Full Report
[Control systems] CISA ICS security advisories (AV26-368)
Analysis Summary
The following summary provides an overview of the Industrial Control Systems (ICS) vulnerabilities reported by CISA for the period of April 13 to 19, 2026.
# Vulnerability: Multiple Managed ICS Product Security Flaws (AV26-368)
## CVE Details
*Note: Specific CVE IDs for these 2026 advisories were not individually detailed in the summary text; however, they relate to the following vendor disclosures:*
- **CVE ID:** Pending (Multiple)
- **CVSS Score:** Varies (Typically ranging from 7.5 High to 9.8 Critical for these product categories)
- **CWE:** Commonly includes CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-287 (Improper Authentication).
## Affected Systems
- **AVEVA:** Pipeline Simulation (v2025_SP1_build_7.1.9497.6351 and prior).
- **Anviz:** CX2 Lite Firmware, CX7 Firmware, and CrossChex Standard (All versions).
- **Delta Electronics:** ASDA-Soft (v7.2.2.0 and prior).
- **Horner Automation:**
- Cscape (v10.0)
- XL4 PLC (v15.60)
- XL7 PLC (v16.32.0)
## Vulnerability Description
The vulnerabilities across these products generally involve flaws that could allow an attacker to execute arbitrary code, cause a Denial of Service (DoS) condition, or bypass security authentication. Specifically, the Horner Automation and Delta Electronics vulnerabilities often relate to how software handles project files or communication protocols, while Anviz vulnerabilities typically involve credential management and firmware integrity.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; however, researchers often release PoCs shortly after CISA disclosure.
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Primary for Anviz/Horner); Local/File-based (Primary for Delta/AVEVA).
## Impact
- **Confidentiality:** High (Risk of data theft and configuration exposure).
- **Integrity:** High (Risk of unauthorized set-point changes or firmware modification).
- **Availability:** High (Risk of operational downtime/PLC hijacking).
## Remediation
### Patches
Users should update to the following versions or newer:
- **AVEVA:** Consult AVEVA Global Customer Support for the latest service pack.
- **Anviz:** Update to the latest firmware versions released in Q2 2026.
- **Delta Electronics:** Update ASDA-Soft to the latest version available on the Delta download center.
- **Horner Automation:** Update Cscape to the latest stable release; apply firmware patches for XL4/XL7 hardware.
### Workarounds
- Isolate ICS/SCADA networks from the business network and the public internet.
- Implement strict firewall rules (ACLs) to limit traffic to authorized engineering workstations only.
- Disable unused services and ports on PLC hardware.
## Detection
- Monitor for unusual network traffic on ports associated with Modbus, EtherNet/IP, or proprietary vendor protocols.
- Check system logs for unauthorized login attempts or unexpected configuration changes.
- Use ICS-aware intrusion detection systems (IDS) to identify malformed packets targeting these specific PLC models.
## References
- CISA ICS Advisories: hxxps[://]www[.]cisa[.]gov/news-events/cybersecurity-advisories
- Canadian Centre for Cyber Security: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-368