Full Report
[Control systems] CISA ICS security advisories (AV26-134)
Analysis Summary
This summary is based on the Canadian Centre for Cyber Security advisory (AV26-134) dated February 17, 2026, summarizing recent CISA ICS security updates.
# Vulnerability: Multiple Vulnerabilities in Industrial Control Systems (CISA Batch AV26-134)
## CVE Details
*Note: This advisory covers a broad range of vulnerabilities. Key examples mentioned include:*
- **CVE-2026-25655 & CVE-2026-25656:** Siemens SINEC NMS vulnerabilities.
- **Other CVEs:** Please refer to specific CISA advisories for individual impacts (ranging from CVSS 4.0 to 9.8).
- **CVSS Score:** Variable (Low to Critical).
- **CWE:** Commonly includes CWE-20 (Improper Input Validation), CWE-119 (Memory Corruption), and Authorization flaws.
## Affected Systems
- **AVEVA:** PI Data Archive PI Server; PI to CONNECT Agent (prior to v2.4.2520).
- **Airleader GmbH:** Airleader Master (v6.381 and prior).
- **Hitachi Energy:** SuprOS (9.2.1 and prior; 9.2.2.0).
- **Siemens:**
- COMOS (V10.4, V10.5, V10.6).
- Desigo CC family (V6, V7, V8).
- NX (prior to V2512), Polarion (V2404, V2410), Solid Edge (prior to V226.00 U03).
- SENTRON Powermanager, SINEC NMS, SINEC OS.
- Siveillance Video Management Servers.
- **Yokogawa:** FAST/TOOLS (R9.01 to R10.04).
- **ZLAN:** ZLAN5143D (v1.600).
- **ZOLL:** ePCR IOS Mobile Application (v2.6.7).
## Vulnerability Description
This batch represents a wide array of technical flaws across ICS ecosystems, including:
1. **Memory Management Issues:** Found in CAD/Engineering software (Siemens NX/Solid Edge) often triggered by malformed file processing.
2. **Authentication/Authorization Bypass:** Potential flaws in network management tools (SINEC NMS).
3. **Information Disclosure:** Insecure data handling in medical and energy monitoring applications (ZOLL, AVEVA).
4. **Remote Code Execution (RCE):** High-severity flaws in web-based management interfaces (Airleader, ZLAN).
## Exploitation
- **Status:** Most listed vulnerabilities are currently "Not exploited in the wild," though PoCs are often developed shortly after disclosure for memory corruption flaws.
- **Complexity:** Low to Medium.
- **Attack Vector:** Primarily Network (Remote) for management software; Local/File-based for engineering software (NX/Solid Edge).
## Impact
- **Confidentiality:** High (Risk of sensitive industrial data/PII exfiltration).
- **Integrity:** High (Unauthorized configuration changes to energy/grid systems).
- **Availability:** High (Potential for Denial of Service in critical infrastructure controllers).
## Remediation
### Patches
*The following are primary recommended updates:*
- **AVEVA:** Update PI to CONNECT Agent to v2.4.2520 or later.
- **Siemens COMOS:** Update to v10.4.5.0.2 or v10.5.2 respectively.
- **Siemens Desigo/SENTRON:** Update to V8.0 QU2.
- **Siemens SINEC NMS:** Update to V4.0 SP2.
- **Siemens Solid Edge:** Update to V226.00 Update 03.
- **Yokogawa:** Follow vendor-specific patch instructions for R10.04 series.
### Workarounds
- **Network Segmentation:** Isolate ICS/SCADA networks from the business internet.
- **Least Privilege:** Restrict user access to engineering file directories.
- **Disable Unused Services:** Disable web management interfaces if not actively required for operations.
## Detection
- **Indicators of Compromise:** Monitor for unusual administrative login attempts on SINEC NMS and unexpected outbound traffic from Data Archives.
- **Detection Methods:** Deploy ICS-aware IDS signatures. Use file integrity monitoring for engineering project files (STEP, JT, etc.) associated with Siemens NX/Solid Edge.
## References
- **CISA ICS Advisories:** hxxps[://]www[.]cisa[.]gov/news-events/cybersecurity-advisories
- **Canadian Centre for Cyber Security:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-134