Full Report
[Control systems] CISA ICS security advisories (AV26–051)
Analysis Summary
This summary is based only on the provided context, which lists multiple advisories aggregated under one CISA notification number (AV26–051). Since specific CVEs, technical details, and CVSS scores are *not* detailed in the provided text snippet, the sections requiring this specific information will reflect that limitation.
# Vulnerability: CISA ICS Advisories Published (AV26-051 Summary)
## CVE Details
- CVE ID: Not specified in the provided context (Aggregation of multiple advisories)
- CVSS Score: Not specified in the provided context
- CWE: Not specified in the provided context
## Affected Systems
- **Products:**
* AutomationDirect CLICK Programmable Logic Controller (PLC) (Versions C0-0x, C0-1x, C2-x)
* Delta Electronics DIAView (Version 4.2.0)
* EVMAPA (All versions)
* Hubitat Elevation C3/C4/C5/C7/C8/C8 pro (Firmware versions prior to firmware\_2.4.2.157)
* Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool (Version 6.9.7 and prior)
* Rockwell Automation CompactLogix 5370 (Versions 34.013 and prior, 35.012 and prior, 36.011)
* Rockwell Automation Verve Asset Manager (Multiple versions and models)
* Schneider Electric EcoStruxure Foxboro DCS (Multiple versions)
* Schneider Electric EcoStruxure Process Expert (All versions)
* Schneider Electric devices using CODESYS Runtime (Multiple versions and models)
* Weintek cMT X Series HMI EasyWeb Service (Multiple versions and models)
- **Versions:** See product list above.
- **Configurations:** Not specified in the provided context.
## Vulnerability Description
CISA published multiple ICS security advisories between January 19 and 25, 2026, addressing various vulnerabilities across a range of industrial control system and IoT products from AutomationDirect, Delta Electronics, Hubitat, Johnson Controls, Rockwell Automation, Schneider Electric, and Weintek. Specific technical details are contained within the individual CISA advisories.
## Exploitation
- **Status:** Information not available in the provided context.
- **Complexity:** Information not available in the provided context.
- **Attack Vector:** Information not available in the provided context.
## Impact
- **Confidentiality:** Information not available in the provided context.
- **Integrity:** Information not available in the provided context.
- **Availability:** Information not available in the provided context.
## Remediation
### Patches
Patches are available for the listed products, and users are encouraged to apply necessary updates. Specific version information for the patches is generally implied to be versions newer than those listed as vulnerable (e.g., Hubitat firmware version 2.4.2.157 or newer).
### Workarounds
Users and administrators are encouraged to review the provided CISA links and perform suggested mitigations.
## Detection
- **Indicators of Compromise (IOCs):** Not specified in the provided context.
- **Detection methods and tools:** Not specified in the provided context.
## References
- CISA ICS Advisories: hxxps://www.cisa.gov/news-events/cybersecurity-advisories