Search

Find a vulnerability

Search criteria

    3771 vulnerabilities

    CVE-2026-11889 (GCVE-0-2026-11889)

    Vulnerability from cvelistv5 – Published: 2026-07-16 20:38 – Updated: 2026-07-17 13:21
    VLAI
    Title
    SALTO ProAccess Space Authorization Bypass Through User-Controlled Key
    Summary
    SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SALTO ProAccess Space Affected: 0 , < 6.13 (custom)
    Unaffected: 6.13
    Create a notification for this product.
    Credits
    Bernhard Lorenz of Limes Security reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11889",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:21:04.700942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:21:12.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ProAccess Space",
              "vendor": "SALTO",
              "versions": [
                {
                  "lessThan": "6.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "6.13"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bernhard Lorenz of Limes Security reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SALTO ProAccess Space software using the tenancy feature / logical \npartition is vulnerable to a privilege escalation attack that could \nallow an authorized attacker to access any space managed by the affected\n product."
                }
              ],
              "value": "SALTO ProAccess Space software using the tenancy feature / logical \npartition is vulnerable to a privilege escalation attack that could \nallow an authorized attacker to access any space managed by the affected\n product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T20:38:46.479Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-07"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-07.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUsers of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.\u003c/p\u003e\u003cp\u003eTo further enhance security after \napplying the update:\u0026nbsp;\u003c/p\u003e\u003col\u003e\u003cli\u003eOperate ProAccess Space on a protected internal \nnetwork and avoid exposing it directly to the Internet.\u0026nbsp;\u003c/li\u003e\u003cli\u003eRestrict \noperator-level accounts to the minimum required and apply \nleast-privilege principles.\u0026nbsp;\u003c/li\u003e\u003cli\u003eIf feasible, disable the partitioning \nfeature and operate under a single partition.\u0026nbsp;\u003c/li\u003e\u003cli\u003eWhen strong tenant \nseparation is required, consider running separate Space instances \n(isolated environments) rather than relying solely on logical \npartitioning.\u003c/li\u003e\u003c/ol\u003e"
                }
              ],
              "value": "Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.\n\n\n\nTo further enhance security after \napplying the update:\u00a0\n\n  *  Operate ProAccess Space on a protected internal \nnetwork and avoid exposing it directly to the Internet.\u00a0\n  *  Restrict \noperator-level accounts to the minimum required and apply \nleast-privilege principles.\u00a0\n  *  If feasible, disable the partitioning \nfeature and operate under a single partition.\u00a0\n  *  When strong tenant \nseparation is required, consider running separate Space instances \n(isolated environments) rather than relying solely on logical \npartitioning."
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-07",
            "discovery": "EXTERNAL"
          },
          "title": "SALTO ProAccess Space Authorization Bypass Through User-Controlled Key",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-11889",
        "datePublished": "2026-07-16T20:38:46.479Z",
        "dateReserved": "2026-06-10T14:40:08.574Z",
        "dateUpdated": "2026-07-17T13:21:12.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61378 (GCVE-0-2026-61378)

    Vulnerability from cvelistv5 – Published: 2026-07-16 20:30 – Updated: 2026-07-17 13:22
    VLAI
    Title
    AutomationDirect Productivity Suite Divide By Zero
    Summary
    A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    AutomationDirect Productivity Suite Affected: 0 , ≤ v4.6.2.2 (custom)
    Unaffected: v4.7.0.47
    Create a notification for this product.
    Credits
    Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:21:50.791725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:22:08.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Productivity Suite",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "lessThanOrEqual": "v4.6.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v4.7.0.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A divide-by-zero vulnerability in the Productivity Suite allows a local \nattacker to cause a division by zero leading to a system crash."
                }
              ],
              "value": "A divide-by-zero vulnerability in the Productivity Suite allows a local \nattacker to cause a division by zero leading to a system crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T20:30:30.723Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.automationdirect.com/support/software-downloads"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e"
                }
              ],
              "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u00a0\n https://www.automationdirect.com/support/software-downloads"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-04",
            "discovery": "EXTERNAL"
          },
          "title": "AutomationDirect Productivity Suite Divide By Zero",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eUse only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eRestrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eConfigure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eUse antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eEnable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eMaintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eContinuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\n\n\n  *  Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Restrict both physical and logical access to authorized personnel only.\n  *  Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-61378",
        "datePublished": "2026-07-16T20:30:30.723Z",
        "dateReserved": "2026-07-09T15:00:24.544Z",
        "dateUpdated": "2026-07-17T13:22:08.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60073 (GCVE-0-2026-60073)

    Vulnerability from cvelistv5 – Published: 2026-07-16 20:22 – Updated: 2026-07-17 13:15
    VLAI
    Title
    AutomationDirect Productivity Suite Out-of-bounds Read
    Summary
    An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    AutomationDirect Productivity Suite Affected: 0 , ≤ v4.6.2.2 (custom)
    Unaffected: v4.7.0.47
    Create a notification for this product.
    Credits
    Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:15:13.008365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:15:30.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Productivity Suite",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "lessThanOrEqual": "v4.6.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v4.7.0.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read in the Productivity Suite allows a physical \nattacker to control the length of data sent to a USB device. This can \nlead to a system crash or disclosure of kernel memory."
                }
              ],
              "value": "An out-of-bounds read in the Productivity Suite allows a physical \nattacker to control the length of data sent to a USB device. This can \nlead to a system crash or disclosure of kernel memory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T20:22:36.036Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.automationdirect.com/support/software-downloads"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e"
                }
              ],
              "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u00a0\n https://www.automationdirect.com/support/software-downloads"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-04",
            "discovery": "EXTERNAL"
          },
          "title": "AutomationDirect Productivity Suite Out-of-bounds Read",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eUse only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eRestrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eConfigure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eUse antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eEnable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eMaintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eContinuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\n\n\n  *  Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Restrict both physical and logical access to authorized personnel only.\n  *  Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-60073",
        "datePublished": "2026-07-16T20:22:36.036Z",
        "dateReserved": "2026-07-09T15:00:24.541Z",
        "dateUpdated": "2026-07-17T13:15:30.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57896 (GCVE-0-2026-57896)

    Vulnerability from cvelistv5 – Published: 2026-07-16 20:06 – Updated: 2026-07-17 13:16
    VLAI
    Title
    AutomationDirect Productivity Suite Out-of-bounds Read
    Summary
    An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    AutomationDirect Productivity Suite Affected: 0 , ≤ v4.6.2.2 (custom)
    Unaffected: v4.7.0.47
    Create a notification for this product.
    Credits
    Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57896",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:16:30.492759Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:16:50.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Productivity Suite",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "lessThanOrEqual": "v4.6.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v4.7.0.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption by sending a crafted \nIOCTL request. This could lead to limited information disclosure or \ndisruption of the affected product."
                }
              ],
              "value": "An out-of-bounds read vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption by sending a crafted \nIOCTL request. This could lead to limited information disclosure or \ndisruption of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T20:06:50.140Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.automationdirect.com/support/software-downloads"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e"
                }
              ],
              "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u00a0\n https://www.automationdirect.com/support/software-downloads"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-04",
            "discovery": "EXTERNAL"
          },
          "title": "AutomationDirect Productivity Suite Out-of-bounds Read",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eUse only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eRestrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eConfigure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eUse antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eEnable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eMaintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eContinuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\n\n\n  *  Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Restrict both physical and logical access to authorized personnel only.\n  *  Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-57896",
        "datePublished": "2026-07-16T20:06:50.140Z",
        "dateReserved": "2026-07-09T15:00:24.538Z",
        "dateUpdated": "2026-07-17T13:16:50.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60140 (GCVE-0-2026-60140)

    Vulnerability from cvelistv5 – Published: 2026-07-16 20:03 – Updated: 2026-07-17 13:45
    VLAI
    Title
    AutomationDirect Productivity Suite Out-of-bounds Read
    Summary
    An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive information or causing the affected product to become unstable or unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    AutomationDirect Productivity Suite Affected: 0 , ≤ v4.6.2.2 (custom)
    Unaffected: v4.7.0.47
    Create a notification for this product.
    Credits
    Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:45:07.449182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:45:18.561Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Productivity Suite",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "lessThanOrEqual": "v4.6.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v4.7.0.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption by sending a crafted \nIOCTL request. This can lead to exposing sensitive information or \ncausing the affected product to become unstable or unavailable."
                }
              ],
              "value": "An out-of-bounds read vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption by sending a crafted \nIOCTL request. This can lead to exposing sensitive information or \ncausing the affected product to become unstable or unavailable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T20:03:14.898Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.automationdirect.com/support/software-downloads"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e"
                }
              ],
              "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u00a0\n https://www.automationdirect.com/support/software-downloads"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-04",
            "discovery": "EXTERNAL"
          },
          "title": "AutomationDirect Productivity Suite Out-of-bounds Read",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eUse only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eRestrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eConfigure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eUse antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eEnable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eMaintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eContinuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\n\n\n  *  Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Restrict both physical and logical access to authorized personnel only.\n  *  Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-60140",
        "datePublished": "2026-07-16T20:03:14.898Z",
        "dateReserved": "2026-07-09T15:00:24.535Z",
        "dateUpdated": "2026-07-17T13:45:18.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61389 (GCVE-0-2026-61389)

    Vulnerability from cvelistv5 – Published: 2026-07-16 20:00 – Updated: 2026-07-17 13:46
    VLAI
    Title
    AutomationDirect Productivity Suite Out-of-bounds Write
    Summary
    An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    AutomationDirect Productivity Suite Affected: 0 , ≤ v4.6.2.2 (custom)
    Unaffected: v4.7.0.47
    Create a notification for this product.
    Credits
    Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61389",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:45:43.767213Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:46:16.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Productivity Suite",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "lessThanOrEqual": "v4.6.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v4.7.0.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds write vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption via a crafted IOCTL \nrequest, potentially resulting in privilege escalation or system \ninstability."
                }
              ],
              "value": "An out-of-bounds write vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption via a crafted IOCTL \nrequest, potentially resulting in privilege escalation or system \ninstability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T20:00:55.078Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.automationdirect.com/support/software-downloads"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e"
                }
              ],
              "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u00a0\n https://www.automationdirect.com/support/software-downloads"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-04",
            "discovery": "EXTERNAL"
          },
          "title": "AutomationDirect Productivity Suite Out-of-bounds Write",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eUse only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eRestrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eConfigure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eUse antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eEnable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eMaintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eContinuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\n\n\n  *  Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Restrict both physical and logical access to authorized personnel only.\n  *  Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-61389",
        "datePublished": "2026-07-16T20:00:55.078Z",
        "dateReserved": "2026-07-09T15:00:24.531Z",
        "dateUpdated": "2026-07-17T13:46:16.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60063 (GCVE-0-2026-60063)

    Vulnerability from cvelistv5 – Published: 2026-07-16 19:59 – Updated: 2026-07-17 13:25
    VLAI
    Title
    AutomationDirect Productivity Suite Out-of-bounds Write
    Summary
    An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    AutomationDirect Productivity Suite Affected: 0 , ≤ v4.6.2.2 (custom)
    Unaffected: v4.7.0.47
    Create a notification for this product.
    Credits
    Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60063",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:24:44.620879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:25:08.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Productivity Suite",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "lessThanOrEqual": "v4.6.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v4.7.0.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Borzacchiello of Nozomi Networks reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds write vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption via a crafted IOCTL \nrequest, potentially resulting in privilege escalation or system \ninstability."
                }
              ],
              "value": "An out-of-bounds write vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption via a crafted IOCTL \nrequest, potentially resulting in privilege escalation or system \ninstability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T19:59:16.196Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.automationdirect.com/support/software-downloads"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e"
                }
              ],
              "value": "AutomationDirect recommends that users update Productivity suite to \nv4.7.0.47 and above\u00a0\n https://www.automationdirect.com/support/software-downloads"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-04",
            "discovery": "EXTERNAL"
          },
          "title": "AutomationDirect Productivity Suite Out-of-bounds Write",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eUse only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eRestrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eConfigure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eUse antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eEnable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eMaintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eContinuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed.\n\n\n  *  Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Restrict both physical and logical access to authorized personnel only.\n  *  Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-60063",
        "datePublished": "2026-07-16T19:59:16.196Z",
        "dateReserved": "2026-07-09T15:00:24.526Z",
        "dateUpdated": "2026-07-17T13:25:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15352 (GCVE-0-2026-15352)

    Vulnerability from cvelistv5 – Published: 2026-07-16 19:48 – Updated: 2026-07-17 13:26
    VLAI
    Title
    NASA Core Flight System (cFS) Health & Safety (HS) Application NULL Pointer Dereference
    Summary
    A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL pointer dereference
    Assigner
    Impacted products
    Vendor Product Version
    NASA Core Flight System (cFS) Health & Safety (HS) Application Affected: 0 , < v7.0.1 (custom)
    Unaffected: v7.0.1
    Create a notification for this product.
    Credits
    Grady DeRosa reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:26:10.684386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T13:26:28.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Core Flight System (cFS) Health \u0026 Safety (HS) Application",
              "vendor": "NASA",
              "versions": [
                {
                  "lessThan": "v7.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "v7.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Grady DeRosa reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the Health \u0026amp; Safety (HS) application of NASA\u0027s Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service."
                }
              ],
              "value": "A vulnerability exists in the Health \u0026 Safety (HS) application of NASA\u0027s Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T21:03:55.318Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://github.com/nasa/HS/releases/tag/v7.0.1"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-03"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-03.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NASA recommends users update to v7.0.1\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://github.com/nasa/HS/releases/tag/v7.0.1\"\u003ehttps://github.com/nasa/HS/releases/tag/v7.0.1\u003c/a\u003e"
                }
              ],
              "value": "NASA recommends users update to v7.0.1\u00a0\n https://github.com/nasa/HS/releases/tag/v7.0.1"
            }
          ],
          "source": {
            "advisory": "ICSA-26-197-03",
            "discovery": "EXTERNAL"
          },
          "title": "NASA Core Flight System (cFS) Health \u0026 Safety (HS) Application NULL Pointer Dereference",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-15352",
        "datePublished": "2026-07-16T19:48:43.886Z",
        "dateReserved": "2026-07-09T22:03:49.631Z",
        "dateUpdated": "2026-07-17T13:26:28.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14480 (GCVE-0-2026-14480)

    Vulnerability from cvelistv5 – Published: 2026-07-10 22:17 – Updated: 2026-07-13 15:41
    VLAI
    Title
    OpenPLC v3 External Control of File Name or Path
    Summary
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attacker‑controlled absolute paths, an authenticated user can write arbitrary files anywhere writable by the OpenPLC webserver process. In the default build pipeline, all C++ source files within the OpenPLC runtime core directory are automatically compiled into the executable runtime binary. By writing a malicious .cpp file into this directory, an authenticated attacker can escalate the arbitrary file write into arbitrary native code execution when the operator triggers a normal program compilation and runtime start.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OpenPLC OpenPLC Affected: v3
    Unaffected: v4
    Create a notification for this product.
    Credits
    Grady DeRosa reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:40:59.399646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:41:57.195Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OpenPLC",
              "vendor": "OpenPLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "v3"
                },
                {
                  "status": "unaffected",
                  "version": "v4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Grady DeRosa reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OpenPLC Runtime v3 contains an authenticated arbitrary file write \nvulnerability in the legacy web UI program\u2011upload workflow. The \napplication stores an attacker\u2011supplied filename (prog_file) directly \ninto the Programs.File database field and later uses this value as the \ndestination path for an uploaded file without validating or restricting \nthe path. Because Python os.path.join() honors attacker\u2011controlled \nabsolute paths, an authenticated user can write arbitrary files anywhere\n writable by the OpenPLC webserver process. In the default build \npipeline, all C++ source files within the OpenPLC runtime core directory\n are automatically compiled into the executable runtime binary. By \nwriting a malicious .cpp file into this directory, an authenticated \nattacker can escalate the arbitrary file write into arbitrary native \ncode execution when the operator triggers a normal program compilation \nand runtime start."
                }
              ],
              "value": "OpenPLC Runtime v3 contains an authenticated arbitrary file write \nvulnerability in the legacy web UI program\u2011upload workflow. The \napplication stores an attacker\u2011supplied filename (prog_file) directly \ninto the Programs.File database field and later uses this value as the \ndestination path for an uploaded file without validating or restricting \nthe path. Because Python os.path.join() honors attacker\u2011controlled \nabsolute paths, an authenticated user can write arbitrary files anywhere\n writable by the OpenPLC webserver process. In the default build \npipeline, all C++ source files within the OpenPLC runtime core directory\n are automatically compiled into the executable runtime binary. By \nwriting a malicious .cpp file into this directory, an authenticated \nattacker can escalate the arbitrary file write into arbitrary native \ncode execution when the operator triggers a normal program compilation \nand runtime start."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T22:17:49.406Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-190-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OpenPLC recommends users upgrade to OpenPLC v4 as OpenPLC v3 is \nend-of-life and is no longer receiving patches, bug fixes, or security \nupdates."
                }
              ],
              "value": "OpenPLC recommends users upgrade to OpenPLC v4 as OpenPLC v3 is \nend-of-life and is no longer receiving patches, bug fixes, or security \nupdates."
            }
          ],
          "source": {
            "advisory": "ICSA-26-190-01",
            "discovery": "EXTERNAL"
          },
          "title": "OpenPLC v3 External Control of File Name or Path",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-14480",
        "datePublished": "2026-07-10T22:17:49.406Z",
        "dateReserved": "2026-07-02T16:00:30.030Z",
        "dateUpdated": "2026-07-13T15:41:57.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44383 (GCVE-0-2026-44383)

    Vulnerability from cvelistv5 – Published: 2026-07-10 22:11 – Updated: 2026-07-13 15:34
    VLAI
    Title
    Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration
    Summary
    Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    An anonymous researcher reported this vulnerability to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:34:13.068182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:34:23.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Le Circuit Electrique charging station backend",
              "vendor": "Hydro-Qu\u00e9bec",
              "versions": [
                {
                  "lessThan": "June_2026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "An anonymous researcher reported this vulnerability to CISA"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple connections to the backend using the same charging station ID \nare allowed, which could allow an attacker to deploy multiple instances \nof malicious OCPP clients to overwhelm the backend."
                }
              ],
              "value": "Multiple connections to the backend using the same charging station ID \nare allowed, which could allow an attacker to deploy multiple instances \nof malicious OCPP clients to overwhelm the backend."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T22:11:16.866Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.hydroquebec.com/nous-joindre/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hydro-Qu\u00e9bec has updated the majority of charging stations to disable \nOCPP, mitigating the risk of exploitation. Hydro-Qu\u00e9bec has also \nimplemented authentication systems to mitigate the issue for certain \ncharging stations which are still reliant on OCPP. Contact Hydro-Qu\u00e9bec \nwith any additional questions."
                }
              ],
              "value": "Hydro-Qu\u00e9bec has updated the majority of charging stations to disable \nOCPP, mitigating the risk of exploitation. Hydro-Qu\u00e9bec has also \nimplemented authentication systems to mitigate the issue for certain \ncharging stations which are still reliant on OCPP. Contact Hydro-Qu\u00e9bec \nwith any additional questions."
            }
          ],
          "source": {
            "advisory": "ICSA-26-188-01",
            "discovery": "EXTERNAL"
          },
          "title": "Hydro-Qu\u00e9bec Le Circuit Electrique charging station backend Insufficient Session Expiration",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-44383",
        "datePublished": "2026-07-10T22:11:16.866Z",
        "dateReserved": "2026-05-07T16:55:26.145Z",
        "dateUpdated": "2026-07-13T15:34:23.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42952 (GCVE-0-2026-42952)

    Vulnerability from cvelistv5 – Published: 2026-07-10 22:09 – Updated: 2026-07-14 14:34
    VLAI
    Title
    Hydro-Québec Le Circuit Electrique charging station backend Improper Restriction of Excessive Authentication Attempts
    Summary
    Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    An anonymous researcher reported this vulnerability to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42952",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T14:00:56.815031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T14:34:24.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Le Circuit Electrique charging station backend",
              "vendor": "Hydro-Qu\u00e9bec",
              "versions": [
                {
                  "lessThan": "June_2026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "An anonymous researcher reported this vulnerability to CISA"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Previously, there was no throttling on repeated authentication attempts \nto the charging station backend, which could allow an attacker to \nexecute a denial-of-service attack."
                }
              ],
              "value": "Previously, there was no throttling on repeated authentication attempts \nto the charging station backend, which could allow an attacker to \nexecute a denial-of-service attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T22:09:16.884Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.hydroquebec.com/nous-joindre/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hydro-Qu\u00e9bec has updated the majority of charging stations to disable \nOCPP, mitigating the risk of exploitation. Hydro-Qu\u00e9bec has also \nimplemented authentication systems to mitigate the issue for certain \ncharging stations which are still reliant on OCPP. Contact Hydro-Qu\u00e9bec \nwith any additional questions."
                }
              ],
              "value": "Hydro-Qu\u00e9bec has updated the majority of charging stations to disable \nOCPP, mitigating the risk of exploitation. Hydro-Qu\u00e9bec has also \nimplemented authentication systems to mitigate the issue for certain \ncharging stations which are still reliant on OCPP. Contact Hydro-Qu\u00e9bec \nwith any additional questions."
            }
          ],
          "source": {
            "advisory": "ICSA-26-188-01",
            "discovery": "EXTERNAL"
          },
          "title": "Hydro-Qu\u00e9bec Le Circuit Electrique charging station backend Improper Restriction of Excessive Authentication Attempts",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-42952",
        "datePublished": "2026-07-10T22:09:16.884Z",
        "dateReserved": "2026-05-07T16:55:26.126Z",
        "dateUpdated": "2026-07-14T14:34:24.114Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20744 (GCVE-0-2026-20744)

    Vulnerability from cvelistv5 – Published: 2026-07-10 22:07 – Updated: 2026-07-14 14:34
    VLAI
    Title
    Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control
    Summary
    The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    An anonymous researcher reported this vulnerability to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:59:32.419836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T14:34:32.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Le Circuit Electrique charging station backend",
              "vendor": "Hydro-Qu\u00e9bec",
              "versions": [
                {
                  "lessThan": "June_2026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "An anonymous researcher reported this vulnerability to CISA"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The charging station websocket endpoint accepts connections without \nproper authentication, which could lead to privilege escalation."
                }
              ],
              "value": "The charging station websocket endpoint accepts connections without \nproper authentication, which could lead to privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T22:07:23.971Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.hydroquebec.com/nous-joindre/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hydro-Qu\u00e9bec has updated the majority of charging stations to disable \nOCPP, mitigating the risk of exploitation. Hydro-Qu\u00e9bec has also \nimplemented authentication systems to mitigate the issue for certain \ncharging stations which are still reliant on OCPP. Contact Hydro-Qu\u00e9bec \nwith any additional questions."
                }
              ],
              "value": "Hydro-Qu\u00e9bec has updated the majority of charging stations to disable \nOCPP, mitigating the risk of exploitation. Hydro-Qu\u00e9bec has also \nimplemented authentication systems to mitigate the issue for certain \ncharging stations which are still reliant on OCPP. Contact Hydro-Qu\u00e9bec \nwith any additional questions."
            }
          ],
          "source": {
            "advisory": "ICSA-26-188-01",
            "discovery": "EXTERNAL"
          },
          "title": "Hydro-Qu\u00e9bec Le Circuit Electrique charging station backend Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-20744",
        "datePublished": "2026-07-10T22:07:23.971Z",
        "dateReserved": "2026-01-27T23:33:47.834Z",
        "dateUpdated": "2026-07-14T14:34:32.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-38059 (GCVE-0-2026-38059)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:11 – Updated: 2026-07-10 17:00
    VLAI
    Title
    ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function
    Summary
    The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    ST Engineering iDirect Evolution iQ‑Series terminals Affected: 0 , ≤ 4.5.2.1 (custom)
    Unaffected: 4.5.2.2
    Create a notification for this product.
    ST Engineering iDirect 3315-Series Affected: 0 , ≤ 4.5.2.1 (custom)
    Unaffected: 4.5.2.2
    Create a notification for this product.
    ST Engineering iDirect 9-Series Terminals Affected: 0 , ≤ 4.5.2.1 (custom)
    Unaffected: 4.5.2.2
    Create a notification for this product.
    Date Public
    2026-07-02 17:00
    Credits
    Ahmed Alqahtani of Aramco reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-38059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T16:18:45.509494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:27.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Evolution iQ\u2011Series terminals",
              "vendor": "ST Engineering iDirect",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "4.5.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "3315-Series",
              "vendor": "ST Engineering iDirect",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "4.5.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "9-Series Terminals",
              "vendor": "ST Engineering iDirect",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "4.5.2.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ahmed Alqahtani of Aramco reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-07-02T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance."
                }
              ],
              "value": "The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:11:42.152Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01"
            },
            {
              "url": "https://support.idirect.net/s/login"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.\n\u003cbr\u003e\n\u003cbr\u003eRegistered users are able to download patches from the iDirect Support Portal \u003ca href=\"https://support.idirect.net/s/login\"\u003ehttps://support.idirect.net/s/login\u003c/a\u003e.\n\u003cbr\u003e\n\u003cbr\u003e"
                }
              ],
              "value": "ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.\n\n\n\nRegistered users are able to download patches from the iDirect Support Portal  https://support.idirect.net/s/login ."
            }
          ],
          "source": {
            "advisory": "ICSA-26-183-01",
            "discovery": "EXTERNAL"
          },
          "title": "ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cli\u003eRestrict management interfaces to trusted networks (e.g., VPN, ACLs).\n\u003c/li\u003e\u003cli\u003eAvoid exposing administrative APIs to the public internet.\n\u003c/li\u003e\u003cli\u003eEnforce strong authentication practices.\n\u003c/li\u003e\u003cli\u003eMonitor for anomalous API activity and unexpected device reboots.\u003c/li\u003e"
                }
              ],
              "value": "*  Restrict management interfaces to trusted networks (e.g., VPN, ACLs).\n\n  *  Avoid exposing administrative APIs to the public internet.\n\n  *  Enforce strong authentication practices.\n\n  *  Monitor for anomalous API activity and unexpected device reboots."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-38059",
        "datePublished": "2026-07-10T14:11:42.152Z",
        "dateReserved": "2026-04-06T08:25:37.731Z",
        "dateUpdated": "2026-07-10T17:00:27.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-38057 (GCVE-0-2026-38057)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:11 – Updated: 2026-07-10 17:00
    VLAI
    Title
    ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery
    Summary
    The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    ST Engineering iDirect Evolution iQ‑Series terminals Affected: 0 , ≤ 4.5.2.1 (custom)
    Unaffected: 4.5.2.2
    Create a notification for this product.
    ST Engineering iDirect 3315-Series Affected: 0 , ≤ 4.5.2.1 (custom)
    Unaffected: 4.5.2.2
    Create a notification for this product.
    ST Engineering iDirect 9-Series Terminals Affected: 0 , ≤ 4.5.2.1 (custom)
    Unaffected: 4.5.2.2
    Create a notification for this product.
    Date Public
    2026-07-02 17:00
    Credits
    Ahmed Alqahtani of Aramco reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-38057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T16:22:04.408644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:34.681Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Evolution iQ\u2011Series terminals",
              "vendor": "ST Engineering iDirect",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "4.5.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "3315-Series",
              "vendor": "ST Engineering iDirect",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "4.5.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "9-Series Terminals",
              "vendor": "ST Engineering iDirect",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "4.5.2.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ahmed Alqahtani of Aramco reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-07-02T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition."
                }
              ],
              "value": "The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site request forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:11:15.829Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01"
            },
            {
              "url": "https://support.idirect.net/s/login"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.\n\u003cbr\u003e\n\u003cbr\u003eRegistered users are able to download patches from the iDirect Support Portal \u003ca href=\"https://support.idirect.net/s/login\"\u003ehttps://support.idirect.net/s/login\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.\n\n\n\nRegistered users are able to download patches from the iDirect Support Portal  https://support.idirect.net/s/login"
            }
          ],
          "source": {
            "advisory": "ICSA-26-183-01",
            "discovery": "EXTERNAL"
          },
          "title": "ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eRestrict management interfaces to trusted networks (e.g., VPN, ACLs).\n\u003c/li\u003e\u003cli\u003eAvoid exposing administrative APIs to the public internet.\n\u003c/li\u003e\u003cli\u003eEnforce strong authentication practices.\n\u003c/li\u003e\u003cli\u003eMonitor for anomalous API activity and unexpected device reboots.\n\n\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Restrict management interfaces to trusted networks (e.g., VPN, ACLs).\n\n  *  Avoid exposing administrative APIs to the public internet.\n\n  *  Enforce strong authentication practices.\n\n  *  Monitor for anomalous API activity and unexpected device reboots."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-38057",
        "datePublished": "2026-07-10T14:11:15.829Z",
        "dateReserved": "2026-04-06T08:25:37.731Z",
        "dateUpdated": "2026-07-10T17:00:34.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49033 (GCVE-0-2026-49033)

    Vulnerability from cvelistv5 – Published: 2026-07-07 21:53 – Updated: 2026-07-08 13:08
    VLAI
    Title
    Stack-Based Buffer Overflow in Labcenter Proteus
    Summary
    The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Labcenter Proteus Affected: 9.1_SP4_Build-42914
    Create a notification for this product.
    Credits
    Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:07:42.514792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:08:40.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Proteus",
              "vendor": "Labcenter",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1_SP4_Build-42914"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code."
                }
              ],
              "value": "The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T21:53:38.630Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLabcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.\u003c/p\u003e\u003cp\u003eIf you have questions or need help please contact Labcenter or your local distributor.\u003c/p\u003e"
                }
              ],
              "value": "Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.\n\n\n\nIf you have questions or need help please contact Labcenter or your local distributor."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack-Based Buffer Overflow in Labcenter Proteus",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-49033",
        "datePublished": "2026-07-07T21:53:38.630Z",
        "dateReserved": "2026-06-03T15:40:50.740Z",
        "dateUpdated": "2026-07-08T13:08:40.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42958 (GCVE-0-2026-42958)

    Vulnerability from cvelistv5 – Published: 2026-07-07 21:52 – Updated: 2026-07-08 13:05
    VLAI
    Title
    Use After Free in Labcenter Proteus
    Summary
    The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Labcenter Proteus Affected: 9.1_SP4_Build-42914
    Create a notification for this product.
    Credits
    Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:04:58.767504Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:05:45.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Proteus",
              "vendor": "Labcenter",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1_SP4_Build-42914"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T21:52:25.406Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLabcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.\u003c/p\u003e\u003cp\u003eIf you have questions or need help please contact Labcenter or your local distributor.\u003c/p\u003e"
                }
              ],
              "value": "Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.\n\n\n\nIf you have questions or need help please contact Labcenter or your local distributor."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use After Free in Labcenter Proteus",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-42958",
        "datePublished": "2026-07-07T21:52:25.406Z",
        "dateReserved": "2026-06-03T15:40:50.731Z",
        "dateUpdated": "2026-07-08T13:05:45.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42953 (GCVE-0-2026-42953)

    Vulnerability from cvelistv5 – Published: 2026-07-07 21:39 – Updated: 2026-07-08 13:03
    VLAI
    Title
    Out-of-bounds write in Labcenter Proteus
    Summary
    The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Labcenter Proteus Affected: 9.1_SP4_Build-42914
    Create a notification for this product.
    Credits
    Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:03:43.706198Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:03:58.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Proteus",
              "vendor": "Labcenter",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1_SP4_Build-42914"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution."
                }
              ],
              "value": "The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T21:39:04.839Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLabcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.\u003c/p\u003e\u003cp\u003eIf you have questions or need help please contact Labcenter or your local distributor.\u003c/p\u003e"
                }
              ],
              "value": "Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.\n\n\n\nIf you have questions or need help please contact Labcenter or your local distributor."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds write in Labcenter Proteus",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-42953",
        "datePublished": "2026-07-07T21:39:04.839Z",
        "dateReserved": "2026-06-03T15:40:50.751Z",
        "dateUpdated": "2026-07-08T13:03:58.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54477 (GCVE-0-2026-54477)

    Vulnerability from cvelistv5 – Published: 2026-07-02 23:52 – Updated: 2026-07-06 15:43
    VLAI
    Title
    Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax
    Summary
    The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gardyn Gardyn Home Firmware Affected: 0 , < master.627 (custom)
    Create a notification for this product.
    Gardyn Gardyn Studio Firmware Affected: 0 , < master.627 (custom)
    Create a notification for this product.
    Gardyn Gardyn Cloud API Affected: 0 , < 2.12.2026 (custom)
    Create a notification for this product.
    Credits
    Michael Groberman reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:43:33.847762Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:43:39.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Home Firmware",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "master.627",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Studio Firmware",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "master.627",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Cloud API",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "2.12.2026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Groberman reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eThe admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.\u003c/span\u003e"
                }
              ],
              "value": "The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T23:52:49.505Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://mygardyn.com/security/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eGardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.\u003c/span\u003e"
                }
              ],
              "value": "Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities."
            }
          ],
          "source": {
            "advisory": "ICSA-26-183-03",
            "discovery": "EXTERNAL"
          },
          "title": "Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eGardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther information on Gardyn security can be found here:\u0026nbsp;\u003ca href=\"https://mygardyn.com/security/\"\u003ehttps://mygardyn.com/security/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther customer support can be obtained from Gardyn at:\u0026nbsp;\u003ca href=\"mailto:support@mygardyn.com\"\u003esupport@mygardyn.com\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\n\nFurther information on Gardyn security can be found here:\u00a0 https://mygardyn.com/security/ \n\n\n\n\nFurther customer support can be obtained from Gardyn at:\u00a0 support@mygardyn.com mailto:support@mygardyn.com"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-54477",
        "datePublished": "2026-07-02T23:52:49.505Z",
        "dateReserved": "2026-06-22T15:47:37.782Z",
        "dateUpdated": "2026-07-06T15:43:39.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55726 (GCVE-0-2026-55726)

    Vulnerability from cvelistv5 – Published: 2026-07-02 23:49 – Updated: 2026-07-06 15:44
    VLAI
    Title
    Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Summary
    The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gardyn Gardyn Home Firmware Affected: 0 , < master.627 (custom)
    Create a notification for this product.
    Gardyn Gardyn Studio Firmware Affected: 0 , < master.627 (custom)
    Create a notification for this product.
    Gardyn Gardyn Cloud API Affected: 0 , < 2.12.2026 (custom)
    Create a notification for this product.
    Credits
    Michael Groberman reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55726",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:44:11.035924Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:44:18.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Home Firmware",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "master.627",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Studio Firmware",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "master.627",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Cloud API",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "2.12.2026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Groberman reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eThe Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.\u003c/span\u003e"
                }
              ],
              "value": "The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T23:49:11.192Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://mygardyn.com/security/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eGardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.\u003c/span\u003e"
                }
              ],
              "value": "Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities."
            }
          ],
          "source": {
            "advisory": "ICSA-26-183-03",
            "discovery": "EXTERNAL"
          },
          "title": "Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eGardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther information on Gardyn security can be found here:\u0026nbsp;\u003ca href=\"https://mygardyn.com/security/\"\u003ehttps://mygardyn.com/security/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther customer support can be obtained from Gardyn at:\u0026nbsp;\u003ca href=\"mailto:support@mygardyn.com\"\u003esupport@mygardyn.com\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\n\nFurther information on Gardyn security can be found here:\u00a0 https://mygardyn.com/security/ \n\n\n\n\nFurther customer support can be obtained from Gardyn at:\u00a0 support@mygardyn.com mailto:support@mygardyn.com"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-55726",
        "datePublished": "2026-07-02T23:49:11.192Z",
        "dateReserved": "2026-06-22T15:47:37.778Z",
        "dateUpdated": "2026-07-06T15:44:18.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13768 (GCVE-0-2026-13768)

    Vulnerability from cvelistv5 – Published: 2026-07-02 23:40 – Updated: 2026-07-06 14:51
    VLAI
    Title
    Gardyn IoT Hub Use of Hard-coded Credentials
    Summary
    Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gardyn Gardyn Home Firmware Affected: 0 , < master.627 (custom)
    Create a notification for this product.
    Gardyn Gardyn Studio Firmware Affected: 0 , < master.627 (custom)
    Create a notification for this product.
    Gardyn Gardyn Cloud API Affected: 0 , < 2.12.2026 (custom)
    Create a notification for this product.
    Credits
    Michael Groberman reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13768",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T14:51:18.483755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T14:51:30.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Home Firmware",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "master.627",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Studio Firmware",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "master.627",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gardyn Cloud API",
              "vendor": "Gardyn",
              "versions": [
                {
                  "lessThan": "2.12.2026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Groberman reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eGardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user\u0027s network.\u003c/span\u003e"
                }
              ],
              "value": "Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user\u0027s network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T23:40:32.780Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://mygardyn.com/security/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eGardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.\u003c/span\u003e"
                }
              ],
              "value": "Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities."
            }
          ],
          "source": {
            "advisory": "ICSA-26-183-03",
            "discovery": "EXTERNAL"
          },
          "title": "Gardyn IoT Hub Use of Hard-coded Credentials",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eGardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther information on Gardyn security can be found here:\u0026nbsp;\u003ca href=\"https://mygardyn.com/security/\"\u003ehttps://mygardyn.com/security/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther customer support can be obtained from Gardyn at:\u0026nbsp;\u003ca href=\"mailto:support@mygardyn.com\"\u003esupport@mygardyn.com\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\n\nFurther information on Gardyn security can be found here:\u00a0 https://mygardyn.com/security/ \n\n\n\n\nFurther customer support can be obtained from Gardyn at:\u00a0 support@mygardyn.com mailto:support@mygardyn.com"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-13768",
        "datePublished": "2026-07-02T23:40:32.780Z",
        "dateReserved": "2026-06-29T20:16:52.293Z",
        "dateUpdated": "2026-07-06T14:51:30.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13743 (GCVE-0-2026-13743)

    Vulnerability from cvelistv5 – Published: 2026-07-02 18:35 – Updated: 2026-07-02 19:07
    VLAI
    Title
    Improper verification of cryptographic signature in CubeSpace CW0057 Reaction Wheel
    Summary
    CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper verification of cryptographic signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    CubeSpace CW0057 Reaction Wheel Affected: 0 , < 5.0.20 (custom)
    Create a notification for this product.
    Credits
    Anthony Rose reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T19:07:29.852399Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T19:07:38.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CW0057 Reaction Wheel",
              "vendor": "CubeSpace",
              "versions": [
                {
                  "lessThan": "5.0.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anthony Rose reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper verification of cryptographic signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T18:35:26.637Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed\u2011boot functionality, particularly the fully immutable mode, to achieve full security.\u003c/p\u003e\u003cp\u003eCubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, CubeSpace offers optional cryptographic secure boot of varying security levels which customers can enable. Given the physical-access prerequisite and the availability of recovery, CubeSpace assesses the practical risk as low.\u003c/p\u003e"
                }
              ],
              "value": "CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed\u2011boot functionality, particularly the fully immutable mode, to achieve full security.\n\n\n\nCubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, CubeSpace offers optional cryptographic secure boot of varying security levels which customers can enable. Given the physical-access prerequisite and the availability of recovery, CubeSpace assesses the practical risk as low."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper verification of cryptographic signature in CubeSpace CW0057 Reaction Wheel",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-13743",
        "datePublished": "2026-07-02T18:35:26.637Z",
        "dateReserved": "2026-06-29T15:29:03.049Z",
        "dateUpdated": "2026-07-02T19:07:38.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50110 (GCVE-0-2026-50110)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:54 – Updated: 2026-07-01 12:40
    VLAI
    Title
    Use of Hard-coded Credentials in StoneFly Storage Concentrator
    Summary
    Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    StoneFly Storage Concentrator Affected: 0 , < 8.0.4.26 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    StoneFly Storage Concentrator Virtual Machine Affected: 0 , < 8.0.4.26 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    Credits
    David Yesland of Rhino Security Labs reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:40:14.001824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:40:24.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator Virtual Machine",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "David Yesland of Rhino Security Labs reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Storage Concentrator (SC \u0026amp; SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Storage Concentrator (SC \u0026 SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:54:42.362Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"
            },
            {
              "url": "https://stonefly.com/contact-us/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
                }
              ],
              "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eFor additional questions or support, users may contact StoneFly at\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://stonefly.com/contact-us/\"\u003ehttps://stonefly.com/contact-us/\u003c/a\u003e"
                }
              ],
              "value": "For additional questions or support, users may contact StoneFly at\u00a0 https://stonefly.com/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-26-181-06",
            "discovery": "EXTERNAL"
          },
          "title": "Use of Hard-coded Credentials in StoneFly Storage Concentrator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-50110",
        "datePublished": "2026-06-30T22:54:42.362Z",
        "dateReserved": "2026-06-22T20:13:36.505Z",
        "dateUpdated": "2026-07-01T12:40:24.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56413 (GCVE-0-2026-56413)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:50 – Updated: 2026-07-01 12:41
    VLAI
    Title
    OS Command Injection in StoneFly Storage Concentrator
    Summary
    Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    Impacted products
    Vendor Product Version
    StoneFly Storage Concentrator Affected: 0 , < 8.0.4.29 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    StoneFly Storage Concentrator Virtual Machine Affected: 0 , < 8.0.4.29 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    Credits
    David Yesland of Rhino Security Labs reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:40:59.123367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:41:07.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator Virtual Machine",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "David Yesland of Rhino Security Labs reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Storage Concentrator (SC \u0026amp; SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Storage Concentrator (SC \u0026 SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:50:58.131Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"
            },
            {
              "url": "https://stonefly.com/contact-us/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
                }
              ],
              "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
            }
          ],
          "source": {
            "advisory": "ICSA-26-181-06",
            "discovery": "EXTERNAL"
          },
          "title": "OS Command Injection in StoneFly Storage Concentrator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-56413",
        "datePublished": "2026-06-30T22:50:58.131Z",
        "dateReserved": "2026-06-22T20:13:36.509Z",
        "dateUpdated": "2026-07-01T12:41:07.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56415 (GCVE-0-2026-56415)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:40 – Updated: 2026-07-01 12:42
    VLAI
    Title
    OS Command Injection in StoneFly Storage Concentrator
    Summary
    Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    Impacted products
    Vendor Product Version
    Stonefly Storage Concentrator Affected: 0 , < 8.0.4.22 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    Stonefly Storage Concentrator Virtual Machine Affected: 0 , < 8.0.4.22 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    Credits
    David Yesland of Rhino Security Labs reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56415",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:41:54.108940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:42:03.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator",
              "vendor": "Stonefly",
              "versions": [
                {
                  "lessThan": "8.0.4.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator Virtual Machine",
              "vendor": "Stonefly",
              "versions": [
                {
                  "lessThan": "8.0.4.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "David Yesland of Rhino Security Labs reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Storage Concentrator (SC \u0026amp; SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Storage Concentrator (SC \u0026 SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:40:55.582Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"
            },
            {
              "url": "https://stonefly.com/contact-us/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
                }
              ],
              "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eFor additional questions or support, users may contact StoneFly at\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://stonefly.com/contact-us/\"\u003ehttps://stonefly.com/contact-us/\u003c/a\u003e"
                }
              ],
              "value": "For additional questions or support, users may contact StoneFly at\u00a0 https://stonefly.com/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-26-181-06",
            "discovery": "EXTERNAL"
          },
          "title": "OS Command Injection in StoneFly Storage Concentrator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-56415",
        "datePublished": "2026-06-30T22:40:55.582Z",
        "dateReserved": "2026-06-22T20:13:36.516Z",
        "dateUpdated": "2026-07-01T12:42:03.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55721 (GCVE-0-2026-55721)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:36 – Updated: 2026-07-01 15:35
    VLAI
    Title
    SQL Injection in StoneFly Storage Concentrator
    Summary
    Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    Impacted products
    Vendor Product Version
    StoneFly Storage Concentrator Affected: 0 , < 8.0.4.22 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    StoneFly Storage Concentrator Virtual Machine Affected: 0 , < 8.0.4.22 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    Credits
    David Yesland of Rhino Security Labs reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:35:12.509357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:35:19.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator Virtual Machine",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "David Yesland of Rhino Security Labs reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Storage Concentrator (SC \u0026amp; SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Storage Concentrator (SC \u0026 SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:36:22.639Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"
            },
            {
              "url": "https://stonefly.com/contact-us/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
                }
              ],
              "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eFor additional questions or support, users may contact StoneFly at\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://stonefly.com/contact-us/\"\u003ehttps://stonefly.com/contact-us/\u003c/a\u003e"
                }
              ],
              "value": "For additional questions or support, users may contact StoneFly at\u00a0 https://stonefly.com/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-26-181-06",
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection in StoneFly Storage Concentrator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-55721",
        "datePublished": "2026-06-30T22:36:22.639Z",
        "dateReserved": "2026-06-22T20:13:36.520Z",
        "dateUpdated": "2026-07-01T15:35:19.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50040 (GCVE-0-2026-50040)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:27 – Updated: 2026-07-01 15:35
    VLAI
    Title
    Cross-site Scripting in StoneFly Storage Concentrator
    Summary
    Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    StoneFly Storage Concentrator Affected: 0 , < 8.0.4.22 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    StoneFly Storage Concentrator Virtual Machine Affected: 0 , < 8.0.4.22 (custom)
    Unaffected: 8.0.4.29
    Create a notification for this product.
    Credits
    David Yesland of Rhino Security Labs reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:35:51.069641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:35:58.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Storage Concentrator Virtual Machine",
              "vendor": "StoneFly",
              "versions": [
                {
                  "lessThan": "8.0.4.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.0.4.29"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "David Yesland of Rhino Security Labs reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Storage Concentrator (SC \u0026amp; SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim\u0027s browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim.\u0026nbsp;\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Storage Concentrator (SC \u0026 SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim\u0027s browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:27:37.001Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"
            },
            {
              "url": "https://stonefly.com/contact-us/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
                }
              ],
              "value": "StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eFor additional questions or support, users may contact StoneFly at \u003ca href=\"https://stonefly.com/contact-us/\"\u003ehttps://stonefly.com/contact-us/\u003c/a\u003e.\u003c/span\u003e"
                }
              ],
              "value": "For additional questions or support, users may contact StoneFly at  https://stonefly.com/contact-us/ ."
            }
          ],
          "source": {
            "advisory": "ICSA-26-181-06",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting in StoneFly Storage Concentrator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-50040",
        "datePublished": "2026-06-30T22:27:37.001Z",
        "dateReserved": "2026-06-22T20:13:36.524Z",
        "dateUpdated": "2026-07-01T15:35:58.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50003 (GCVE-0-2026-50003)

