Advisory Database
Active Advisories
63 records — sorted by date — OT/ICS threat intelligence
CVE / ID Advisory Sectors Date
Vuln Analysis
FrostyGoop: The ICS Malware That Weaponised Modbus TCP Against Energy Infrastructure FrostyGoop (BUSTLEBERM) is the first publicly documented ICS-specific malware to directly communicate with industrial devices via Modbus TCP. Its January 2024 deployment against a Ukrainian district heating company — disrupting heat for 600 buildings in winter — demonstrates the operational impact of OT-native attack tools.
⚡ energy🔩 critical-infrastructure
Jul 10, 2026 Advisory GhostLock CVE-2026-43499: Advisory for OT Environments Running Linux-Based Historian and SCADA Systems The GhostLock Linux kernel vulnerability (CVE-2026-43499) enables local privilege escalation to root in approximately five seconds with 97% reliability. OT environments running Linux-based historian servers, OPC-UA gateways, and SCADA platforms are directly affected. Patching and mitigation guidance for industrial operators.
⚡ energy⚙️ manufacturing
Jul 9, 2026 Sector Briefing Maritime Port and Shipping OT Cybersecurity: IMO Compliance and Sector Threats 2026 Cyberattacks targeting maritime infrastructure surged 103% in 2025. This briefing covers port OT architecture, threat actors, attack vectors against vessel control systems and terminal management, and the IMO and IACS regulatory requirements now in force.
🚂 transport🔩 critical-infrastructure
Jul 8, 2026 Vuln Analysis IEC 61850 Substation Automation Security: Attack Surface and Hardening for Power Grid Operators IEC 61850 is the dominant protocol for digital substation automation — and it was designed for operational reliability, not security. GOOSE messages carry no authentication. MMS sessions use optional TLS that most deployments skip. This analysis covers the threat model and practical hardening for utilities and grid operators.
⚡ energy🔩 critical-infrastructure
Jul 7, 2026 Sector Briefing Food and Agriculture OT Security: Ransomware, Nation-State Threats, and Sector Gaps The food and agriculture sector operates industrial control systems that control everything from irrigation and precision planting to meat processing lines and cold storage logistics. Ransomware impact on JBS and the ongoing Russia-affiliated targeting documented by Food and Ag-ISAC make this the critical infrastructure sector least prepared for the threats it faces.
🏭 food-agriculture
Jul 6, 2026 Vuln Analysis ABB PCM600 ICSA-26-120-02: Arbitrary Code Execution via Malicious Messages in Protection Relay Configuration CISA advisory ICSA-26-120-02 documents a critical code execution vulnerability in ABB's PCM600 Protection and Control IED Manager, exploitable via malicious message processing through a vulnerable SharpZip.dll component. The tool is widely deployed for configuring protection relays in energy and critical manufacturing. No authentication is required for exploitation.
⚡ energy🏭 critical-manufacturing
Jul 5, 2026 Vuln Analysis Modbus Protocol Security: Attack Surface, Exploitation, and OT Network Hardening Modbus is the most widely deployed industrial protocol in the world — and one of the least secure. This guide covers the Modbus attack surface, documented exploitation techniques used against OT environments, and practical hardening measures for energy, water, and manufacturing defenders.
⚡ energy💧 water
Jul 4, 2026 CVE-2026-13207 ICSA-26-181-02: FUXA SCADA CVE-2026-13207 -- Path Traversal to Unauthenticated RCE ICS-CERT advisory ICSA-26-181-02 covers a dot-segment path normalization bypass in FUXA open-source SCADA software that allows unauthenticated remote code execution. CVSS v4 score 8.6. Deployments in water, energy, and manufacturing are exposed.
🏭 water-wastewater⚡ energy
Jul 3, 2026 Sector Briefing Data Center OT Security: BMS, EPMS, and Cooling System Vulnerabilities AI infrastructure buildout has made data centers a critical OT environment that receives less security scrutiny than industrial facilities. Building Management Systems, Electrical Power Management Systems, and cooling controllers run on the same unpatched, internet-exposed architectures as manufacturing OT — with similar consequences when compromised.
🔩 critical-infrastructure🏭 data-centers
Jul 2, 2026 Sector Briefing Manufacturing Execution Systems Security: Protecting the Overlooked Bridge Between IT and OT Manufacturing Execution Systems sit at the boundary between enterprise IT and production floor OT, connecting SAP/ERP business systems to SCADA and PLC networks. They are routinely overlooked in OT security programs despite being a primary lateral movement path between the two domains. This guide covers the MES attack surface and practical security controls.
⚙️ manufacturing
Jul 1, 2026 Threat Report Chemical Sector OT Security: Safety Systems, Process Control, and Attack Paths in High-Consequence Environments The chemical sector operates Safety Instrumented Systems alongside distributed control networks in environments where a cyber-physical incident can cause mass casualties. Triton/TRISIS set the benchmark for targeted SIS attacks in 2017; the threat has evolved but the fundamental exposure remains. This briefing covers the chemical sector OT threat landscape, SIS attack paths, and applicable compliance frameworks.
🏭 chemical🔩 critical-infrastructure
Jun 30, 2026 Threat Report OT Incident Response: The First 48 Hours When a cyber incident hits an operational technology environment, the first 48 hours determine whether a brief outage becomes a prolonged shutdown. This playbook covers the critical decisions, sequencing, and OT-specific considerations that IR teams need to get right from the first alert.
🔩 critical-infrastructure⚙️ manufacturing
Jun 29, 2026 Vuln Analysis Emerson DeltaV DCS: Authentication Gaps, CISA Advisories, and Zero Trust Remediation Emerson DeltaV is one of the most widely deployed distributed control systems in oil and gas, pharmaceutical, and chemical manufacturing. Legacy DeltaV communication protocols lack authentication, and multiple CISA advisories document workstation-level vulnerabilities. Here's the current security posture and what operators should do.
⛽ oil-gas🏭 pharmaceutical
Jun 28, 2026 Vuln Analysis Siemens S7comm Protocol: Attack Surface, Unauthenticated Access, and OT Network Detection S7comm is Siemens' proprietary PLC communication protocol. Legacy S7comm lacks authentication and encryption, enabling unauthenticated read/write access to process data and PLC control commands. This guide covers the attack surface, documented exploit techniques, and detection approaches for OT defenders.
⚙️ manufacturing⚡ energy
Jun 27, 2026 Advisory CISA June 2026 ICS Advisories: Siemens WinCC and Rockwell RSLinx RCE CISA released a batch of 10 ICS advisories on June 23, 2026, including critical vulnerabilities in Siemens WinCC Certificate Manager and SIPROTEC 5. Separately, ICSA-26-167-02 documents an unauthenticated stack-based buffer overflow in Rockwell Automation RSLinx Classic enabling remote code execution.
⚙️ manufacturing⚡ energy
Jun 26, 2026 Sector Briefing EV Charging Infrastructure Cybersecurity: OCPP Vulnerabilities, Grid Attack Surfaces, and Operator Obligations The rapid buildout of EV charging infrastructure has created a new OT attack surface at the intersection of transportation, energy, and consumer technology. This briefing covers OCPP protocol vulnerabilities, documented attack incidents, the grid stability risk from coordinated charging manipulation, and what operators need to implement to meet emerging regulatory standards.
⚡ energy🚂 transportation
Jun 25, 2026 Vuln Analysis EtherNet/IP and CIP Security: Attack Surface, Vulnerabilities, and Hardening EtherNet/IP is the dominant industrial Ethernet protocol in North American manufacturing, used in Allen-Bradley PLCs, robotics, and drive systems. This analysis covers the CIP protocol attack surface, known exploitation patterns, CIP Security extension adoption, and network hardening guidance.
⚙️ manufacturing⚡ energy
Jun 24, 2026 Sector Briefing OT Security in Pharmaceutical Manufacturing: Protecting GMP-Regulated SCADA and DCS Systems Pharmaceutical manufacturing operates process control systems under FDA 21 CFR Part 11 and EU GMP Annex 11 regulatory frameworks that constrain patching and change management. This sector briefing covers the pharma OT attack surface and how to implement compensating controls without triggering costly revalidation.
🏭 pharmaceutical⚙️ manufacturing
Jun 23, 2026 Advisory Securing OT Remote Access: VPN, ZTNA, and Jump Server Architecture for Industrial Networks Remote access to operational technology environments expanded dramatically during 2020-2022 and was never fully locked down. This guide covers the specific risks of each remote access pattern — vendor VPNs, site VPNs, jump servers, and ZTNA — and the hardening steps that reduce the attack surface without breaking the maintenance workflows OT teams depend on.
⚡ energy⚙️ manufacturing
Jun 22, 2026 Threat Report PIPEDREAM and COSMICENERGY: The ICS Malware Frameworks Built for Grid Disruption PIPEDREAM (disclosed April 2022) and COSMICENERGY (May 2023) are the two most sophisticated ICS-targeting malware frameworks to emerge since TRITON. Both target industrial protocols used in power and energy infrastructure. This analysis covers their architecture, capabilities, and what they mean for defenders.
⚡ energy🏭 power
Jun 21, 2026 Sector Briefing Railway and Transport SCADA Cybersecurity: Attack Surfaces, Nation-State Threats, and TSA Directives Railway and mass transit systems operate a complex mix of operational technology — signalling, SCADA, ETCS, and passenger information systems — across environments that were designed for availability and safety, not cyber resilience. This briefing covers the attack surface, documented threat actor targeting, and current regulatory requirements under TSA's rail cybersecurity directives.
🚂 transport🔩 critical-infrastructure
Jun 20, 2026 Sector Briefing NERC CIP in 2026: Where Compliance Ends and Real OT Security Begins NERC CIP is the compliance baseline for US bulk electric system cybersecurity — not a security ceiling. This briefing examines where NERC CIP requirements leave real gaps: low-impact assets, supply chain enforcement, operational technology visibility, and the delta between checkbox compliance and defensible OT security posture.
⚡ energy🔩 critical-infrastructure
Jun 19, 2026 Sector Briefing Food and Agriculture OT Security: A Sector Facing Escalating Cyber Threats Ransomware disruptions to JBS, NEW Cooperative, Crystal Valley, and Dole demonstrated that food and agriculture OT is a material critical infrastructure target. As FDA traceability requirements add digital connectivity to previously isolated systems, the attack surface is expanding while security maturity lags.
🏭 food-agriculture🔩 critical-infrastructure
Jun 18, 2026 Sector Briefing Solar Inverter OT Security 2026: Solarman, Deye, and 195GW of Grid Attack Surface Bitdefender researchers disclosed critical vulnerabilities in Solarman and Deye solar inverter management platforms in 2024-2025, covering 195GW of installed capacity. OAuth token endpoint flaws, JWT reuse attacks, and hard-coded credentials created paths from the internet to grid-connected OT equipment. This article covers the vulnerability classes, the attack surface, and what energy sector operators need to assess.
⚡ energy🏭 utilities
Jun 17, 2026 Sector Briefing Healthcare IoMT and Medical Device Cybersecurity: FDA Requirements and the Current Threat Landscape Ransomware groups are actively targeting hospital networks via unpatched medical devices running legacy operating systems. This analysis covers the FDA's post-market cybersecurity framework, the IoMT attack surface, and practical segmentation approaches for healthcare OT environments.
🏥 healthcare
Jun 16, 2026 Sector Briefing Oil and Gas Pipeline Cybersecurity: TSA Directives, OT Threat Landscape, and Compliance Requirements in 2026 The TSA's pipeline cybersecurity directives have fundamentally changed the compliance environment for US pipeline operators. This analysis covers the directive requirements, the OT threat actors specifically targeting oil and gas infrastructure, and the technical controls that actually move the needle.
⚡ energy⛽ oil-gas
Jun 15, 2026 Vuln Analysis PROFINET Security: Attack Surface Analysis and Hardening for Industrial Ethernet Networks PROFINET is the dominant real-time industrial Ethernet protocol in European manufacturing and process automation, with over 70 million installed nodes worldwide. This guide covers PROFINET's attack surface, documented exploits, network segmentation requirements, and hardening controls for OT security practitioners.
⚙️ manufacturing⚡ energy
Jun 14, 2026 Advisory CISA ICS Advisory Roundup: Inductive Automation Ignition, ICONICS GENESIS64, and Mitsubishi Electric Vulnerabilities June 2026 CISA released nine ICS advisories in June 2026 covering critical and high-severity vulnerabilities in Inductive Automation Ignition, ICONICS/Mitsubishi GENESIS64, and Axis network cameras used in OT environments. This roundup covers the operational risk and remediation priorities.
⚙️ manufacturing⚡ energy
Jun 12, 2026 Vuln Analysis DNP3 Protocol Security: Authentication, Attack Vectors, and Hardening for Energy and Water Utilities DNP3 is the dominant SCADA communication protocol for energy and water utilities in North America. This guide covers its security architecture, known attack vectors, DNP3 Secure Authentication v5, and practical hardening for operational environments.
⚡ energy💧 water
Jun 12, 2026 Sector Briefing Ransomware in OT Environments: How Manufacturing and Energy Operators Are Being Hit in 2026 Ransomware groups are no longer stopping at IT systems. This sector briefing covers how operators in manufacturing, energy, and water treatment are being targeted in 2026 — the specific OT attack vectors, operational impact patterns, and the defensive controls that matter most.
⚡ energy⚙️ manufacturing
Jun 11, 2026 Advisory ICS Patch Tuesday June 2026: Critical Vulnerabilities in Siemens, Honeywell, and Mitsubishi Electric Products The June 2026 ICS Patch Tuesday cycle brings critical and high-severity advisories affecting Siemens industrial networks, Honeywell building and process control systems, and Mitsubishi Electric PLCs. OT security teams should prioritise triage and remediation planning for affected assets.
⚡ energy⚙️ manufacturing
Jun 10, 2026 Sector Briefing Building Automation System Security: BACnet, BMS Hardening, and the OT-IT Convergence Risk Building automation systems control HVAC, lighting, access control, and fire suppression across commercial and industrial facilities. As BAS deployments converge with IP networks, legacy protocols like BACnet and Modbus are now internet-adjacent — with predictable results for attack surface.
🏬 commercial-facilities🏥 healthcare
Jun 9, 2026 Advisory CISA Advisory: Automatic Tank Gauge Systems Under Active Attack — What OT Operators Need to Do Now CISA, FBI, NSA, and five other US federal agencies issued a joint advisory in June 2026 warning of active malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems across the energy, water, transportation, and critical infrastructure sectors. Attackers are exploiting authentication bypass and command execution flaws to modify pump controls and disable safety alerts.
⚡ energy💧 water
Jun 8, 2026 Sector Briefing Maritime OT Security 2026: ECDIS Vulnerabilities, AIS Spoofing, and the Threat to Port Systems Maritime operational technology spans navigation systems, ship management platforms, and port infrastructure — all increasingly networked, poorly patched, and targeted by both state and criminal actors. This sector briefing covers the current maritime threat landscape, key vulnerability classes in ECDIS and AIS, GPS/GNSS spoofing in contested regions, and the IMO and DNV frameworks guiding the sector's security response.
⚓ maritime🚂 transport
Jun 7, 2026 Vuln Analysis OPC UA Security: Attack Surface Analysis and Hardening Recommendations for Industrial Environments OPC Unified Architecture has become the dominant interoperability standard for industrial communication — and a consistent target in ICS-focused threat campaigns. This analysis covers the OPC UA threat model, documented vulnerability classes from recent CVEs, known exploitation by nation-state actors, and the hardening steps that reduce exposure without breaking operational continuity.
⚙️ manufacturing⚡ energy
Jun 6, 2026 Vuln Analysis Advantech WebAccess/SCADA: Multiple High-Severity Vulnerabilities Enable Remote Code Execution Advisories covering Advantech WebAccess/SCADA document path traversal, unrestricted file upload, and SQL injection vulnerabilities rated up to CVSS 8.8. WebAccess/SCADA is deployed across manufacturing, energy, and water treatment facilities globally. This analysis covers the vulnerability classes, exploitation paths, and immediate mitigations for OT operators.
⚙️ manufacturing⚡ energy
Jun 5, 2026 Vuln Analysis Rockwell Automation ControlLogix and CompactLogix: Vulnerability Landscape and Hardening Guidance Rockwell Automation's Logix family of programmable automation controllers has accumulated significant vulnerability history. This analysis covers key CVEs affecting ControlLogix and CompactLogix platforms, exploitation implications for industrial operations, and vendor-specific hardening steps.
⚙️ manufacturing⚡ energy
Jun 4, 2026 Threat Report Record 508 ICS Advisories in 2025: What the Vulnerability Surge Means for OT Defenders Forescout's analysis of 2025 ICS security advisories identifies a record 508 advisories covering 2,155 vulnerabilities — with 82% rated high or critical. Field controllers, PLCs, and SCADA systems are the primary targets, and the growing share of advisories with no available patch creates an unresolvable exposure category that demands compensating controls.
⚡ energy⚙️ manufacturing
Jun 3, 2026 Advisory CISA's Zero Trust Roadmap for OT: What the April 2026 Joint Guidance Means for Industrial Operators CISA's April 2026 joint guidance 'Adapting Zero Trust Principles to Operational Technology' lays out a practical roadmap for applying zero trust in environments where the standard IT playbook doesn't work — legacy protocols, uptime requirements, and safety constraints included.
⚡ energy💧 water
Jun 2, 2026 Threat Report Iranian APT Groups Escalate Attacks on Internet-Exposed PLCs: Water, Energy and Government Under Threat Since March 2026, Iranian-affiliated APT actors have been conducting disruptive attacks on internet-exposed programmable logic controllers across US critical infrastructure — particularly water/wastewater, energy, and government services. A joint advisory from CISA, FBI, NSA and US Cyber Command details the campaign and recommended mitigations.
💧 water⚡ energy
Jun 1, 2026 Advisory Siemens May 2026 ICS Patch Tuesday: Device Takeover in Sentron Energy Meters, Root RCE in Ruggedcom, and 300+ Third-Party Flaws in CN4100 Siemens published 18 security advisories in May 2026's ICS Patch Tuesday, with critical findings in the Sentron 7KT PAC1261 energy data manager, Ruggedcom Rox, Simatic CN4100, and Opcenter RDnL manufacturing platform. This roundup covers the highest-impact advisories with operational guidance for affected sectors.
⚡ energy⚙️ manufacturing
May 31, 2026 Advisory CISA ICS Advisory Roundup: Kaleris Navis N4, Delta Electronics CNCSoft, and ABB EIBPORT (May 2026) CISA released eight ICS advisories and one medical device advisory on May 28, 2026, covering critical vulnerabilities in transportation management, CNC motion control, and industrial building automation systems. This analysis covers the highest-impact advisories and operational guidance for affected organisations.
🚂 transport⚙️ manufacturing
May 30, 2026 Advisory Schneider Electric EcoStruxure Vulnerability Roundup: Critical Advisories Affecting Energy, Manufacturing, and Data Centre Operations Schneider Electric has issued multiple CISA-coordinated advisories in 2026 covering critical vulnerabilities across the EcoStruxure platform suite -- including a CVSS 9.8 deserialization flaw in the Foxboro DCS Advisor, hard-coded credentials in Data Center Expert, and local RCE in Power Monitoring Expert.
⚡ energy⚙️ manufacturing
May 29, 2026 Advisory CISA CI Fortify: What the New OT Isolation Guidance Means for Operational Technology Operators CISA's CI Fortify initiative moves beyond standard patching guidance to address a harder problem: how critical infrastructure OT environments maintain operational continuity when internet, cloud, and telecom connectivity is severed during a geopolitical cyber crisis.
⚡ energy💧 water
May 28, 2026 Sector Briefing IEC 62443: The OT Security Standard Your Procurement Team Needs to Understand IEC 62443 is the international standard series for industrial cybersecurity. This explainer covers the structure of the standard, what Security Levels mean in practice, the zones and conduits model, and how to reference 62443 in vendor contracts to actually improve your security posture.
⚡ energy⚙️ manufacturing
May 27, 2026 Advisory CVE-2026-8153: Critical Command Injection in Universal Robots PolyScope 5 Exposes Cobot Fleets A CVSS 9.8 OS command injection flaw in Universal Robots' PolyScope 5 Dashboard Server lets unauthenticated attackers seize control of collaborative robot controllers across manufacturing, automotive, and logistics environments. Patch to 5.25.1 immediately.
⚙️ manufacturing
May 26, 2026 Threat Report Four-Faith Routers Under Active Attack, Iranian Threat Actors Hit US Fuel Systems Mass exploitation of two vulnerabilities in Four-Faith industrial routers began May 12 with 139 attacking IPs observed against 15,800 exposed devices. Meanwhile, Iranian-linked threat actors continue automated attacks against Automatic Tank Gauge systems at US petrol stations.
⚡ energy🚂 transport
May 25, 2026 Threat Report OT Threat Landscape 2026: New Dragos Groups, Shrinking Exploit Windows, and the Visibility Crisis Dragos's 2026 OT cybersecurity year-in-review identifies 26 threat groups specifically targeting operational technology -- including three newly tracked groups -- as exploit timelines compress to 24 days and fewer than one in ten OT networks have active monitoring. A practical analysis for OT security practitioners.
⚡ energy⚙️ manufacturing
May 23, 2026 Threat Report Default Credentials, Internet-Exposed PLCs, and the Unsophisticated Actor Problem CISA's April 2026 joint advisory warns of Iranian-affiliated actors targeting internet-facing PLCs with basic techniques. The Poland energy attack demonstrated the real-world consequences. This analysis covers the threat, affected protocols, and what operators must do now.
⚡ energy💧 water
May 23, 2026 Threat Report Water Sector Cyber Threats 2026 -- From Oldsmar to Nation-State Pre-Positioning Water and wastewater systems face a growing and diverse cyber threat -- from opportunistic attacks exploiting internet-exposed HMIs to sophisticated nation-state pre-positioning campaigns. This briefing covers the current threat landscape, attack vectors, and sector-specific defensive priorities.
💧 water
May 22, 2026 Advisory CISA ICS Advisory Bundle: WAGO PFC, AVEVA Plant SCADA, and Beckhoff TwinCAT Vulnerabilities CISA released seven ICS advisories on May 21, 2026, covering authentication and remote code execution vulnerabilities in WAGO PFC controllers, AVEVA Plant SCADA (formerly Citect), and Beckhoff TwinCAT runtime. Together these advisories affect PLC, SCADA, and automation runtime platforms deployed across manufacturing, energy, and building automation sectors globally.
⚙️ manufacturing⚡ energy
May 21, 2026 CVE-2026-6891 Honeywell Experion PKS and C300 Controller Vulnerabilities: RCE Risk in Process DCS Multiple vulnerabilities in Honeywell's Experion Process Knowledge System and C300 controller affect distributed control systems in oil and gas, petrochemical, and chemical processing facilities. Chained, the flaws provide an unauthenticated path from network access to code execution on the C300 controller's real-time OS, with potential to disrupt or manipulate industrial processes.
🛢 petrochemical⚙️ manufacturing
May 20, 2026 Sector Briefing NIS2 OT Compliance: What the 2026 Enforcement Wave Means for Industrial Operators EU member states are now issuing the first formal NIS2 enforcement actions against operators of essential services. Industrial operators — energy utilities, water authorities, manufacturing firms, and transport operators — face binding cybersecurity obligations, supply chain security requirements, and 24-hour incident reporting duties that the prior NIS1 regime did not meaningfully enforce. What actually changed and what OT teams need to do.
⚡ energy💧 water
May 19, 2026 CVE-2026-6103 GE Vernova Grid Solutions SCADA Vulnerabilities: Path Traversal and Privilege Escalation in Energy Management Multiple vulnerabilities in GE Vernova's Grid Solutions EMS/SCADA platform affect energy management systems used by electric utilities, grid operators, and transmission system operators globally. The highest-severity flaw allows unauthenticated path traversal enabling access to sensitive configuration files on the EMS server.
⚡ energy
May 17, 2026 CVE-2026-5817 CISA Advisory: ABB AC500 PLC Remote Code Execution in Manufacturing and Process Control CISA has issued an advisory covering a critical remote code execution vulnerability in ABB's AC500 PLC series, one of the most widely deployed programmable logic controller families in European manufacturing, paper and pulp, food processing, and water infrastructure. The flaw affects the Modbus TCP server component and requires no authentication to exploit.
⚙️ manufacturing💧 water
May 15, 2026 CVE-2026-20182 CISA ICS Advisory: Siemens RUGGEDCOM and SCADABr Remote Code Execution CISA has released a critical ICS advisory covering unauthenticated remote code execution vulnerabilities in Siemens RUGGEDCOM network devices and SCADABr SCADA software, both widely deployed in energy and manufacturing environments.
⚡ energy⚙️ manufacturing
May 14, 2026 CVE-2026-4211 CISA Advisory: Hitachi Energy RTU500 Series Authentication Bypass in Grid SCADA CISA has published an advisory covering multiple vulnerabilities in Hitachi Energy's RTU500 series, widely deployed as remote terminal units in power grid substations and transmission infrastructure. An authentication bypass flaw allows unauthenticated attackers on the device network to read and modify RTU configuration — a direct threat to substation automation and grid stability.
⚡ energy
May 13, 2026 Threat Report Claroty 2026 State of XIoT Security: OT Vulnerability Disclosures Hit New High Claroty's annual State of XIoT Security report documents record-high vulnerability disclosures across operational technology, IoT, and connected medical devices. OT vulnerabilities now account for the majority of disclosed flaws, with critical infrastructure sectors facing compounded exposure from legacy device lifecycles and the accelerating advisory pace.
⚡ energy⚙️ manufacturing
May 11, 2026 Threat Report Volt Typhoon Pre-Positioning in US and UK OT Networks China-nexus threat actor Volt Typhoon has systematically infiltrated operational technology networks across US and UK critical infrastructure sectors, establishing persistent footholds in energy, water, and communications systems for potential future disruption.
⚡ energy💧 water
May 10, 2026 Sector Briefing OT Network Segmentation: Purdue Model, DMZ Design, and Historian Isolation A practical guide to network segmentation in OT environments, covering the Purdue Reference Model, industrial DMZ architecture, data historian isolation, and the tradeoffs between operational access and security posture.
⚡ energy⚙️ manufacturing
Apr 28, 2026 Threat Report TRITON/TRISIS: The Malware Designed to Kill TRITON is the only publicly known malware explicitly engineered to disable Safety Instrumented Systems -- the last line of defense against industrial catastrophes. An analysis of its architecture, targeting of Schneider Electric Triconex controllers, and what it means for safety system cybersecurity.
⚡ energy🛢 petrochemical
Apr 15, 2026 Vuln Analysis Modbus and DNP3: Inherent Security Weaknesses in Legacy Industrial Protocols Modbus and DNP3 were designed for reliability and interoperability, not security. An analysis of the structural security weaknesses in both protocols -- unauthenticated commands, lack of encryption, spoofing, and replay attacks -- and the compensating controls available to practitioners.
⚡ energy💧 water
Apr 5, 2026 Sector Briefing The OT Asset Inventory Problem: Visibility Gaps, Passive Discovery, and Unmanaged Devices Most industrial operators cannot accurately enumerate the devices on their OT networks. This visibility gap is the foundational barrier to OT security -- you cannot protect what you cannot see. A practical look at passive discovery tools, the limits of vendor inventories, and strategies for building actionable asset visibility.
⚡ energy⚙️ manufacturing
Mar 20, 2026