✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Oil/Energy/Solar/Greentech
Breach intelligence, attack campaigns, and threat reports targeting the Oil/Energy/Solar/Greentech sector.
Explore Other Sectors
Oil/Energy/Solar/Greentech Threat Reports
Critical Vulnerabilities in Siemens SINEC INS: Immediate Action Required
In June 2026, Siemens disclosed multiple vulnerabilities in its SINEC INS software, versions prior to V1.0 SP2 Update 6. These vulnerabilities include improper input sanitization leading to OS command injection (CVE-2026-46746), path traversal (CVE-2026-46747), execution with unnecessary privileges (CVE-2026-46748), and the use of a one-way hash with a predictable salt (CVE-2026-46749). Exploitation of these flaws could allow attackers to execute arbitrary commands, access unintended file system locations, escalate privileges, and recover user passwords, potentially resulting in unauthorized access and control over affected systems. The disclosure underscores the critical importance of timely software updates and robust security practices in industrial control systems. Organizations utilizing SINEC INS are urged to upgrade to V1.0 SP2 Update 6 or later to mitigate these risks. This incident highlights the ongoing challenges in securing industrial networks against evolving cyber threats.
2 days ago
Kill Chain
Critical Vulnerability in Hubbell Aclara Metrum Cellular Web Interface (CVE-2026-1840)
In June 2026, a critical vulnerability (CVE-2026-1840) was identified in the Hubbell Aclara Metrum Cellular Web Interface, affecting versions prior to v2.1.0.105. This flaw allows unauthorized access to critical system functions due to missing authentication controls, enabling attackers to alter device configurations and disrupt operations, potentially leading to loss of communications. The vulnerability poses significant risks to the energy sector, particularly in the United States, where these devices are widely deployed. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-1740?utm_source=openai)) The incident underscores the importance of robust authentication mechanisms in industrial control systems. With increasing cyber threats targeting critical infrastructure, organizations must prioritize timely firmware updates and implement comprehensive security measures to mitigate such vulnerabilities.
2 days ago
Kill Chain
ABB Freelance Security Lock Vulnerability CVE-2025-7064
In June 2026, a vulnerability identified as CVE-2025-7064 was disclosed in ABB's Freelance Security Lock software. This authentication bypass flaw allows attackers to access underlying Windows OS functions even when Freelance Operations is active, depending on system configuration and user permissions. Affected versions include Freelance through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai)) The vulnerability has a CVSS score of 6.6, indicating a medium severity level. While no active exploitation has been reported, organizations using the affected versions should assess their exposure and apply patches as recommended by ABB. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai))
2 days ago
Kill Chain
Siemens Discloses Critical Vulnerability in WinCC Certificate Manager
In June 2026, Siemens disclosed a vulnerability (CVE-2026-24349) in the WinCC Certificate Manager component of SIMATIC WinCC Unified PC Runtime versions 16 through 21 (prior to V21 Update 2). The flaw involves insufficient protection of cryptographic key material, potentially allowing attackers with local access to extract sensitive information. Siemens has released an update for version 21 and recommends upgrading to V21 Update 2 or later. For earlier versions, no fixes are planned, and users are advised to implement specific countermeasures. This incident underscores the critical importance of securing cryptographic key material, especially in industrial control systems. Organizations should prioritize updating affected systems and apply recommended mitigations to prevent potential exploitation.
2 days ago
Kill Chain
Siemens SIPROTEC 5 Vulnerability Exposes Critical Infrastructure to Potential Attacks
In June 2026, Siemens disclosed a vulnerability (CVE-2025-40808) in its SIPROTEC 5 devices, which are critical components in energy and industrial sectors. The flaw allows authenticated users to upload arbitrary files via the DIGSI 5 protocol, potentially leading to denial-of-service conditions or remote code execution. Siemens has released firmware updates to address this issue and recommends users upgrade to the latest versions to mitigate the risk. This incident underscores the importance of securing industrial control systems against authenticated insider threats. As cyberattacks targeting critical infrastructure become more sophisticated, organizations must prioritize timely patching and robust access controls to safeguard operational technology environments.
2 days ago
Kill Chain
Critical Vulnerability in Schneider Electric's EasyLogic T150 and Saitel DP Devices
In May 2026, Schneider Electric disclosed a critical vulnerability (CVE-2026-6865) in its EasyLogic T150 and Saitel DP Remote Terminal Units (RTUs) and Controllers. This path traversal flaw allows unauthorized access to sensitive files, potentially compromising system integrity. Affected versions include EasyLogic T150 firmware up to 11.06.31 and Saitel DP firmware up to 11.06.36. Schneider Electric has released firmware updates to address this issue. This incident underscores the persistent risks in industrial control systems, especially within critical infrastructure sectors like energy and manufacturing. Organizations must prioritize timely patching and robust access controls to mitigate such vulnerabilities.
6 days ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's FactoryTalk Historian SE Threaten Industrial Control Systems
In June 2026, Rockwell Automation disclosed multiple vulnerabilities in its FactoryTalk Historian Site Edition (SE) software, specifically affecting versions up to 11.00. The most critical, CVE-2025-13036, is an authentication bypass issue where an attacker can obtain a valid authentication token by repeatedly sending requests to the login endpoint. Additionally, CVE-2025-44019 and CVE-2025-36539 involve uncaught exceptions that could allow authenticated users to crash essential subsystems, leading to denial of service and potential data loss. These vulnerabilities pose significant risks to industrial control systems relying on this software. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.SD1773.html?utm_source=openai)) The disclosure underscores the ongoing challenges in securing industrial control systems, highlighting the necessity for continuous monitoring and timely patching. Organizations must remain vigilant, as such vulnerabilities can be exploited to disrupt critical manufacturing operations, emphasizing the importance of robust cybersecurity practices in industrial environments.
6 days ago
Kill Chain
Critical Vulnerability in Mitsubishi Electric MELSEC iQ-F Series: CVE-2026-8805
In June 2026, Mitsubishi Electric disclosed a high-severity vulnerability (CVE-2026-8805) in its MELSEC iQ-F Series FX5-EIP EtherNet/IP Module. This flaw allows remote attackers to cause a denial-of-service (DoS) condition by rapidly establishing numerous TCP connections, leading to improper memory access and system instability. Affected versions include FX5-EIP up to and including version 1.000. ([mitsubishielectric.com](https://www.mitsubishielectric.com/fa/about-us/security/vulnerability/?utm_source=openai)) This incident underscores the critical importance of securing industrial control systems against network-based attacks. As cyber threats targeting operational technology (OT) environments increase, organizations must prioritize timely vulnerability management and implement robust network defenses to safeguard critical manufacturing processes.
6 days ago
Kill Chain
Critical Vulnerability in AzeoTech DAQFactory: CVE-2026-12390
In June 2026, a critical vulnerability (CVE-2026-12390) was identified in AzeoTech's DAQFactory software, versions 21.1 and prior. This Type Confusion flaw allows attackers to execute arbitrary code by tricking users into opening malicious .ctl files. The vulnerability poses significant risks to systems utilizing DAQFactory, potentially leading to unauthorized access and control. The disclosure underscores the ongoing challenges in securing industrial control systems, especially as attackers increasingly target such environments. Organizations are urged to apply recommended mitigations promptly to prevent exploitation and maintain operational integrity.
6 days ago
Kill Chain
Gentlemen Ransomware's Advanced EDR Killers: A 2026 Threat Analysis
In June 2026, the Gentlemen ransomware-as-a-service (RaaS) operation was observed actively developing and deploying a suite of endpoint detection and response (EDR) killer tools to evade detection during attacks. The primary tool, dubbed 'GentleKiller,' has at least eight variants that impersonate legitimate security products such as Kaspersky, Valorant, Javelin, and WatchDog. These tools utilize the 'bring your own vulnerable driver' (BYOVD) technique to gain kernel-level privileges and disable security processes, targeting over 400 processes associated with approximately 48 security vendors, including Microsoft, CrowdStrike, and SentinelOne. The binaries are protected using commercial packers like Enigma and Themida, and some variants employ stolen digital signatures to further obfuscate their malicious activities. This development underscores a growing trend among ransomware operators to enhance their evasion capabilities by systematically disabling security defenses, thereby increasing the success rate of their attacks. Organizations must remain vigilant and adopt comprehensive security measures to detect and mitigate such sophisticated threats.
1 week ago
Kill Chain
NetSPI's Social Engineering Assessment: Reporter Impersonation Phishing Attack
In a recent social engineering assessment, NetSPI's team simulated a targeted phishing attack against a client's executive leadership. By impersonating a journalist inquiring about alleged environmental violations, the team crafted a compelling pretext that led an executive to engage with a malicious link. This engagement not only compromised the executive but also extended to external contractors, highlighting the cascading risks of such attacks. The incident underscores the effectiveness of sophisticated social engineering tactics in bypassing traditional security measures and the critical need for comprehensive employee training and clear protocols for handling unsolicited inquiries. As social engineering attacks become increasingly sophisticated, organizations must prioritize regular security awareness training and establish clear procedures for verifying external communications to mitigate the risk of such breaches.
1 week ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's CompactLogix 5370 Controllers: Immediate Action Required
In June 2026, Rockwell Automation disclosed two critical vulnerabilities affecting its CompactLogix 5370 series controllers, specifically models L1, L2, and L3. The first vulnerability, CVE-2025-11694, involves improper validation of sequence numbers and source IP addresses in the CIP protocol, allowing attackers to exploit exposed Connection IDs to induce denial-of-service conditions. The second, CVE-2026-9307, pertains to the exposure of sensitive system information through the controller's web server, which reveals CIP Connection IDs to unauthenticated users, potentially leading to similar denial-of-service attacks. Both vulnerabilities have been addressed in firmware version V38.011, and users are strongly advised to update their systems accordingly. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.PN1025.html?utm_source=openai)) These vulnerabilities underscore the persistent risks in industrial control systems, particularly in critical manufacturing sectors. The disclosure highlights the necessity for continuous monitoring, timely patch management, and adherence to cybersecurity best practices to safeguard operational technology environments from potential disruptions.
1 week ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports