Full Report
[Control systems] CISA ICS security advisories (AV26–530)
Analysis Summary
Based on the CISA ICS Security Advisories (AV26–530) summary provided by the Canadian Centre for Cyber Security, here is the consolidated vulnerability information for the specified period (May 25–31, 2026).
*Note: As this advisory covers a broad collection of products, the summary focuses on the aggregate technical landscape of the reported flaws.*
# Vulnerability: Multiple Critical Infrastructure Flaws (CISA AV26–530)
## CVE Details
- **CVE ID:** Multiple (Refer to individual CISA advisories for specific IDs)
- **CVSS Score:** Varies (High to Critical observed in these categories)
- **CWE:** Commonly includes CWE-287 (Improper Authentication), CWE-119 (Memory Corruption), and CWE-79 (Cross-site Scripting).
## Affected Systems
- **Products:**
- **ABB:** AC500 V2, Ability Camera Connect, Ability Zenon, B&R Automation Runtime, EIBPORT V3, LVS MConfig, Terra AC Wallbox.
- **Medical/Health:** Eppendorf BioFlo 320, Frontier X (Android/iOS/X2).
- **Physical Security:** CP Plus NVR, KMW CCTV Cameras.
- **Industrial Connectivity:** PUSR USR-W610, MacGregor VDR G4e, Schneider Electric EcoStruxure Machine Expert HVAC.
- **Versions:**
- ABB AC500 V2: < 2.5.2
- ABB Zenon: 7.50 to 14
- PUSR USR-W610: v7.03T.07
- Schneider Electric: < 1.10.0
- **Configurations:** Industrial Control Systems (ICS), Smart Building automation (KNX), and maritime voyage data recording.
## Vulnerability Description
The vulnerabilities across these products range from logic flaws in authentication protocols to memory management errors in runtime environments. Specifically, the ABB and Schneider Electric advisories typically involve vulnerabilities that could allow an attacker to disrupt industrial processes, gain unauthorized access to PLC configurations, or execute arbitrary code within the engineering workstation environment.
## Exploitation
- **Status:** Not currently reported as exploited in the wild (unless specified in sub-advisories); PoC availability varies by vendor (often available for CCTV and PUSR devices).
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Primary vulnerability vector for these ICS/IoT devices).
## Impact
- **Confidentiality:** High (Risk of sensitive industrial data and video feed exposure).
- **Integrity:** High (Risk of unauthorized setpoint changes in PLCs or firmware tampering).
- **Availability:** High (Risk of Denial of Service (DoS) to critical infrastructure).
## Remediation
### Patches
- **ABB AC500:** Update to v2.5.2 or newer.
- **ABB Ability Camera Connect:** Update to v1.5.0.15.
- **Frontier X:** Update Android app to v15.0.0+ and iOS to v25.0.0+.
- **Schneider Electric:** Update Machine Expert HVAC to v1.10.0.
- **MacGregor VDR:** Update to v5.250.
### Workarounds
- Isolate ICS/SCADA networks from the business LAN and the public internet.
- Implement VPNs and Multi-Factor Authentication (MFA) for all remote access.
- Disable unused ports and services (e.g., Telnet, HTTP) on field devices.
## Detection
- **Indicators of Compromise:** Unusual traffic on TCP ports commonly used for industrial protocols (e.g., Modbus, BACnet, KNX) or cameras.
- **Detection methods and tools:** Asset owners should use ICS-aware Deep Packet Inspection (DPI) tools to monitor for non-standard commands sent to PLCs and controllers.
## References
- CISA ICS Advisories: hxxps://www[.]cisa[.]gov/news-events/ics-advisories
- Canadian Cyber Centre Alert: hxxps://www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-530
- ABB Cybersecurity: hxxps://global[.]abb/group/en/about/cybersecurity
- Schneider Electric Security: hxxps://www[.]se[.]com/ww/en/work/support/cybersecurity/security-notifications[.]jsp