    Vulnerability from cvelistv5 – Published: 2026-06-30 21:27 – Updated: 2026-07-01 15:39
    VLAI
    Title
    OFFIS DCMTK Toolkit Path Traversal
    Summary
    A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    OFFIS DICOM DCMTK Toolkit Affected: 0 , ≤ 3.7.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-30 17:20
    Credits
    Abhinav Agarwal reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:39:16.620122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:39:24.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DCMTK Toolkit",
              "vendor": "OFFIS DICOM",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abhinav Agarwal reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-06-30T17:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths."
                }
              ],
              "value": "A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:27:42.468Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://github.com/DCMTK/dcmtk/releases/tag/latest"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\u003cbr\u003e\u003ca href=\"https://github.com/DCMTK/dcmtk/releases/tag/latest\"\u003ehttps://github.com/DCMTK/dcmtk/releases/tag/latest\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\n\u003cspan\u003eUsers are recommended to download the latest GitHub release once it becomes available.\u003c/span\u003e\n\n\u003c/p\u003e"
                }
              ],
              "value": "The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\n https://github.com/DCMTK/dcmtk/releases/tag/latest \n\n\n\n\nUsers are recommended to download the latest GitHub release once it becomes available."
            }
          ],
          "source": {
            "advisory": "ICSMA-26-181-01",
            "discovery": "EXTERNAL"
          },
          "title": "OFFIS DCMTK Toolkit Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-50003",
        "datePublished": "2026-06-30T21:27:42.468Z",
        "dateReserved": "2026-06-22T17:03:25.968Z",
        "dateUpdated": "2026-07-01T15:39:24.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50254 (GCVE-0-2026-50254)

    Vulnerability from cvelistv5 – Published: 2026-06-30 21:14 – Updated: 2026-07-01 15:40
    VLAI
    Title
    OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime
    Summary
    An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    Impacted products
    Vendor Product Version
    OFFIS DICOM DCMTK Toolkit Affected: 0 , ≤ 3.7.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-30 17:20
    Credits
    Abhinav Agarwal reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:39:45.101630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:40:16.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DCMTK Toolkit",
              "vendor": "OFFIS DICOM",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abhinav Agarwal reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-06-30T17:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it."
                }
              ],
              "value": "An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:14:01.154Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://github.com/DCMTK/dcmtk/releases/tag/latest"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003ca href=\"https://github.com/DCMTK/dcmtk/releases/tag/latest\"\u003ehttps://github.com/DCMTK/dcmtk/releases/tag/latest\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003eUsers are recommended to download the latest GitHub release once it becomes available."
                }
              ],
              "value": "The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\n\n https://github.com/DCMTK/dcmtk/releases/tag/latest \n\n\n\n\nUsers are recommended to download the latest GitHub release once it becomes available."
            }
          ],
          "source": {
            "advisory": "ICSMA-26-181-01",
            "discovery": "EXTERNAL"
          },
          "title": "OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-50254",
        "datePublished": "2026-06-30T21:14:01.154Z",
        "dateReserved": "2026-06-22T17:03:25.973Z",
        "dateUpdated": "2026-07-01T15:40:16.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35505 (GCVE-0-2026-35505)

    Vulnerability from cvelistv5 – Published: 2026-06-30 21:09 – Updated: 2026-07-01 15:40
    VLAI
    Title
    OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime
    Summary
    An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    Impacted products
    Vendor Product Version
    OFFIS DICOM DCMTK Toolkit Affected: 0 , ≤ 3.7.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-30 17:20
    Credits
    Abhinav Agarwal reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35505",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:40:45.424281Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:40:53.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DCMTK Toolkit",
              "vendor": "OFFIS DICOM",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abhinav Agarwal reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-06-30T17:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart."
                }
              ],
              "value": "An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:09:46.797Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://github.com/DCMTK/dcmtk/releases/tag/latest"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\u003cbr\u003e\u003ca href=\"https://github.com/DCMTK/dcmtk/releases/tag/latest\"\u003ehttps://github.com/DCMTK/dcmtk/releases/tag/latest\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\n https://github.com/DCMTK/dcmtk/releases/tag/latest"
            }
          ],
          "source": {
            "advisory": "ICSMA-26-181-01",
            "discovery": "EXTERNAL"
          },
          "title": "OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-35505",
        "datePublished": "2026-06-30T21:09:46.797Z",
        "dateReserved": "2026-06-22T17:03:25.976Z",
        "dateUpdated": "2026-07-01T15:40:53.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-52868 (GCVE-0-2026-52868)

    Vulnerability from cvelistv5 – Published: 2026-06-30 21:06 – Updated: 2026-07-01 15:41
    VLAI
    Title
    OFFIS DCMTK Toolkit Path Traversal
    Summary
    An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    OFFIS DICOM DCMTK Toolkit Affected: 0 , ≤ 3.7.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-30 17:20
    Credits
    Abhinav Agarwal reported this vulnerability to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-52868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:41:16.866491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:41:24.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DCMTK Toolkit",
              "vendor": "OFFIS DICOM",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abhinav Agarwal reported this vulnerability to CISA"
            }
          ],
          "datePublic": "2026-06-30T17:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation."
                }
              ],
              "value": "An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:06:36.568Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://github.com/DCMTK/dcmtk/releases/tag/latest"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\u003cbr\u003e\u003ca href=\"https://github.com/DCMTK/dcmtk/releases/tag/latest\"\u003ehttps://github.com/DCMTK/dcmtk/releases/tag/latest\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot:\n https://github.com/DCMTK/dcmtk/releases/tag/latest"
            }
          ],
          "source": {
            "advisory": "ICSMA-26-181-01",
            "discovery": "EXTERNAL"
          },
          "title": "OFFIS DCMTK Toolkit Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-52868",
        "datePublished": "2026-06-30T21:06:36.568Z",
        "dateReserved": "2026-06-22T17:03:25.979Z",
        "dateUpdated": "2026-07-01T15:41:24.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }