✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Food Production
Breach intelligence, attack campaigns, and threat reports targeting the Food Production sector.
Explore Other Sectors
Food Production Threat Reports
Critical Vulnerabilities in Rockwell Automation's CompactLogix 5370 Controllers: Immediate Action Required
In June 2026, Rockwell Automation disclosed two critical vulnerabilities affecting its CompactLogix 5370 series controllers, specifically models L1, L2, and L3. The first vulnerability, CVE-2025-11694, involves improper validation of sequence numbers and source IP addresses in the CIP protocol, allowing attackers to exploit exposed Connection IDs to induce denial-of-service conditions. The second, CVE-2026-9307, pertains to the exposure of sensitive system information through the controller's web server, which reveals CIP Connection IDs to unauthenticated users, potentially leading to similar denial-of-service attacks. Both vulnerabilities have been addressed in firmware version V38.011, and users are strongly advised to update their systems accordingly. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.PN1025.html?utm_source=openai)) These vulnerabilities underscore the persistent risks in industrial control systems, particularly in critical manufacturing sectors. The disclosure highlights the necessity for continuous monitoring, timely patch management, and adherence to cybersecurity best practices to safeguard operational technology environments from potential disruptions.
1 week ago
Kill Chain
Critical DoS Vulnerability in Rockwell Automation RSLinx Classic: CVE-2020-13573
In November 2020, a denial-of-service (DoS) vulnerability, identified as CVE-2020-13573, was discovered in Rockwell Automation's RSLinx Classic software, version 2.57.00.14 CPR 9 SR 3. This vulnerability resides in the Ethernet/IP server functionality and can be exploited by remote attackers sending specially crafted network requests, leading to a DoS condition. The vulnerability was reported by Cisco Talos and has a CVSS v3.0 base score of 7.5, indicating high severity. ([talosintelligence.com](https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1184?utm_source=openai)) The relevance of this vulnerability persists due to the widespread deployment of RSLinx Classic in industrial control systems. Exploitation could disrupt critical manufacturing, energy, and water sectors, emphasizing the need for timely patching and adherence to cybersecurity best practices to mitigate potential threats.
1 week ago
Kill Chain
Critical Vulnerability in Schneider Electric Modicon Switches: CVE-2024-3596
In April 2026, Schneider Electric disclosed a critical vulnerability (CVE-2024-3596) affecting all versions of its Modicon and Connexium managed network switches. This flaw resides in the RADIUS authentication protocol, where an attacker with a man-in-the-middle position can exploit the MD5-based Response Authenticator to forge authentication responses. Such exploitation could grant unauthorized access to protected network segments, leading to potential denial of service and compromise of confidentiality and integrity of connected devices. This vulnerability underscores the persistent risks associated with legacy cryptographic protocols like MD5 in critical infrastructure. Organizations relying on RADIUS for network access control must reassess their configurations and consider transitioning to more secure authentication methods to mitigate such threats.
2 weeks ago
Kill Chain
UN World Food Programme Data Breach: A Wake-Up Call for Humanitarian Cybersecurity
In May 2026, the United Nations' World Food Programme (WFP) experienced a significant data breach when unauthorized actors accessed its self-registration application for Palestine. This breach exposed sensitive personal information—including names, ID numbers, mobile numbers, and location data—of approximately 600,000 Palestinian households in Gaza. The WFP promptly suspended the affected platform to implement security enhancements and initiated a comprehensive investigation into the incident. This incident underscores the critical importance of robust cybersecurity measures for humanitarian organizations handling sensitive beneficiary data. The exposure of such information not only compromises individual privacy but also heightens the risk of identity theft and targeted attacks, emphasizing the need for continuous vigilance and proactive security protocols in the humanitarian sector.
3 weeks ago
Kill Chain
CISA Issues Warning on Cyberattacks Targeting Fuel Tank Monitoring Systems
In June 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, and Department of Energy, issued a warning about cyberattacks targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across critical infrastructure sectors. Attackers exploited vulnerabilities such as authentication bypasses, hardcoded credentials, and command-execution flaws to gain unauthorized access, allowing them to alter network settings, tank volumes, and pump controls. This manipulation could disable alerts and hinder operators from accurately monitoring tank levels, increasing the risk of leaks or equipment failures. This incident underscores the growing threat to operational technology (OT) systems within critical infrastructure. The exploitation of ATG systems highlights the need for enhanced cybersecurity measures, including restricting internet exposure, implementing strong authentication protocols, and applying timely security updates to prevent unauthorized access and potential operational disruptions.
3 weeks ago
Kill Chain
Urgent Advisory: Securing Automatic Tank Gauge Systems Against Cyber Threats
In April 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with multiple federal partners, issued an urgent advisory regarding active cyberattacks targeting Automatic Tank Gauge (ATG) systems across the United States. These systems, integral to monitoring fuel storage tanks in sectors such as Energy, Chemical, Food and Agriculture, and Transportation, were found to be vulnerable due to internet exposure and weak authentication mechanisms. Threat actors exploited these weaknesses to gain unauthorized access, potentially allowing them to manipulate tank levels, disable alarms, and disrupt operations. While no physical damage was reported, the incidents underscored significant cybersecurity gaps in critical infrastructure. ([infoodandfuel.org](https://www.infoodandfuel.org/news/cybersecurity-alert-automatic-tank-gauge-systems-targeted?utm_source=openai)) This advisory highlights the escalating threat landscape for operational technology (OT) systems, emphasizing the need for immediate action to secure ATG systems. The incidents serve as a stark reminder of the vulnerabilities present in internet-exposed OT devices and the potential for malicious actors to exploit these weaknesses to disrupt essential services.
3 weeks ago
Kill Chain
Critical Vulnerability in ABB CoreSense Products: CVE-2025-3465
In October 2025, ABB disclosed a path traversal vulnerability (CVE-2025-3465) in its CoreSense™ HM and CoreSense™ M10 products, affecting versions up to 2.3.1 and 1.4.1.12, respectively. This flaw allows unauthenticated users to access restricted directories, potentially leading to complete system compromise and exposure of sensitive information. ABB has released updates to address this issue and recommends that customers apply them promptly. This incident underscores the critical importance of timely vulnerability management in industrial control systems. As cyber threats targeting critical infrastructure continue to evolve, organizations must remain vigilant and proactive in applying security patches to mitigate potential risks.
1 month ago
Kill Chain
Critical Vulnerability in Siemens gWAP: CVE-2026-40175
In May 2026, Siemens disclosed a critical vulnerability (CVE-2026-40175) in its gPROMS Web Applications Publisher (gWAP), stemming from the integration of a vulnerable version of the Axios HTTP client library. This flaw allows attackers to exploit prototype pollution in third-party dependencies, potentially leading to remote code execution or full cloud environment compromise. Siemens has released version 3.1.1 to address this issue and strongly recommends users update immediately. This incident underscores the risks associated with third-party software components in supply chains. Organizations must remain vigilant, ensuring all integrated libraries are up-to-date and secure to prevent similar vulnerabilities from being exploited.
1 month ago
Kill Chain
Yokogawa CENTUM VP Hardcoded Password Vulnerability Exposes Industrial Systems
In March 2026, a hardcoded password vulnerability (CVE-2025-7741) was identified in Yokogawa's CENTUM VP distributed control system. This flaw allows attackers with access to the Human Interface Station (HIS) to log in using the 'PROG' user account, potentially modifying system permissions. Affected versions include CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00, and R7.01.00. Exploitation requires prior access to the HIS screen controls, limiting the immediate risk but highlighting significant security concerns in industrial control systems. ([cvedetails.com](https://www.cvedetails.com/cve/CVE-2025-7741/?utm_source=openai)) This incident underscores the critical need for robust authentication mechanisms in industrial environments. The reliance on hardcoded credentials poses substantial risks, especially when combined with potential insider threats or physical access breaches. Organizations must prioritize updating authentication protocols and implementing comprehensive security measures to mitigate such vulnerabilities.
2 months ago
Kill Chain
Critical Vulnerabilities in Schneider Electric's Plant iT/Brewmaxx Systems: Immediate Action Required
In March 2026, Schneider Electric disclosed multiple critical vulnerabilities in its Plant iT/Brewmaxx systems, stemming from the integration of Redis, an open-source in-memory database. These vulnerabilities, identified as CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, and CVE-2025-46819, involve issues such as use-after-free errors and integer overflows within Redis's Lua scripting engine. Exploitation of these flaws could allow authenticated users to execute arbitrary code, leading to potential remote code execution and privilege escalation. The affected versions include Plant iT/Brewmaxx 9.60 and above. Schneider Electric has released patches and provided mitigation steps to address these vulnerabilities. ([se.com](https://www.se.com/in/en/download/document/SEVD-2026-013-01/?utm_source=openai)) The disclosure underscores the critical importance of securing third-party components within industrial control systems. As cyber threats targeting critical infrastructure continue to evolve, organizations must remain vigilant, ensuring timely updates and adherence to cybersecurity best practices to mitigate potential risks.
3 months ago
Kill Chain
Johnson Controls 2026 Unauthenticated Remote Code Execution Vulnerabilities
In February 2026, multiple critical vulnerabilities were identified in Johnson Controls' Frick Controls Quantum HD systems, versions 10.22 and prior. These vulnerabilities include unauthenticated remote code execution, code injection, and plaintext storage of passwords, potentially allowing attackers to execute arbitrary code, access sensitive information, and compromise system integrity. The affected systems are widely deployed in critical infrastructure sectors, including food and agriculture, posing significant security risks. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-21659?utm_source=openai)) The discovery of these vulnerabilities underscores the ongoing challenges in securing industrial control systems (ICS) against sophisticated cyber threats. Organizations utilizing these systems must prioritize timely updates and adhere to recommended security practices to mitigate potential exploitation and safeguard critical operations.
3 months ago
Kill Chain
Critical Vulnerabilities in Yokogawa CENTUM VP Vnet/IP Interface Package
In February 2026, multiple vulnerabilities were identified in Yokogawa Electric Corporation's Vnet/IP Interface Package, affecting CENTUM VP R6 and R7 systems. These vulnerabilities, including CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, and CVE-2025-48023, could allow attackers on adjacent networks to send maliciously crafted packets, leading to denial-of-service conditions or arbitrary code execution. The affected versions are Vnet/IP Interface Package R1.07.00 and earlier. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-48020?utm_source=openai)) The discovery of these vulnerabilities underscores the critical need for robust security measures in industrial control systems. As cyber threats targeting critical infrastructure continue to evolve, organizations must prioritize timely patching, network segmentation, and continuous monitoring to mitigate potential risks.
3 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports