Manufacturing Sector
38 articles covering manufacturing OT/ICS security
GhostLock CVE-2026-43499: Advisory for OT Environments Running Linux-Based Historian and SCADA Systems
The GhostLock Linux kernel vulnerability (CVE-2026-43499) enables local privilege escalation to root in approximately five seconds with 97% reliability. OT environments running Linux-based historian servers, OPC-UA gateways, and SCADA platforms are directly affected. Patching and mitigation guidance for industrial operators.
Modbus Protocol Security: Attack Surface, Exploitation, and OT Network Hardening
Modbus is the most widely deployed industrial protocol in the world — and one of the least secure. This guide covers the Modbus attack surface, documented exploitation techniques used against OT environments, and practical hardening measures for energy, water, and manufacturing defenders.
ICSA-26-181-02: FUXA SCADA CVE-2026-13207 -- Path Traversal to Unauthenticated RCE
ICS-CERT advisory ICSA-26-181-02 covers a dot-segment path normalization bypass in FUXA open-source SCADA software that allows unauthenticated remote code execution. CVSS v4 score 8.6. Deployments in water, energy, and manufacturing are exposed.
Manufacturing Execution Systems Security: Protecting the Overlooked Bridge Between IT and OT
Manufacturing Execution Systems sit at the boundary between enterprise IT and production floor OT, connecting SAP/ERP business systems to SCADA and PLC networks. They are routinely overlooked in OT security programs despite being a primary lateral movement path between the two domains. This guide covers the MES attack surface and practical security controls.
OT Incident Response: The First 48 Hours
When a cyber incident hits an operational technology environment, the first 48 hours determine whether a brief outage becomes a prolonged shutdown. This playbook covers the critical decisions, sequencing, and OT-specific considerations that IR teams need to get right from the first alert.
Emerson DeltaV DCS: Authentication Gaps, CISA Advisories, and Zero Trust Remediation
Emerson DeltaV is one of the most widely deployed distributed control systems in oil and gas, pharmaceutical, and chemical manufacturing. Legacy DeltaV communication protocols lack authentication, and multiple CISA advisories document workstation-level vulnerabilities. Here's the current security posture and what operators should do.
Siemens S7comm Protocol: Attack Surface, Unauthenticated Access, and OT Network Detection
S7comm is Siemens' proprietary PLC communication protocol. Legacy S7comm lacks authentication and encryption, enabling unauthenticated read/write access to process data and PLC control commands. This guide covers the attack surface, documented exploit techniques, and detection approaches for OT defenders.
CISA June 2026 ICS Advisories: Siemens WinCC and Rockwell RSLinx RCE
CISA released a batch of 10 ICS advisories on June 23, 2026, including critical vulnerabilities in Siemens WinCC Certificate Manager and SIPROTEC 5. Separately, ICSA-26-167-02 documents an unauthenticated stack-based buffer overflow in Rockwell Automation RSLinx Classic enabling remote code execution.
EtherNet/IP and CIP Security: Attack Surface, Vulnerabilities, and Hardening
EtherNet/IP is the dominant industrial Ethernet protocol in North American manufacturing, used in Allen-Bradley PLCs, robotics, and drive systems. This analysis covers the CIP protocol attack surface, known exploitation patterns, CIP Security extension adoption, and network hardening guidance.
OT Security in Pharmaceutical Manufacturing: Protecting GMP-Regulated SCADA and DCS Systems
Pharmaceutical manufacturing operates process control systems under FDA 21 CFR Part 11 and EU GMP Annex 11 regulatory frameworks that constrain patching and change management. This sector briefing covers the pharma OT attack surface and how to implement compensating controls without triggering costly revalidation.
Securing OT Remote Access: VPN, ZTNA, and Jump Server Architecture for Industrial Networks
Remote access to operational technology environments expanded dramatically during 2020-2022 and was never fully locked down. This guide covers the specific risks of each remote access pattern — vendor VPNs, site VPNs, jump servers, and ZTNA — and the hardening steps that reduce the attack surface without breaking the maintenance workflows OT teams depend on.
PIPEDREAM and COSMICENERGY: The ICS Malware Frameworks Built for Grid Disruption
PIPEDREAM (disclosed April 2022) and COSMICENERGY (May 2023) are the two most sophisticated ICS-targeting malware frameworks to emerge since TRITON. Both target industrial protocols used in power and energy infrastructure. This analysis covers their architecture, capabilities, and what they mean for defenders.
PROFINET Security: Attack Surface Analysis and Hardening for Industrial Ethernet Networks
PROFINET is the dominant real-time industrial Ethernet protocol in European manufacturing and process automation, with over 70 million installed nodes worldwide. This guide covers PROFINET's attack surface, documented exploits, network segmentation requirements, and hardening controls for OT security practitioners.
CISA ICS Advisory Roundup: Inductive Automation Ignition, ICONICS GENESIS64, and Mitsubishi Electric Vulnerabilities June 2026
CISA released nine ICS advisories in June 2026 covering critical and high-severity vulnerabilities in Inductive Automation Ignition, ICONICS/Mitsubishi GENESIS64, and Axis network cameras used in OT environments. This roundup covers the operational risk and remediation priorities.
Ransomware in OT Environments: How Manufacturing and Energy Operators Are Being Hit in 2026
Ransomware groups are no longer stopping at IT systems. This sector briefing covers how operators in manufacturing, energy, and water treatment are being targeted in 2026 — the specific OT attack vectors, operational impact patterns, and the defensive controls that matter most.
ICS Patch Tuesday June 2026: Critical Vulnerabilities in Siemens, Honeywell, and Mitsubishi Electric Products
The June 2026 ICS Patch Tuesday cycle brings critical and high-severity advisories affecting Siemens industrial networks, Honeywell building and process control systems, and Mitsubishi Electric PLCs. OT security teams should prioritise triage and remediation planning for affected assets.
OPC UA Security: Attack Surface Analysis and Hardening Recommendations for Industrial Environments
OPC Unified Architecture has become the dominant interoperability standard for industrial communication — and a consistent target in ICS-focused threat campaigns. This analysis covers the OPC UA threat model, documented vulnerability classes from recent CVEs, known exploitation by nation-state actors, and the hardening steps that reduce exposure without breaking operational continuity.
Advantech WebAccess/SCADA: Multiple High-Severity Vulnerabilities Enable Remote Code Execution
Advisories covering Advantech WebAccess/SCADA document path traversal, unrestricted file upload, and SQL injection vulnerabilities rated up to CVSS 8.8. WebAccess/SCADA is deployed across manufacturing, energy, and water treatment facilities globally. This analysis covers the vulnerability classes, exploitation paths, and immediate mitigations for OT operators.
Rockwell Automation ControlLogix and CompactLogix: Vulnerability Landscape and Hardening Guidance
Rockwell Automation's Logix family of programmable automation controllers has accumulated significant vulnerability history. This analysis covers key CVEs affecting ControlLogix and CompactLogix platforms, exploitation implications for industrial operations, and vendor-specific hardening steps.
Record 508 ICS Advisories in 2025: What the Vulnerability Surge Means for OT Defenders
Forescout's analysis of 2025 ICS security advisories identifies a record 508 advisories covering 2,155 vulnerabilities — with 82% rated high or critical. Field controllers, PLCs, and SCADA systems are the primary targets, and the growing share of advisories with no available patch creates an unresolvable exposure category that demands compensating controls.
CISA's Zero Trust Roadmap for OT: What the April 2026 Joint Guidance Means for Industrial Operators
CISA's April 2026 joint guidance 'Adapting Zero Trust Principles to Operational Technology' lays out a practical roadmap for applying zero trust in environments where the standard IT playbook doesn't work — legacy protocols, uptime requirements, and safety constraints included.
Iranian APT Groups Escalate Attacks on Internet-Exposed PLCs: Water, Energy and Government Under Threat
Since March 2026, Iranian-affiliated APT actors have been conducting disruptive attacks on internet-exposed programmable logic controllers across US critical infrastructure — particularly water/wastewater, energy, and government services. A joint advisory from CISA, FBI, NSA and US Cyber Command details the campaign and recommended mitigations.
Siemens May 2026 ICS Patch Tuesday: Device Takeover in Sentron Energy Meters, Root RCE in Ruggedcom, and 300+ Third-Party Flaws in CN4100
Siemens published 18 security advisories in May 2026's ICS Patch Tuesday, with critical findings in the Sentron 7KT PAC1261 energy data manager, Ruggedcom Rox, Simatic CN4100, and Opcenter RDnL manufacturing platform. This roundup covers the highest-impact advisories with operational guidance for affected sectors.
CISA ICS Advisory Roundup: Kaleris Navis N4, Delta Electronics CNCSoft, and ABB EIBPORT (May 2026)
CISA released eight ICS advisories and one medical device advisory on May 28, 2026, covering critical vulnerabilities in transportation management, CNC motion control, and industrial building automation systems. This analysis covers the highest-impact advisories and operational guidance for affected organisations.
Schneider Electric EcoStruxure Vulnerability Roundup: Critical Advisories Affecting Energy, Manufacturing, and Data Centre Operations
Schneider Electric has issued multiple CISA-coordinated advisories in 2026 covering critical vulnerabilities across the EcoStruxure platform suite -- including a CVSS 9.8 deserialization flaw in the Foxboro DCS Advisor, hard-coded credentials in Data Center Expert, and local RCE in Power Monitoring Expert.
CISA CI Fortify: What the New OT Isolation Guidance Means for Operational Technology Operators
CISA's CI Fortify initiative moves beyond standard patching guidance to address a harder problem: how critical infrastructure OT environments maintain operational continuity when internet, cloud, and telecom connectivity is severed during a geopolitical cyber crisis.
IEC 62443: The OT Security Standard Your Procurement Team Needs to Understand
IEC 62443 is the international standard series for industrial cybersecurity. This explainer covers the structure of the standard, what Security Levels mean in practice, the zones and conduits model, and how to reference 62443 in vendor contracts to actually improve your security posture.
CVE-2026-8153: Critical Command Injection in Universal Robots PolyScope 5 Exposes Cobot Fleets
A CVSS 9.8 OS command injection flaw in Universal Robots' PolyScope 5 Dashboard Server lets unauthenticated attackers seize control of collaborative robot controllers across manufacturing, automotive, and logistics environments. Patch to 5.25.1 immediately.
OT Threat Landscape 2026: New Dragos Groups, Shrinking Exploit Windows, and the Visibility Crisis
Dragos's 2026 OT cybersecurity year-in-review identifies 26 threat groups specifically targeting operational technology -- including three newly tracked groups -- as exploit timelines compress to 24 days and fewer than one in ten OT networks have active monitoring. A practical analysis for OT security practitioners.
Default Credentials, Internet-Exposed PLCs, and the Unsophisticated Actor Problem
CISA's April 2026 joint advisory warns of Iranian-affiliated actors targeting internet-facing PLCs with basic techniques. The Poland energy attack demonstrated the real-world consequences. This analysis covers the threat, affected protocols, and what operators must do now.
CISA ICS Advisory Bundle: WAGO PFC, AVEVA Plant SCADA, and Beckhoff TwinCAT Vulnerabilities
CISA released seven ICS advisories on May 21, 2026, covering authentication and remote code execution vulnerabilities in WAGO PFC controllers, AVEVA Plant SCADA (formerly Citect), and Beckhoff TwinCAT runtime. Together these advisories affect PLC, SCADA, and automation runtime platforms deployed across manufacturing, energy, and building automation sectors globally.
Honeywell Experion PKS and C300 Controller Vulnerabilities: RCE Risk in Process DCS
Multiple vulnerabilities in Honeywell's Experion Process Knowledge System and C300 controller affect distributed control systems in oil and gas, petrochemical, and chemical processing facilities. Chained, the flaws provide an unauthenticated path from network access to code execution on the C300 controller's real-time OS, with potential to disrupt or manipulate industrial processes.
NIS2 OT Compliance: What the 2026 Enforcement Wave Means for Industrial Operators
EU member states are now issuing the first formal NIS2 enforcement actions against operators of essential services. Industrial operators — energy utilities, water authorities, manufacturing firms, and transport operators — face binding cybersecurity obligations, supply chain security requirements, and 24-hour incident reporting duties that the prior NIS1 regime did not meaningfully enforce. What actually changed and what OT teams need to do.
CISA Advisory: ABB AC500 PLC Remote Code Execution in Manufacturing and Process Control
CISA has issued an advisory covering a critical remote code execution vulnerability in ABB's AC500 PLC series, one of the most widely deployed programmable logic controller families in European manufacturing, paper and pulp, food processing, and water infrastructure. The flaw affects the Modbus TCP server component and requires no authentication to exploit.
CISA ICS Advisory: Siemens RUGGEDCOM and SCADABr Remote Code Execution
CISA has released a critical ICS advisory covering unauthenticated remote code execution vulnerabilities in Siemens RUGGEDCOM network devices and SCADABr SCADA software, both widely deployed in energy and manufacturing environments.
Claroty 2026 State of XIoT Security: OT Vulnerability Disclosures Hit New High
Claroty's annual State of XIoT Security report documents record-high vulnerability disclosures across operational technology, IoT, and connected medical devices. OT vulnerabilities now account for the majority of disclosed flaws, with critical infrastructure sectors facing compounded exposure from legacy device lifecycles and the accelerating advisory pace.
OT Network Segmentation: Purdue Model, DMZ Design, and Historian Isolation
A practical guide to network segmentation in OT environments, covering the Purdue Reference Model, industrial DMZ architecture, data historian isolation, and the tradeoffs between operational access and security posture.
The OT Asset Inventory Problem: Visibility Gaps, Passive Discovery, and Unmanaged Devices
Most industrial operators cannot accurately enumerate the devices on their OT networks. This visibility gap is the foundational barrier to OT security -- you cannot protect what you cannot see. A practical look at passive discovery tools, the limits of vendor inventories, and strategies for building actionable asset visibility.