Full Report
[Control systems] CISA ICS security advisories (AV26–151)
Analysis Summary
This summary is based solely on the aggregated advisory notice (AV26-151) provided. Specific CVEs, scores, detailed technical information, and exploitation status for *each* individual vulnerability within the linked advisories are *not* present in the context provided and must be obtained by consulting the linked CISA advisories directly.
# Vulnerability: Multiple Vulnerabilities in Industrial Control Systems (CISA AV26-151)
## CVE Details
- CVE ID: **Not specified in summary.** (Must check individual CISA advisories referenced by AV26-151)
- CVSS Score: **Not specified in summary.**
- CWE: **Not specified in summary.**
## Affected Systems
- Products:
* Delta Electronics ASDA-Soft
* En Ocean SmartServer IoT
* GE Vernova Enervista UR Setup
* Honeywell CCTV Products (Multiple specific versions listed below)
* Jinan USR IOT Technology Limited (PUSR) USR-W610
* Siemens Simcenter Femap and Nastran
* Valmet DNA Engineering Web Tools
* Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller
- Versions:
* Delta Electronics ASDA-Soft: Version 7.2.0.0 and prior
* En Ocean SmartServer IoT: Version 4.60.009 and prior
* GE Vernova Enervista UR Setup: Versions prior to 8.7
* Honeywell CCTV Products:
* I-HIB2PI-UL 2MP IP version 6.1.22.1216
* SMB NDAA MVO-3 WDR\_2MP\_32M\_PTZ\_v2.0
* PTZ WDR 2MP 32M WDR\_2MP\_32M\_PTZ\_v2.0
* 25M IPC WDR\_2MP\_32M\_PTZ\_v2.0
* PUSR USR-W610: Version 3.1.1.0 and prior
* Siemens Simcenter Femap and Nastran: Versions prior to 2512
* Valmet DNA Engineering Web Tools: Version C2022 and prior
* Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller: All versions
- Configurations: **Not specified in summary.**
## Vulnerability Description
CISA published multiple advisories addressing vulnerabilities across various industrial control system products between February 16 and February 22, 2026. The specific technical details, including the nature of the flaws (e.g., memory corruption, authentication bypass, insecure configuration), are contained within the individual advisories for each listed product.
## Exploitation
- Status: **Unknown.** (Assumed risk; specific exploitation status must be verified via linked CISA advisories).
- Complexity: **Unknown.**
- Attack Vector: **Unknown.**
## Impact
- Confidentiality: **Unknown.**
- Integrity: **Unknown.**
- Availability: **Unknown.**
## Remediation
### Patches
Patches or updates have been released by the respective vendors or are mandated for systems listed below. Users must review the underlying CISA advisories to identify the specific update package or version number required for remediation, as updates were made available for most products mentioned.
- **Action Required:** Users must review the provided CISA link (within the source material) for specific, corresponding patches for their affected product version.
### Workarounds
The general mitigation suggested by the Cyber Centre is to "perform the suggested mitigations" found in the individual advisories, which may include network segmentation, disabling services, or blocking external access.
## Detection
- **Indicators of Compromise:** Specific IOCs are not provided in this top-level summary but would be detailed in the underlying vendor/CISA alerts.
- **Detection methods and tools:** General network monitoring and integrity checking specific to the affected product environments are recommended.
## References
- CISA ICS Advisories: hxxps://www.cisa.gov/news-events/cybersecurity-advisories
- Originating Advisory: CISA AV26-151 (Published: February 23, 2026)