CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  

• CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability
• CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.

While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. 

View CSAF

Summary

Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system.

The following versions of Daktronics Controller Firmware are affected:

• VFC-DMP-5000 <v8.117.x.x
• VFC-DMP-5000 <v9.43.x.x
• VFC-DMP-5000 <v10.34.x.x
• DMP-5000 <v10.34.x.x
• DMP-5000 <v8.117.x.x
• DMP-5000 <v9.43.x.x
• DMP-8000 <v10.34.x.x
• DMP-8000 <v8.117.x.x
• DMP-8000 <v9.43.x.x

Background

• Critical Infrastructure Sectors: Commercial Facilities, Information Technology, Emergency Services, Healthcare and Public Health
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Thomas Jou of Princeton University reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

The following versions of Delta Electronics DTM Soft are affected:

• DTMSoft vers:all/* 

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Taiwan

Vulnerabilities

Acknowledgments

• kimiya of TrendAI Zero Day Initiative reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link.

The following versions of OHIF Viewers DICOM are affected:

• OHIF DICOM Web Viewer Framework <=v3.12.0

Background

• Critical Infrastructure Sectors: Healthcare and Public Health
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Simon Weber and Volker Schönefeld of Machine Spirits UG reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.

The following versions of H.VIEW HV-500S6 IP Camera are affected:

• H.VIEW HV-500S6 IP Camera IPCAM_V4.06.88.251229 

Background

• Critical Infrastructure Sectors: Commercial Facilities
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: China

Vulnerabilities

Acknowledgments

• Fukuhara Rikuto of Smooth Inc. (CTO) and Hosei University reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths.

The following versions of pydicom pynetdicom Library are affected:

• pynetdicom >=v1.0.0|<v3.0.4

Background

• Critical Infrastructure Sectors: Healthcare and Public Health
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Simon Weber and Volker Schönefeld of Machine Spirits UG reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or loss of HMI operability and configuration functionality, which could result in loss of control over system operations and disruption of critical services.

The following versions of Schneider Electric PowerLogic P7 are affected:

• PowerLogic™ P7 vers:intdot/<=0.2.003.001.000
• PowerLogic™ P7 0.2.003.001.000 

Background

• Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: France

Vulnerabilities

Acknowledgments

• Schneider Electric CPCERT reported these vulnerabilities to CISA.
• Cytrics reported these vulnerabilities to Schneider Electric.

General Security Recommendations

We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.

For More Information

This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp

LEGAL DISCLAIMER

THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION

About Schneider Electric

At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment. We provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries. We are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values. www.se.com

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Schneider Electric CPCERT SEVD-2026-160-03 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric CPCERT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-06-09

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability may return a response containing the CI Server setting information.

The following versions of Yokogawa FAST/TOOLS and CI Server are affected:

• FAST/TOOLS >=R9.01|<=R10.04 
• Collaborative Information Server (CI Server) >=R1.01|<=R1.04

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Japan

Vulnerabilities

Acknowledgments

• Yokogawa reported this vulnerability to JPCERT/CC

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

The following versions of EVoke Systems Charging Station Management System are affected:

• EVoke CSMS vers:all/* 

Background

• Critical Infrastructure Sectors: Energy, Transportation Systems
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code.

The following versions of Horner Automation Cscape are affected:

• Cscape <10.2_SP3 

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Michael Heinzl reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

• Initial Release Date: 2026-06-25

Legal Notice and Terms of Use

Using SASE in a Modern TIC 3.0 Solution

CISA’s guidance, The Journey to Zero Trust – Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections (TIC) 3.0 initiative is helping agencies modernize the way their users connect to applications, data and services. While federal agencies are the target audience, any organization looking to modernize its perimeter-based architectures, advance zero trust adoption, and improve visibility and control across distributed environments will benefit from this guidance.

To learn more about ZT principles, visit Zero Trust.  

View CSAF

Summary

Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device.

The following versions of Hubbell Aclara Metrum Cellular Web Interface are affected:

• Aclara Metrum Cellular Web Interface

Background

• Critical Infrastructure Sectors: Energy
• Countries/Areas Deployed: United States
• Company Headquarters Location: United States

Vulnerabilities

Acknowledgments

• Abhirup Konwar reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

• Initial Release Date: 2026-06-23

Legal Notice and Terms of Use

View CSAF

Summary

OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens Products using OpenSSL are affected:

• AI Lightweight Inference Server vers:all/* (CVE-2025-15467)
• Connector for Azure vers:intdot/<1.8.0 (CVE-2025-15467)
• Databus vers:intdot/<3.3.2 (CVE-2025-15467)
• HiMed Cockpit vers:all/* (CVE-2025-15467)
• RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:all/* (CVE-2025-15467)
• RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) vers:all/* (CVE-2025-15467)
• SCALANCE LPE9403 (6GK5998-3GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE LPE9413 (6GK5998-3GS01-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE LPE9433 (6GK5998-3GS11-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE M804PB (6GK5804-0AP00-2AA2) vers:all/* (CVE-2025-15467)
• SCALANCE M812-1 ADSL-Router family vers:all/* (CVE-2025-15467)
• SCALANCE M816-1 ADSL-Router family vers:all/* (CVE-2025-15467)
• SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) vers:all/* (CVE-2025-15467)
• SCALANCE M874-2 (6GK5874-2AA00-2AA2) vers:all/* (CVE-2025-15467)
• SCALANCE M874-3 (6GK5874-3AA00-2AA2) vers:all/* (CVE-2025-15467)
• SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) vers:all/* (CVE-2025-15467)
• SCALANCE M876-3 (6GK5876-3AA02-2BA2) vers:all/* (CVE-2025-15467)
• SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) vers:all/* (CVE-2025-15467)
• SCALANCE M876-4 (6GK5876-4AA10-2BA2) vers:all/* (CVE-2025-15467)
• SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) vers:all/* (CVE-2025-15467)
• SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) vers:all/* (CVE-2025-15467)
• SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) vers:all/* (CVE-2025-15467)
• SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) vers:all/* (CVE-2025-15467)
• SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) vers:all/* (CVE-2025-15467)
• SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) vers:all/* (CVE-2025-15467)
• SCALANCE SC622-2C (6GK5622-2GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE SC626-2C (6GK5626-2GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE SC632-2C (6GK5632-2GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE SC636-2C (6GK5636-2GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE SC642-2C (6GK5642-2GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE SC646-2C (6GK5646-2GS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) vers:all/* (CVE-2025-15467)
• SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) vers:all/* (CVE-2025-15467)
• SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) vers:all/* (CVE-2025-15467)
• SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) vers:all/* (CVE-2025-15467)
• SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) vers:all/* (CVE-2025-15467)
• SCALANCE XC316-8 (6GK5324-8TS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE XC324-4 (6GK5328-4TS00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) vers:all/* (CVE-2025-15467)
• SCALANCE XC332 (6GK5332-0GA00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE XC416-8 (6GK5424-8TR00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE XC424-4 (6GK5428-4TR00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE XC432 (6GK5432-0GR00-2AC2) vers:all/* (CVE-2025-15467)
• SCALANCE XR302-32 (6GK5334-5TS00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR302-32 (6GK5334-5TS00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR302-32 (6GK5334-5TS00-4AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR322-12 (6GK5334-3TS00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR322-12 (6GK5334-3TS00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR322-12 (6GK5334-3TS00-4AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR326-8 (6GK5334-2TS00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR326-8 (6GK5334-2TS00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR326-8 (6GK5334-2TS00-4AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) vers:all/* (CVE-2025-15467)
• SCALANCE XR502-32 (6GK5534-5TR00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR502-32 (6GK5534-5TR00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR502-32 (6GK5534-5TR00-4AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR522-12 (6GK5534-3TR00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR522-12 (6GK5534-3TR00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR522-12 (6GK5534-3TR00-4AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR524-8WG (6GK5532-2SR00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR524-8WG (6GK5532-2SR00-2RR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR524-8WG (6GK5532-2SR00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR524-8WG (6GK5532-2SR00-3RR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR526-8 (6GK5534-2TR00-2AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR526-8 (6GK5534-2TR00-3AR3) vers:all/* (CVE-2025-15467)
• SCALANCE XR526-8 (6GK5534-2TR00-4AR3) vers:all/* (CVE-2025-15467)
• Shopfloor IT Suite vers:all/* (CVE-2025-15467)
• SIDIS Prime vers:intdot/>=4.0.700 (CVE-2025-15467)
• Siemens OPC UA Modelling Editor (SiOME) vers:all/* (CVE-2025-15467)
• SIMATIC Comfort/Mobile RT vers:all/* (CVE-2025-15467)
• SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) vers:all/* (CVE-2025-15467)
• SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) vers:all/* (CVE-2025-15467)
• SIMATIC HMI Basic Panels vers:intdot/<17.0.9 (CVE-2025-15467)
• SIMATIC HMI Comfort Panels vers:intdot/<17.0.9 (CVE-2025-15467)
• SIMATIC HMI Mobile Panels vers:intdot/<17.0.9 (CVE-2025-15467)
• SIMATIC IOT2050 (6ES7647-0BA00-1YA2) vers:all/* (CVE-2025-15467)
• SIMATIC IPC BX-21A vers:all/* (CVE-2025-15467)
• SIMATIC IPC MD-57A vers:all/* (CVE-2025-15467)
• SIMATIC IPC ORCLA vers:all/* (CVE-2025-15467)
• SIMATIC PDM V9.3 vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-0DA00) vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-0DA10) vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-0DA20) vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-0DA30) vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-1EA10) vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-1EA20) vers:all/* (CVE-2025-15467)
• SIMATIC RTLS Locating Manager (6GT2780-1EA30) vers:all/* (CVE-2025-15467)
• SIMATIC STEP 7 V5 vers:intdot/<5.7.4 (CVE-2025-15467)
• SIMATIC Target vers:all/* (CVE-2025-15467)
• SIMATIC WinCC OA V3.19 vers:intdot/<3.19.024 (CVE-2025-15467)
• SIMATIC WinCC OA V3.20 vers:intdot/<3.20.012 (CVE-2025-15467)
• SIMATIC WinCC OA V3.21 vers:intdot/<3.21.02 (CVE-2025-15467)
• SIMATIC WinCC Runtime Advanced V17 vers:intdot/<17.0.9 (CVE-2025-15467)
• SIMATIC WinCC Unified Sequence vers:intdot/<21 (CVE-2025-15467)
• SIMATIC WinCC V7.5 vers:all/* (CVE-2025-15467)
• SIMATIC WinCC V8.0 vers:all/* (CVE-2025-15467)
• SIMATIC WinCC V8.1 vers:all/* (CVE-2025-15467)
• SIMOTION OACAMGEN (6AU1820-3EA20-0AB0) vers:all/* (CVE-2025-15467)
• SIMOVE Fleetmanager V3.1 vers:all/* (CVE-2025-15467)
• SIMOVE Fleetmanager V3.2 vers:all/* (CVE-2025-15467)
• SIMOVE Fleetmanager V3.3 vers:all/* (CVE-2025-15467)
• SINAMICS G200 vers:intdot/>=6.3 (CVE-2025-15467)
• SINAMICS G220 vers:intdot/>=6.3 (CVE-2025-15467)
• SINAMICS S200 vers:intdot/>=6.3 (CVE-2025-15467)
• SINAMICS S210 vers:intdot/>=6.3 (CVE-2025-15467)
• SINAMICS S220 vers:intdot/>=6.3 (CVE-2025-15467)
• SINEC INS vers:intdot/<1.0.2.5 (CVE-2025-15467)
• SINEC NMS vers:all/* (CVE-2025-15467)
• SINEC Security Monitor vers:all/* (CVE-2025-15467)
• SINUMERIK Access MyMachine /OPC UA vers:all/* (CVE-2025-15467)
• SIPLANT vers:all/* (CVE-2025-15467)
• SITRANS ASM IQ vers:all/* (CVE-2025-15467)
• SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ) vers:all/* (CVE-2025-15467)
• User Management Component (UMC) vers:intdot/<2.15.3.0 (CVE-2025-15467)
• Visual Inspection Cockpit vers:all/* (CVE-2025-15467)

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Germany

Vulnerabilities

Acknowledgments

• Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-434797 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-06-09

Legal Notice and Terms of Use

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  

• CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability
• CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability
• CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability
• CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.

While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. 

View CSAF

Summary

WinCC Certificate Manager insufficiently protects key material that could allow an attacker to extract sensitive information. Siemens has released a new version for SIMATIC WinCC Unified PC Runtime V21 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens WinCC Certificate Manager are affected:

• SIMATIC WinCC Unified PC Runtime V16 vers:all/* 
• SIMATIC WinCC Unified PC Runtime V17 vers:all/* 
• SIMATIC WinCC Unified PC Runtime V18 vers:all/* 
• SIMATIC WinCC Unified PC Runtime V19 vers:all/* 
• SIMATIC WinCC Unified PC Runtime V20 vers:all/* 
• SIMATIC WinCC Unified PC Runtime V21 vers:intdot/<21.0.2

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Germany

Vulnerabilities

Acknowledgments

• Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-063511 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-06-09

Legal Notice and Terms of Use

View CSAF

Summary

Successful exploitation of this vulnerability could allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions.

The following versions of ABB Freelance Security Lock are affected:

• ABB System Version (<=Freelance 2013) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2013 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2016) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2016 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2019) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2019 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2019 SP1 FP1) installed with ABB Freelance Security Lock(All versions) vers:all/* 
• ABB System Version (Freelance 2024) installed with ABB Freelance Security Lock(All versions) vers:all/* 

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Switzerland

Vulnerabilities

Acknowledgments

• Gergely Regweld Szini reported this vulnerability to ABB

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

• Initial Release Date: 2026-06-10

Legal Notice and Terms of Use

View CSAF

Summary

SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens SIPROTEC 5 Using DIGSI5 Protocol are affected:

• SIPROTEC 5 6MD84 (CP300) vers:all/* 
• SIPROTEC 5 6MD85 (CP200) vers:all/* 
• SIPROTEC 5 6MD85 (CP300) vers:all/* 
• SIPROTEC 5 6MD86 (CP200) vers:all/*
• SIPROTEC 5 6MD86 (CP300) vers:all/*
• SIPROTEC 5 6MD89 (CP300) vers:all/*
• SIPROTEC 5 6MU85 (CP300) vers:all/*
• SIPROTEC 5 7KE85 (CP200) vers:all/*
• SIPROTEC 5 7KE85 (CP300) vers:all/*
• SIPROTEC 5 7SA82 (CP100) vers:all/*
• SIPROTEC 5 7SA82 (CP150) vers:all/*
• SIPROTEC 5 7SA86 (CP200) vers:all/* 
• SIPROTEC 5 7SA86 (CP300) vers:all/* 
• SIPROTEC 5 7SA87 (CP200) vers:all/* 
• SIPROTEC 5 7SA87 (CP300) vers:all/* 
• SIPROTEC 5 7SD82 (CP100) vers:all/* 
• SIPROTEC 5 7SD82 (CP150) vers:all/* 
• SIPROTEC 5 7SD86 (CP200) vers:all/* 
• SIPROTEC 5 7SD86 (CP300) vers:all/* 
• SIPROTEC 5 7SD87 (CP200) vers:all/* 
• SIPROTEC 5 7SD87 (CP300) vers:all/* 
• SIPROTEC 5 7SJ81 (CP100) vers:all/* 
• SIPROTEC 5 7SJ81 (CP150) vers:all/* 
• SIPROTEC 5 7SJ82 (CP100) vers:all/* 
• SIPROTEC 5 7SJ82 (CP150) vers:all/* 
• SIPROTEC 5 7SJ85 (CP200) vers:all/* 
• SIPROTEC 5 7SJ85 (CP300) vers:all/* 
• SIPROTEC 5 7SJ86 (CP200) vers:all/* 
• SIPROTEC 5 7SJ86 (CP300) vers:all/* 
• SIPROTEC 5 7SK82 (CP100) vers:all/* 
• SIPROTEC 5 7SK82 (CP150) vers:all/* 
• SIPROTEC 5 7SK85 (CP200) vers:all/* 
• SIPROTEC 5 7SK85 (CP300) vers:all/* 
• SIPROTEC 5 7SL82 (CP100) vers:all/* 
• SIPROTEC 5 7SL82 (CP150) vers:all/*
• SIPROTEC 5 7SL86 (CP200) vers:all/* 
• SIPROTEC 5 7SL86 (CP300) vers:all/* 
• SIPROTEC 5 7SL87 (CP200) vers:all/* 
• SIPROTEC 5 7SL87 (CP300) vers:all/* 
• SIPROTEC 5 7SS85 (CP200) vers:all/* 
• SIPROTEC 5 7SS85 (CP300) vers:all/* 
• SIPROTEC 5 7ST85 (CP200) vers:all/* 
• SIPROTEC 5 7ST85 (CP300) vers:all/* 
• SIPROTEC 5 7ST86 (CP300) vers:all/* 
• SIPROTEC 5 7SX82 (CP150) vers:all/*
• SIPROTEC 5 7SX85 (CP300) vers:all/* 
• SIPROTEC 5 7SY82 (CP150) vers:all/* 
• SIPROTEC 5 7UM85 (CP300) vers:all/* 
• SIPROTEC 5 7UT82 (CP100) vers:all/* 
• SIPROTEC 5 7UT82 (CP150) vers:all/* 
• SIPROTEC 5 7UT85 (CP200) vers:all/* 
• SIPROTEC 5 7UT85 (CP300) vers:all/* 
• SIPROTEC 5 7UT86 (CP200) vers:all/* 
• SIPROTEC 5 7UT86 (CP300) vers:all/* 
• SIPROTEC 5 7UT87 (CP200) vers:all/* 
• SIPROTEC 5 7UT87 (CP300) vers:all/* 
• SIPROTEC 5 7VE85 (CP300) vers:all/* 
• SIPROTEC 5 7VK87 (CP200) vers:all/* 
• SIPROTEC 5 7VK87 (CP300) vers:all/* 
• SIPROTEC 5 7VU85 (CP300) vers:all/* 
• SIPROTEC 5 Compact 7SX800 (CP050) vers:all/*

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Germany

Vulnerabilities

Acknowledgments

• Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines can be found at: https://www.siemens.com/gridsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-139483 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-06-09

Legal Notice and Terms of Use

View CSAF

Summary

SINEC INS before V1.0 SP2 Update 6 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC INS and recommends to update to the latest version.

The following versions of Siemens SINEC INS are affected:

• SINEC INS vers:intdot/<1.0.2.6 

Background

• Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Germany

Vulnerabilities

Acknowledgments

• Siemens ProductCERT reported these vulnerabilities to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-860189 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-06-09

Legal Notice and Terms of Use

View CSAF

Summary

B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products.

The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected:

• Linux for B&R <=12 
• APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602
• X20EDS410 /all 

Background

• Critical Infrastructure Sectors: Critical Manufacturing
• Countries/Areas Deployed: Worldwide
• Company Headquarters Location: Switzerland

Vulnerabilities

Acknowledgments

• ABB PSIRT reported these vulnerabilities to CISA.

Notice

The information in this document is subject to change without notice, and should not be construed as a commitment by B&R. B&R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B&R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B&R or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from B&R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

Frequently asked questions

What causes the vulnerabilities? - The vulnerabilities are caused by a vulnerable Linux Kernel component. What might an attacker use the vulnerability to do? - An authenticated attacker with low privileges may elevate privileges to root. Could the vulnerabilities be exploited remotely? - Yes, an attacker with privileges to login in a vulnerable system node could exploit these vulnerabilities. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. When this security advisory was issued, had B&R received any reports that these vulnerabilities were being exploited? - B&R is aware of reports indicating that these vulnerabilities had been exploited at the time this security advisory was originally issued; however, no exploitation has been observed in B&R products.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of ABB PSIRT SA26P010 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.

Revision History

• Initial Release Date: 2026-06-11

Legal Notice and Terms of Use

Update June 22, 2026:
CISA has updated this Alert to incorporate the link to Fortinet’s recent guidance on this activity. 

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.  

To defend against this malicious cyber activity, CISA urges impacted Fortinet customers with FortiGate appliances and associated secure sockets layer (SSL) VPN gateways to immediately:

1. Terminate sessions and reset credentials. Terminate all active SSL VPN and administrative sessions. Reset all Fortinet VPN and administrative passwords, especially on internet-facing systems, and enforce strong password policies.
2. Ensure secure credential storage. Confirm your organization’s use of the Password-Based Key Derivation Function 2 (PBKDF2) algorithm to store administrator credentials and remove weaker legacy hashes per Fortinet’s guidance (see, Fortinet's Technical Tip: Enforcing PBKDF2 as hash function for administrator accounts in FortiOS v7.2.11 and later).  
3. Review logs. Review firewall, VPN, authentication, and domain controller logs for lateral movement, unusual access, suspicious accounts, or unauthorized configuration changes.
4. Enable phishing-resistant multifactor authentication (MFA). Require phishing-resistant MFA on all remote access and administrative accounts and ensure it is enforced on all external gateways and administrative interfaces.
5. Reduce the attack surface and lock down management access. Ensure the administration of your firewall is inaccessible from the public internet; restrict Fortinet management interfaces to trusted internal networks; and remove or disable any unauthorized or unnecessary accounts.

See the following resources to determine your organization’s potential impact and find additional guidance on the credentials compromised:

• Tech Times: Fortinet FortiGate Credential Leak Hits 73,932 Firewalls: Half the Internet-Facing Fleet  
• SOCRadar: FortiBleed: The Compromise of 80,000+ Fortinet Firewalls
• Hudson Rock: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure
• Arctic Wolf: Active FortiBleed Campaign Impacting Fortinet Devices Across 194 Countries
• Fortinet: Attacks at the Speed of AI
• Fortinet: Analysis of Reported Credential Compromise of FortiGate Devices

Disclaimer

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.