CISA and Canadian Cyber Centre Advisories Highlight Multiple ICS and Enterprise Vulnerabilities
The Canadian Centre for Cyber Security issued multiple advisories summarizing vendor and CISA disclosures from Feb 9–15, urging organizations to patch widely used platforms. This included Linux kernel fixes across supported Ubuntu releases (16.04 through 25.10) and a broad set of Dell and IBM product updates affecting backup/DR, infrastructure, and automation/transaction systems (e.g., Dell Avamar/NetWorker/PowerEdge/IDPA/iDRAC Service Module and IBM Business Automation Workflow, Operational Decision Manager, Sterling components, webMethods Integration, and others).
CISA also published ICS advisories covering several industrial products with potentially high-impact outcomes. Siemens Simcenter Femap and Nastran were reported vulnerable to multiple NDB/XDB file-parsing issues (CVE-2026-23715 through CVE-2026-23720) that can be triggered via malicious files and may lead to crashes or arbitrary code execution (CVSS 7.8), with Siemens recommending upgrades. GE Vernova Enervista UR Setup versions < 8.70 were reported vulnerable to DLL hijacking and path traversal (CVE-2026-1762, CVE-2026-1763; CVSS 7.8), potentially enabling elevated code execution. Separately, CISA advisory ICSA-26-043-10 described a critical unauthenticated remote code execution risk in Airleader Master <= 6.381 due to an unrestricted file upload flaw (CVE-2026-1358; CVSS 9.8); CISA noted no known public exploits at the time and recommended exposure reduction measures such as network segmentation and restricting internet access to control systems.
Timeline
Feb 17, 2026
Canadian Centre for Cyber Security summarizes recent CISA ICS advisories
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-134 summarizing CISA ICS advisories issued the prior week for multiple industrial vendors. The notice recommended reviewing the linked advisories, implementing mitigations, and applying available updates.
Feb 17, 2026
Canadian Centre for Cyber Security issues Ubuntu advisory notice
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-133 about Ubuntu's recent Linux kernel security notices. The notice directed administrators to review the referenced Ubuntu advisories and deploy updates for affected supported releases.
Feb 17, 2026
Canadian Centre for Cyber Security issues Dell advisory notice
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-132 summarizing Dell's recent security advisories and recommending that users consult Dell's guidance and remediate affected systems. The notice covered a broad range of Dell and Dell EMC products.
Feb 17, 2026
Canadian Centre for Cyber Security issues IBM advisory notice
On 2026-02-17, the Canadian Centre for Cyber Security published advisory AV26-131 summarizing IBM's recent security advisories and urging organizations to apply the necessary updates. The notice highlighted affected enterprise software and integration products across IBM's portfolio.
Feb 17, 2026
CISA publishes GE Vernova Enervista UR Setup advisory
On 2026-02-17, CISA published advisory ICSA-26-048-03 for two local vulnerabilities in GE Vernova Enervista UR Setup versions prior to 8.70: a DLL hijacking issue in the installer and a directory traversal flaw in firmware update file handling. CISA said the issues were not remotely exploitable and that no public exploitation had been reported.
Feb 17, 2026
CISA republishes Siemens Simcenter vulnerability advisory
On 2026-02-17, CISA published advisory ICSA-26-048-01 covering multiple file-parsing vulnerabilities in Siemens Simcenter Femap and Simcenter Nastran versions earlier than 2512. Siemens had released updated versions, and the flaws could cause crashes or potentially arbitrary code execution when a user opens a crafted NDB or XDB file.
Feb 15, 2026
CISA publishes multiple ICS advisories for OT vendors
Between 2026-02-09 and 2026-02-15, CISA published multiple ICS advisories covering products from AVEVA, Airleader GmbH, Hitachi Energy, Siemens, Yokogawa, ZLAN Information Technology Co., and ZOLL. The notices included vulnerabilities affecting multiple product lines, including Siemens SINEC NMS issues CVE-2026-25655 and CVE-2026-25656.
Feb 12, 2026
CISA issues advisory for Airleader Master RCE flaw
On 2026-02-12, CISA published ICS advisory ICSA-26-043-10 for CVE-2026-1358, a critical unrestricted file upload vulnerability in Airleader Master up to version 6.381. The flaw could allow unauthenticated remote code execution on vulnerable servers and systems, though no public exploitation was known at the time.
Feb 9, 2026
Ubuntu publishes Linux kernel security notices
Between 2026-02-09 and 2026-02-15, Ubuntu published multiple security notices to address Linux kernel vulnerabilities affecting releases from 16.04 LTS through 25.10. Administrators were advised to review the referenced Ubuntu Security Notices and apply the required updates.
Feb 9, 2026
Dell publishes multiple security advisories
Between 2026-02-09 and 2026-02-15, Dell issued multiple advisories for vulnerabilities affecting products such as Avamar, NetWorker, iDRAC Service Module, Dell Update Package Framework, PowerEdge systems, and several appliance and private cloud offerings. The advisories included fixed-version guidance for remediation.
