✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Industrial Automation
Breach intelligence, attack campaigns, and threat reports targeting the Industrial Automation sector.
Explore Other Sectors
Industrial Automation Threat Reports
Critical Vulnerabilities in Siemens SINEC INS: Immediate Action Required
In June 2026, Siemens disclosed multiple vulnerabilities in its SINEC INS software, versions prior to V1.0 SP2 Update 6. These vulnerabilities include improper input sanitization leading to OS command injection (CVE-2026-46746), path traversal (CVE-2026-46747), execution with unnecessary privileges (CVE-2026-46748), and the use of a one-way hash with a predictable salt (CVE-2026-46749). Exploitation of these flaws could allow attackers to execute arbitrary commands, access unintended file system locations, escalate privileges, and recover user passwords, potentially resulting in unauthorized access and control over affected systems. The disclosure underscores the critical importance of timely software updates and robust security practices in industrial control systems. Organizations utilizing SINEC INS are urged to upgrade to V1.0 SP2 Update 6 or later to mitigate these risks. This incident highlights the ongoing challenges in securing industrial networks against evolving cyber threats.
2 days ago
Kill Chain
ABB Freelance Security Lock Vulnerability CVE-2025-7064
In June 2026, a vulnerability identified as CVE-2025-7064 was disclosed in ABB's Freelance Security Lock software. This authentication bypass flaw allows attackers to access underlying Windows OS functions even when Freelance Operations is active, depending on system configuration and user permissions. Affected versions include Freelance through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai)) The vulnerability has a CVSS score of 6.6, indicating a medium severity level. While no active exploitation has been reported, organizations using the affected versions should assess their exposure and apply patches as recommended by ABB. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai))
2 days ago
Kill Chain
Siemens Discloses Critical Vulnerability in WinCC Certificate Manager
In June 2026, Siemens disclosed a vulnerability (CVE-2026-24349) in the WinCC Certificate Manager component of SIMATIC WinCC Unified PC Runtime versions 16 through 21 (prior to V21 Update 2). The flaw involves insufficient protection of cryptographic key material, potentially allowing attackers with local access to extract sensitive information. Siemens has released an update for version 21 and recommends upgrading to V21 Update 2 or later. For earlier versions, no fixes are planned, and users are advised to implement specific countermeasures. This incident underscores the critical importance of securing cryptographic key material, especially in industrial control systems. Organizations should prioritize updating affected systems and apply recommended mitigations to prevent potential exploitation.
2 days ago
Kill Chain
Critical Vulnerability in Schneider Electric's EasyLogic T150 and Saitel DP Devices
In May 2026, Schneider Electric disclosed a critical vulnerability (CVE-2026-6865) in its EasyLogic T150 and Saitel DP Remote Terminal Units (RTUs) and Controllers. This path traversal flaw allows unauthorized access to sensitive files, potentially compromising system integrity. Affected versions include EasyLogic T150 firmware up to 11.06.31 and Saitel DP firmware up to 11.06.36. Schneider Electric has released firmware updates to address this issue. This incident underscores the persistent risks in industrial control systems, especially within critical infrastructure sectors like energy and manufacturing. Organizations must prioritize timely patching and robust access controls to mitigate such vulnerabilities.
6 days ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's FactoryTalk Historian SE Threaten Industrial Control Systems
In June 2026, Rockwell Automation disclosed multiple vulnerabilities in its FactoryTalk Historian Site Edition (SE) software, specifically affecting versions up to 11.00. The most critical, CVE-2025-13036, is an authentication bypass issue where an attacker can obtain a valid authentication token by repeatedly sending requests to the login endpoint. Additionally, CVE-2025-44019 and CVE-2025-36539 involve uncaught exceptions that could allow authenticated users to crash essential subsystems, leading to denial of service and potential data loss. These vulnerabilities pose significant risks to industrial control systems relying on this software. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.SD1773.html?utm_source=openai)) The disclosure underscores the ongoing challenges in securing industrial control systems, highlighting the necessity for continuous monitoring and timely patching. Organizations must remain vigilant, as such vulnerabilities can be exploited to disrupt critical manufacturing operations, emphasizing the importance of robust cybersecurity practices in industrial environments.
6 days ago
Kill Chain
Critical Vulnerability in Mitsubishi Electric MELSEC iQ-F Series: CVE-2026-8805
In June 2026, Mitsubishi Electric disclosed a high-severity vulnerability (CVE-2026-8805) in its MELSEC iQ-F Series FX5-EIP EtherNet/IP Module. This flaw allows remote attackers to cause a denial-of-service (DoS) condition by rapidly establishing numerous TCP connections, leading to improper memory access and system instability. Affected versions include FX5-EIP up to and including version 1.000. ([mitsubishielectric.com](https://www.mitsubishielectric.com/fa/about-us/security/vulnerability/?utm_source=openai)) This incident underscores the critical importance of securing industrial control systems against network-based attacks. As cyber threats targeting operational technology (OT) environments increase, organizations must prioritize timely vulnerability management and implement robust network defenses to safeguard critical manufacturing processes.
6 days ago
Kill Chain
Critical DoS Vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Module (CVE-2026-1876)
In March 2026, Mitsubishi Electric disclosed a high-severity denial-of-service (DoS) vulnerability (CVE-2026-1876) in its MELSEC iQ-F Series FX5-ENET/IP Ethernet Module. This flaw allows remote attackers to render the device unresponsive by continuously sending UDP packets, necessitating a system reset for recovery. The vulnerability affects all versions of the FX5-ENET/IP module, posing significant risks to industrial control systems reliant on this equipment. The incident underscores the critical importance of securing industrial control systems against network-based attacks. As similar vulnerabilities continue to emerge, organizations must proactively implement robust network security measures, including firewalls and VPNs, to mitigate potential threats and ensure operational continuity.
6 days ago
Kill Chain
Critical Vulnerability in AzeoTech DAQFactory: CVE-2026-12390
In June 2026, a critical vulnerability (CVE-2026-12390) was identified in AzeoTech's DAQFactory software, versions 21.1 and prior. This Type Confusion flaw allows attackers to execute arbitrary code by tricking users into opening malicious .ctl files. The vulnerability poses significant risks to systems utilizing DAQFactory, potentially leading to unauthorized access and control. The disclosure underscores the ongoing challenges in securing industrial control systems, especially as attackers increasingly target such environments. Organizations are urged to apply recommended mitigations promptly to prevent exploitation and maintain operational integrity.
6 days ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's CompactLogix 5370 Controllers: Immediate Action Required
In June 2026, Rockwell Automation disclosed two critical vulnerabilities affecting its CompactLogix 5370 series controllers, specifically models L1, L2, and L3. The first vulnerability, CVE-2025-11694, involves improper validation of sequence numbers and source IP addresses in the CIP protocol, allowing attackers to exploit exposed Connection IDs to induce denial-of-service conditions. The second, CVE-2026-9307, pertains to the exposure of sensitive system information through the controller's web server, which reveals CIP Connection IDs to unauthenticated users, potentially leading to similar denial-of-service attacks. Both vulnerabilities have been addressed in firmware version V38.011, and users are strongly advised to update their systems accordingly. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.PN1025.html?utm_source=openai)) These vulnerabilities underscore the persistent risks in industrial control systems, particularly in critical manufacturing sectors. The disclosure highlights the necessity for continuous monitoring, timely patch management, and adherence to cybersecurity best practices to safeguard operational technology environments from potential disruptions.
1 week ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation FLEX I/O EtherNet/IP Adapters: CVE-2026-0646 and CVE-2026-0647
In June 2026, Rockwell Automation disclosed two critical vulnerabilities affecting their FLEX I/O EtherNet/IP Adapters, specifically models 1794-AENTR and 1794-AENTRXT version 2.012. The first vulnerability (CVE-2026-0646) involves improper memory handling of CIP protocol requests, leading to a denial-of-service condition that requires a manual reset. The second vulnerability (CVE-2026-0647) allows unauthenticated attackers to change the device's web interface password via a crafted HTTP GET request, potentially resulting in unauthorized access and account takeover. ([netstorage.rockwellautomation.com](https://netstorage.rockwellautomation.com/WebFiles/Resources/RAFirmware/1794-Products/1794-RN076G-EN-E.pdf?rwtoken=1778347671_97396ee2108d37e1ebe005d3b4e136a3&utm_source=openai)) These vulnerabilities are particularly concerning for critical manufacturing sectors, as exploitation could disrupt industrial operations and compromise system integrity. The increasing connectivity of industrial control systems heightens the risk of such vulnerabilities being exploited, emphasizing the need for timely updates and robust security measures.
1 week ago
Kill Chain
Critical Vulnerability in Rockwell Automation's FactoryTalk Analytics PavilionX: CVE-2025-14272
In June 2026, Rockwell Automation disclosed a critical vulnerability (CVE-2025-14272) in its FactoryTalk Analytics PavilionX software, versions prior to 7.01. This flaw arises from improper authorization enforcement in API endpoints, potentially allowing unauthorized actors to execute privileged operations, including user and role management. The vulnerability affects critical manufacturing sectors worldwide, with Rockwell Automation headquartered in the United States. To mitigate this risk, users are advised to update to version 7.01 or later. This incident underscores the persistent challenges in securing industrial control systems (ICS) and the importance of timely software updates. As cyber threats targeting ICS environments continue to evolve, organizations must remain vigilant and proactive in addressing vulnerabilities to safeguard operational integrity.
1 week ago
Kill Chain
Critical Vulnerability in Schneider Electric's EcoStruxure Panel Server Devices (CVE-2026-6866)
In May 2026, Schneider Electric disclosed a vulnerability (CVE-2026-6866) in its EcoStruxure Panel Server devices, including models PAS400, PAS600, PAS600V2, PAS800, and PAS800V2, running firmware versions 002.005.000 and prior. This flaw, identified as CWE-1188, allows device credentials to revert to factory defaults under rare conditions, potentially enabling unauthorized access to operational technology (OT) networks. The vulnerability poses a significant risk to critical infrastructure sectors such as energy, utilities, and manufacturing, as it could lead to unauthorized disclosure of sensitive information. Schneider Electric has released firmware version 002.006.000 to address this issue. Organizations are urged to apply this update promptly to mitigate potential security breaches. ([techjacksolutions.com](https://techjacksolutions.com/scc-intel/schneider-electric-ecostruxure-panel-server-credential-reset-flaw-exposes-ot-gateways-in-critical-infrastructure/?utm_source=openai)) The incident underscores the importance of maintaining up-to-date firmware and implementing robust access controls in OT environments. As cyber threats targeting industrial control systems continue to evolve, ensuring the security of gateway devices like the EcoStruxure Panel Server is crucial to prevent unauthorized access and protect critical infrastructure.
2 weeks ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports