Channel Network Video Recorders (NVRs). This flaw allows attackers to inject malicious scripts into the device's web interface, which execute in the browsers of authenticated users or administrators upon access. Exploitation can lead to session hijacking, unauthorized actions, data exposure, and compromise of system integrity. The affected versions include CP-UNR-108F1 Hardware V1.0, Web V3.2.7.128806, and System V4.001.00AT009.0.R. ([socdefenders.ai](https://www.socdefenders.ai/item/a70ca9af-a0bb-4b2f-9cf8-a89beb76b2b9?utm_source=openai)) This incident underscores the persistent threat posed by web-based vulnerabilities in critical infrastructure devices. As attackers increasingly target such systems, organizations must prioritize regular security assessments, timely patching, and adherence to best practices to mitigate risks associated with similar vulnerabilities.
3 weeks ago
Kill Chain
Critical OpenSSL Vulnerability in Hitachi Energy's GMS600: CVE-2022-4304
In 2023, Hitachi Energy identified a vulnerability (CVE-2022-4304) in its GMS600 versions 1.3.0 and 1.3.1, stemming from a timing-based side channel in the OpenSSL RSA decryption implementation. This flaw could potentially allow attackers to recover plaintext across a network through a Bleichenbacher-style attack, necessitating the transmission of a large number of trial messages. Successful exploitation could lead to the decryption of sensitive application data transmitted over TLS connections. ([cve.mitre.org](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304&utm_source=openai)) This incident underscores the critical importance of promptly addressing vulnerabilities in widely used cryptographic libraries like OpenSSL. Organizations must remain vigilant, as similar flaws can have far-reaching implications across various products and industries, emphasizing the need for continuous monitoring and timely patching to maintain robust cybersecurity defenses.
1 month ago
Kill Chain
Critical Vulnerability in Palo Alto Networks PAN-OS: CVE-2026-0300
In May 2026, a critical buffer overflow vulnerability (CVE-2026-0300) was identified in the User-ID™ Authentication Portal service of Palo Alto Networks PAN-OS software. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. The vulnerability affects PAN-OS versions prior to 12.1.4-h5, 11.2.4-h17, 11.1.4-h33, and 10.2.7-h34. Exploitation has been observed in the wild, primarily targeting systems with the Authentication Portal exposed to untrusted networks. ([security.paloaltonetworks.com](https://security.paloaltonetworks.com/CVE-2026-0300?utm_source=openai)) The incident underscores the importance of securing network access to critical services and adhering to best practice guidelines. Organizations are advised to restrict access to the User-ID™ Authentication Portal to trusted internal IP addresses and apply the necessary software updates promptly to mitigate potential risks. ([security.paloaltonetworks.com](https://security.paloaltonetworks.com/CVE-2026-0300?utm_source=openai))
1 month ago
Kill Chain
Critical Vulnerabilities Discovered in Subnet Solutions PowerSYSTEM Center
In May 2026, multiple vulnerabilities were identified in Subnet Solutions Inc.'s PowerSYSTEM Center, a critical infrastructure management platform. These vulnerabilities, including CVE-2026-26289, CVE-2026-33570, CVE-2026-35555, and CVE-2026-35504, could allow authenticated attackers to expose sensitive information, perform unauthorized actions, or inject malicious content. The affected versions span PowerSYSTEM Center 2020, 2024, and 2026 releases. Exploitation of these flaws could lead to unauthorized data access, privilege escalation, and potential disruption of critical manufacturing and energy sectors. The discovery of these vulnerabilities underscores the persistent risks in industrial control systems and the importance of timely software updates. Organizations relying on PowerSYSTEM Center should prioritize applying the recommended patches and reviewing their security protocols to mitigate potential threats.
1 month ago
Kill Chain
Critical Vulnerability in Johnson Controls CEM AC2000: CVE-2026-21661
In May 2026, a critical vulnerability (CVE-2026-21661) was identified in Johnson Controls' CEM AC2000 versions 10.6, 11.0, and 12.0. This flaw, stemming from an uncontrolled search path element, allows standard users to escalate privileges on the host machine via DLL hijacking. The vulnerability affects sectors such as Critical Manufacturing, Commercial Facilities, Government Services, Transportation Systems, and Energy. Johnson Controls has released specific updates to remediate this issue. The incident underscores the persistent risks associated with DLL hijacking vulnerabilities in critical infrastructure systems. Organizations are urged to promptly apply the recommended updates and review their security protocols to prevent potential exploitation.
1 month ago
Kill Chain
Critical Security Update for ABB PCM600: Addressing CVE-2018-1002208
In November 2025, ABB disclosed a critical vulnerability (CVE-2018-1002208) in its Protection and Control IED Manager PCM600 software, versions 1.5 through 2.13. This flaw, stemming from the SharpZipLib component, allows attackers to execute arbitrary code by sending specially crafted messages to the system node. The vulnerability, known as 'Zip-Slip,' involves improper limitation of a pathname to a restricted directory, leading to path traversal issues. ABB has addressed this issue in PCM600 version 2.14 and recommends users update promptly. ([cyber.gc.ca](https://www.cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av25-719?utm_source=openai)) The disclosure underscores the persistent risks associated with third-party libraries in industrial control systems. Organizations must remain vigilant, ensuring timely updates and implementing robust security measures to protect critical infrastructure from evolving cyber threats.
1 month ago
Kill Chain
Critical Vulnerability in Siemens RUGGEDCOM CROSSBOW SAC: CVE-2025-6965
In April 2026, Siemens disclosed a critical vulnerability (CVE-2025-6965) in its RUGGEDCOM CROSSBOW Station Access Controller (SAC) versions prior to V5.8. This flaw, stemming from a numeric truncation error in the integrated SQLite component, could allow remote attackers to execute arbitrary code or cause a denial-of-service condition. The vulnerability affects systems deployed worldwide in critical manufacturing sectors. Siemens has released version V5.8 to address this issue and strongly recommends users update to this latest version. ([cert-portal.siemens.com](https://cert-portal.siemens.com/productcert/html/ssa-994087.html?utm_source=openai)) This incident underscores the persistent risks associated with third-party software components in industrial control systems. As attackers increasingly target vulnerabilities in widely used libraries, organizations must prioritize timely updates and rigorous security assessments to safeguard critical infrastructure.
2 months ago
Kill Chain
Critical Vulnerabilities Discovered in SenseLive X3050 Devices
In April 2026, multiple critical vulnerabilities were identified in the SenseLive X3050 device, version V1.523. These vulnerabilities include authentication bypass, insufficient session expiration, use of hard-coded credentials, and cleartext transmission of sensitive information. Exploitation of these flaws could allow attackers to gain complete control over the device, leading to unauthorized access and potential disruption of operations. The affected devices are widely deployed across critical infrastructure sectors such as manufacturing, water and wastewater, and energy. ([cyberpings.com](https://cyberpings.com/article/senselive-x3050-vulnerabilities-explained-mo8x?utm_source=openai)) The urgency of addressing these vulnerabilities is heightened by the lack of response from SenseLive to coordinate remediation efforts. Organizations utilizing the X3050 are advised to contact SenseLive directly for guidance and to implement immediate defensive measures to mitigate potential exploitation. ([cyberpings.com](https://cyberpings.com/article/senselive-x3050-vulnerabilities-explained-mo8x?utm_source=openai))
2 months ago
Kill Chain
Critical Security Flaws in Anviz Products: Immediate Action Required
In April 2026, multiple critical vulnerabilities were identified in Anviz's CX2 Lite and CX7 firmware, as well as the CrossChex Standard software. These vulnerabilities include missing authorization, command injection, and the use of hard-coded cryptographic keys, potentially allowing attackers to gain unauthorized access, execute arbitrary code, and compromise sensitive data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting these issues and recommending immediate mitigations. ([windowsforum.com](https://windowsforum.com/threads/cisa-critical-advisory-anviz-cx2-lite-cx7-firmware-crosschex-risk-cvss-9-8.413734/?utm_source=openai)) The significance of this incident is underscored by the widespread deployment of Anviz products across various critical infrastructure sectors, including commercial facilities, healthcare, and transportation systems. Organizations utilizing these products are urged to assess their exposure and implement recommended security measures promptly to prevent potential exploitation.
2 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports