Multiple Vendor Security Advisories for Critical Vulnerabilities
Several major technology vendors, including Automated Logic, Emerson, Festo, ICAM365, METZ CONNECT, Opto 22, Schneider Electric, Shelly, Ubuntu, Dell, and IBM, have published security advisories addressing critical vulnerabilities in their products. The Canadian Centre for Cyber Security has highlighted these advisories, urging users and administrators to review the details and apply necessary mitigations and updates. Affected products span industrial control systems, Linux distributions, enterprise storage, backup solutions, and various hardware and software platforms, underscoring the broad impact of these vulnerabilities across sectors.
The advisories cover a range of issues, from multiple vulnerabilities in industrial automation and SCADA systems to kernel-level flaws in all supported Ubuntu LTS and current releases, as well as security weaknesses in Dell's storage and recovery solutions and unspecified IBM products. Organizations are strongly encouraged to consult the official advisories for each vendor and implement recommended patches and mitigations to reduce the risk of exploitation and maintain operational security.
Timeline
Nov 24, 2025
Canadian Centre for Cyber Security posts Ubuntu security advisory AV25-781
On November 24, 2025, the Canadian Centre for Cyber Security published Ubuntu security advisory AV25-781. No synopsis was provided in the reference content.
Nov 24, 2025
Canadian Centre for Cyber Security posts Dell security advisory AV25-779
On November 24, 2025, the Canadian Centre for Cyber Security published Dell security advisory AV25-779. No synopsis was provided in the reference content.
Nov 24, 2025
Canadian Centre for Cyber Security posts IBM security advisory AV25-780
On November 24, 2025, the Canadian Centre for Cyber Security published IBM security advisory AV25-780. No synopsis was provided in the reference content.
Nov 24, 2025
Canadian Centre for Cyber Security republishes CISA ICS advisory roundup
On November 24, 2025, the Canadian Centre for Cyber Security published alert AV25-782 summarizing the CISA ICS advisories released during the prior week and urging organizations to review the notices and apply mitigations. The alert highlighted affected building automation, UPS monitoring, industrial control, camera, and power monitoring products.
Nov 17, 2025
CISA publishes multiple ICS security advisories for industrial and IoT products
Between November 17 and 23, 2025, CISA issued multiple ICS advisories covering vulnerabilities in products from Automated Logic, Emerson, Festo, ICAM365, METZ CONNECT, Opto 22, Schneider Electric, and Shelly. The advisories included recommended mitigations and available updates for affected users and administrators.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Multiple Security Advisories for Enterprise and Industrial Products (Late October–Early November 2025)
Vendors including Hitachi Energy, Schneider Electric, ABB, Ubiquiti, Dell, IBM, Red Hat, Ubuntu, and Microsoft released security advisories between October 27 and November 3, 2025, addressing vulnerabilities across a wide range of enterprise, industrial, and cloud products. Notable advisories include CISA's ICS alerts for control systems, a critical flaw in ABB's PCM600 software (CVE-2018-1002208), a critical vulnerability in Ubiquiti's UniFi Access Application (CVE-2025-52665), and updates for Microsoft Edge, Red Hat Enterprise Linux, Ubuntu LTS versions, and multiple Dell and IBM products. Organizations are urged to review the advisories, apply recommended mitigations, and update affected systems to reduce exposure to exploitation. The advisories highlight vulnerabilities that could allow remote code execution, privilege escalation, or unauthorized access if left unpatched. The Canadian Centre for Cyber Security and CISA emphasize the importance of timely patching and mitigation, especially for products deployed in critical infrastructure and enterprise environments. Administrators should consult the official vendor advisories for detailed remediation steps and monitor for further updates as new vulnerabilities are disclosed and addressed.
1 months ago
Multiple Security Advisories for Enterprise and Industrial Products
Several major vendors, including Dell, IBM, and CISA, have released security advisories addressing vulnerabilities in a wide range of enterprise and industrial control system products. Dell's advisories cover critical updates for products such as APEX Cloud Platform for Red Hat OpenShift, Enterprise SONiC Distribution, NetWorker, PowerSwitch models, and iDRAC controllers, urging administrators to apply patches to mitigate potential risks. IBM has similarly published advisories for multiple products, while CISA has issued alerts for vulnerabilities in industrial control systems from vendors like ABB, Advantech, Delta Electronics, Fuji Electric, IDIS, Radiometrics, Survision, and Ubia, recommending prompt mitigation and updates. In addition to these broad advisories, a critical denial-of-service vulnerability (CVE-2024-20399) was identified in Cisco's Identity Services Engine (ISE), which could allow unauthenticated attackers to crash network access control systems by exploiting the RADIUS protocol. Cisco has provided both temporary and permanent mitigation steps for affected versions. Separately, CISA added a Samsung Mobile Devices out-of-bounds write vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risk posed by actively exploited flaws and urging organizations to prioritize remediation to protect against cyber threats.
1 months ago
CISA and Canadian Cyber Centre Advisories Highlight Multiple ICS and Enterprise Vulnerabilities
The Canadian Centre for Cyber Security issued multiple advisories summarizing vendor and CISA disclosures from Feb 9–15, urging organizations to patch widely used platforms. This included **Linux kernel** fixes across supported Ubuntu releases (16.04 through 25.10) and a broad set of **Dell** and **IBM** product updates affecting backup/DR, infrastructure, and automation/transaction systems (e.g., *Dell Avamar/NetWorker/PowerEdge/IDPA/iDRAC Service Module* and *IBM Business Automation Workflow, Operational Decision Manager, Sterling components, webMethods Integration*, and others). CISA also published ICS advisories covering several industrial products with potentially high-impact outcomes. **Siemens Simcenter Femap and Nastran** were reported vulnerable to multiple `NDB`/`XDB` file-parsing issues (CVE-2026-23715 through CVE-2026-23720) that can be triggered via malicious files and may lead to crashes or **arbitrary code execution** (CVSS 7.8), with Siemens recommending upgrades. **GE Vernova Enervista UR Setup** versions `< 8.70` were reported vulnerable to **DLL hijacking** and **path traversal** (CVE-2026-1762, CVE-2026-1763; CVSS 7.8), potentially enabling elevated code execution. Separately, CISA advisory `ICSA-26-043-10` described a **critical** unauthenticated **remote code execution** risk in **Airleader Master** `<= 6.381` due to an unrestricted file upload flaw (CVE-2026-1358; CVSS 9.8); CISA noted no known public exploits at the time and recommended exposure reduction measures such as network segmentation and restricting internet access to control systems.
1 months ago