Full Report
[Control systems] CISA ICS security advisories (AV26–506)
Analysis Summary
This summary reflects the CISA ICS security advisories (AV26–506) released between May 18 and 24, 2026, as reported by the Canadian Centre for Cyber Security.
# Vulnerability: CISA ICS Security Advisories (AV26–506) - Multi-Vendor Industrial Control Systems
## CVE Details
*Note: Due to the high number of advisories in this aggregate report, specific CVE IDs and CVSS scores vary by vendor.*
- **CVE IDs:** Multiple (Covers numerous vulnerabilities across ABB, Hitachi, Siemens, and others)
- **CVSS Score:** Ranging from **Medium** to **Critical** (7.0 – 10.0 typically for ICS advisories)
- **CWE:** Commonly includes CWE-119 (Buffer Overflow), CWE-79 (XSS), CWE-287 (Improper Authentication), and CWE-20 (Improper Input Validation).
## Affected Systems
- **ABB B&R:**
- Automation Runtime (prior to v6.4)
- Automation Studio (prior to v6.5)
- ABB B&R PCs (multiple versions)
- **ABB Monitoring/EV:**
- CoreSense HM (v2.3.1 and prior)
- CoreSense M10 (v1.4.1.12 and prior)
- Terra AC Wallbox JP (v1.8.33 and prior)
- **Hitachi Energy:** GMS600 (versions 1.3.0 to 1.3.1)
- **Kieback & Peter:** DDC Building Controllers (multiple models)
- **ScadaBR:** Version 1.2.0
- **Siemens:** RUGGEDCOM APE1808 (All versions)
- **ZKTeco:** CCTV Cameras (firmware prior to V5.0.1.2.20260421)
## Vulnerability Description
These advisories address a range of technical flaws including:
- **Remote Code Execution (RCE):** Allow attackers to execute unauthorized commands on industrial controllers.
- **Denial of Service (DoS):** Crashing automation runtimes or communication modules.
- **Authentication Bypass:** Gaining unauthorized access to management interfaces on building controllers and cameras.
- **Information Disclosure:** Leaking sensitive configuration data from industrial PCs and gateway devices.
## Exploitation
- **Status:** Most are listed as **Not exploited** in the wild at the time of release; however, many ICS vulnerabilities have public PoC scripts available shortly after disclosure.
- **Complexity:** Low to Medium.
- **Attack Vector:** Primarily **Network**.
## Impact
- **Confidentiality:** High (Access to sensitive process data and network configs)
- **Integrity:** High (Potential to manipulate physical process parameters)
- **Availability:** High (Potential for operational shutdown or device bricking)
## Remediation
### Patches
- **ABB B&R:** Upgrade to Automation Runtime v6.4 and Automation Studio v6.5.
- **ZKTeco:** Apply firmware update V5.0.1.2.20260421 or later.
- **Hitachi Energy:** Consult vendor portal for specific GMS600 firmware updates.
- **Siemens:** Contact Siemens support for RUGGEDCOM APE1808 mitigations as "all versions" are listed as affected.
### Workarounds
- **Network Segmentation:** Isolate ICS/OT networks from the corporate LAN and the Internet.
- **VPN/MFA:** Use secure tunnels (VPN) with Multi-Factor Authentication for any remote access to HMI or controller interfaces.
- **Port Filtering:** Disable unused ports and services (e.g., Telnet, HTTP) on field devices.
## Detection
- Monitor for unusual industrial protocol traffic (e.g., unexpected Modbus/S7comm requests).
- Audit system logs for failed login attempts on HMI and PLC management consoles.
- Use ICS-aware DPI (Deep Packet Inspection) firewalls to detect malformed packets targeting known ports.
## References
- CISA ICS Advisories: hxxps[://]www[.]cisa[.]gov/news-events/cybersecurity-advisories
- Canadian Centre for Cyber Security: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-506