Feb 9, 2026
IBM publishes multiple product security advisories
Between 2026-02-09 and 2026-02-15, IBM released multiple security advisories covering vulnerabilities in products including Business Automation Workflow, Concert Software, Financial Transaction Manager, Operational Decision Manager, Sterling products, webMethods components, and z/Transaction Processing Facility. The Canadian Centre for Cyber Security later urged administrators to review IBM's notices and apply updates.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
2 more from sources like cisa advisories and cyber security news
Related Stories
CISA ICS Advisories Highlight Multiple High-Impact Vulnerabilities Across Industrial and IoT Products
CISA published multiple Industrial Control Systems (ICS) advisories detailing vulnerabilities across a range of OT and connected-device products, including **critical** issues in *AVEVA Process Optimization* (multiple CVEs) that could enable unauthenticated **remote code execution**, SQL injection, privilege escalation, and sensitive data exposure in affected versions (<=2024.1). Additional advisories describe flaws in several **Siemens** product lines, including a DoS condition in **SIMATIC/SIPLUS ET 200** components triggered via an S7 protocol disconnect request (`CVE-2025-40944`), a TLS certificate upload input-validation issue that can crash/reboot **RUGGEDCOM ROS** devices (`CVE-2025-40935`), a local privilege escalation in **TeleControl Server Basic** prior to V3.1.2.4 (`CVE-2025-40942`), and multiple issues in **SINEC Security Monitor** (including improper authorization in `ssmctl-client` file transfer and report-generation DoS; `CVE-2025-40830`, `CVE-2025-40831`). CISA also noted vulnerabilities affecting **Siemens Industrial Edge** ecosystems, including an authorization bypass in the **Industrial Edge Device Kit** (`CVE-2025-40805`) and authentication enforcement weaknesses on specific API endpoints in **Industrial Edge Devices** that could allow impersonation if an attacker knows a legitimate user identity. Other CISA advisories covered **Schneider Electric EcoStruxure Power Build Rapsody** (`CVE-2025-13844`), where importing a malicious project file (SSD) could trigger memory corruption (e.g., double free/use-after-free) and potentially arbitrary code execution, and **Rockwell Automation FactoryTalk DataMosaix Private Cloud** (`CVE-2025-12807`), where low-privilege users could perform sensitive database operations via exposed API endpoints (SQL injection class). Separately, CISA warned about **YoSmart/YoLink** weaknesses (multiple CVEs) including insufficient authorization controls in the MQTT broker enabling cross-account device control when device IDs are obtained (with IDs described as predictable), plus additional issues such as cleartext transmission and predictable identifiers. A non-CISA item in the set reported Cisco releasing updates for a max-severity **AsyncOS** vulnerability under active exploitation (`CVE-2025-20393`) affecting *Secure Email Gateway* and *Secure Email and Web Manager* appliances, including evidence of attacker-installed persistence and attribution by Cisco Talos to **UAT-9686**; this is a separate enterprise email-security incident and not part of the ICS advisory set.
1 months ago
Multiple Security Advisories for Enterprise and Industrial Products
Several major vendors, including Dell, IBM, and CISA, have released security advisories addressing vulnerabilities in a wide range of enterprise and industrial control system products. Dell's advisories cover critical updates for products such as APEX Cloud Platform for Red Hat OpenShift, Enterprise SONiC Distribution, NetWorker, PowerSwitch models, and iDRAC controllers, urging administrators to apply patches to mitigate potential risks. IBM has similarly published advisories for multiple products, while CISA has issued alerts for vulnerabilities in industrial control systems from vendors like ABB, Advantech, Delta Electronics, Fuji Electric, IDIS, Radiometrics, Survision, and Ubia, recommending prompt mitigation and updates. In addition to these broad advisories, a critical denial-of-service vulnerability (CVE-2024-20399) was identified in Cisco's Identity Services Engine (ISE), which could allow unauthenticated attackers to crash network access control systems by exploiting the RADIUS protocol. Cisco has provided both temporary and permanent mitigation steps for affected versions. Separately, CISA added a Samsung Mobile Devices out-of-bounds write vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risk posed by actively exploited flaws and urging organizations to prioritize remediation to protect against cyber threats.
1 months ago
Siemens Issues Security Updates for Multiple Industrial and Engineering Products
**Siemens published security advisories for multiple products**, prompting both CISA ICS advisories and a Canadian Centre for Cyber Security alert covering a broad set of affected industrial/engineering software and OT-adjacent components. Reported issues include a **stored XSS** in *Siemens Polarion* (CVE-2025-40587; CVSS 7.6) where authenticated users can inject JavaScript via crafted document titles, and **local privilege escalation** paths in *Siemens SINEC NMS* and its *User Management Component (UMC)* (CVE-2026-25655, CVE-2026-25656; CVSS 7.8) that allow low-privileged users to modify configuration/search paths to load malicious DLLs and potentially gain elevated execution (including SYSTEM-level impact). Siemens also addressed a **missing authorization** condition affecting *Siveillance Video Management Servers* Webhooks/MIP Webhooks API (CVSS 6.3), enabling a read-only user to obtain full API access. Additional advisories cover file-parsing and third-party component risks that can lead to crashes or potential code execution. *Siemens NX* is affected by multiple **CGM file parsing** flaws (CVE-2026-22923/22924/22925; CVSS 7.8) that can be triggered when a user opens a malicious file, and *Siemens Solid Edge* includes an **out-of-bounds read** in the PS/IGES Parasolid translator when processing crafted IGS files (CVSS 7.8). *Desigo CC* and *SENTRON Powermanager* are impacted via the third-party *WIBU Systems CodeMeter Runtime* chain tied to **CVE-2023-38545** (curl SOCKS5 heap overflow; CVSS 8.8), with Siemens providing component update instructions. *Siemens SINEC OS* before V3.3 aggregates a large set of third-party CVEs across supported platforms, and *Siemens COMOS* advisories include multiple issues (up to CVSS 10) spanning potential code execution, DoS, data exposure, and access control violations; Siemens recommends updating where fixes are available and applying countermeasures where they are not yet released.
1 weeks ago