Security teams want more from their data than APIs and one-off reports. They want to ask better questions, move faster, and bring security context into the workflows they are already building. That’s especially true as more organizations experiment with private AI assistants, internal copilots, and LLM-powered automation. Part of this experimentation is, of course, attempting to lower the pressure on teams that have to figure out how to prioritize the sheer number of actionable vulnerabilities efforts like Project Glasswing are quickly becoming hyper-skilled at spotting. That’s why Rapid7 is introducing a free, open-source MCP Server and Agent Skill for Bulk Export. Bulk export is a highly efficient way to access all your Rapid7 data; no more paging APIs, no more verbose output. Bulk Export creates a local offline replica of your data the LLM can efficiently and quickly interrogate, reducing token cost and time to answer questions. This new MCP and Agent Skill gives customers a standardized way to connect Rapid7 vulnerability and exposure data to AI assistants and custom AI workflows. Built as an open-source bridge, it helps customers bring their Rapid7 data into the tools and experiences that work best for their teams. Why this matters now Security teams are no longer just buying tools. They’re connecting systems, shaping workflows, and testing how AI can help analysts, IT teams, and leaders get to answers faster. For many teams, the path from raw security data to usable AI context is still manual. It often means exporting data, building wrappers, shaping queries, and managing custom integrations. Rather than leave every team to solve that challenge from scratch, we wanted to provide a stronger foundation that is flexible, practical, and easy to extend over time. With projects like Metasploit and Velociraptor, Rapid7 is committed to Open Source, and by sharing with the broader community we hope to accelerate velocity and ensure we’re able to incorporate more use cases and fixes. These processes also give customers full visibility of the code running and tools used, ensuring data privacy and allowing the user to do with their data what they please. What MCP does Model Context Protocol , or MCP, is an emerging standard for helping AI systems interact with external data and tools in a structured way. In practical terms, it gives AI assistants a cleaner way to ask questions, retrieve data, and work with systems beyond the model itself. For customers, that means less custom glue code and a more consistent way to use security telemetry in AI-driven workflows. That matters because many security reporting and analysis workflows still assume a high technical bar. Answering a simple question can require custom queries, SQL knowledge, or dashboard work. But the people who need those answers aren’t always security specialists. They may be IT partners, compliance stakeholders, or executives who want clarity but might not need to understand the underlying que
Security & IT News
LiveReal-time news from 13+ trusted sources — BleepingComputer, The Hacker News, Krebs on Security, Dark Reading & more.
Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to share child sexual abuse material (CSAM). [...]
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires on April 30, the government's spy powers will not automatically lapse.
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated," ESET security researcher Lukáš Štefanko said in a
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. [...]
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-10.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. /strong /p p The following versions of Silex Technology SD-330AC and AMC Manager are affected: /p ul li SD-330AC lt;=1.42 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965) /li li AMC Manager lt;=5.0.2 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Silex Technology /td td Silex Technology SD-330AC and AMC Manager /td td Stack-based Buffer Overflow, Heap-based Buffer Overflow, Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Dependency on Vulnerable Third-Party Component, Use of a Broken or Risky Cryptographic Algorithm, Sensitive Information in Resource Not Removed Before Reuse, Incorrect Privilege Assignment, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of CRLF Sequences ('CRLF Injection'), Initialization of a Resource with an Insecure Default /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Information Technology /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Japan /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-32955 /a /h3 div class="csaf-accordion-content" p A Stack-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to execute arbitrary code on the device. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-32955" View CVE Details /a /p hr h4 Affected Products /h4 h5 Silex Technology SD-330AC and AMC Manager /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Silex Technology /div div class="ics-version" strong Product Version: /strong br Silex Technology SD-330AC: lt;=1.42, Silex Technology AMC Manager: lt;=5.0.2 /div div class="ics-status" strong Product Status: /strong br known_affe
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to update to the latest version. /strong /p p The following versions of Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary are affected: /p ul li RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) vers:intdot/ lt;5.8 (CVE-2026-27668) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Siemens /td td Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary /td td Incorrect Privilege Assignment /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-27668 /a /h3 div class="csaf-accordion-content" p User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-27668" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V5.8 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000841/" https://support.industry.siemens.com/cs/ww/en/view/110000841/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/266.html" CWE-266 Incorrect Privilege Assignment /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader"
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. /strong /p p The following versions of SenseLive X3050 are affected: /p ul li X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE-2026-40623, CVE-2026-27841, CVE-2026-40620, CVE-2026-35064, CVE-2026-25775) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td SenseLive /td td SenseLive X3050 /td td Authentication Bypass Using an Alternate Path or Channel, Insufficient Session Expiration, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information, Missing Authorization, Cross-Site Request Forgery (CSRF) /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Water and Wastewater, Energy, Information Technology /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong India /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-40630 /a /h3 div class="csaf-accordion-content" p A vulnerability in the X3050's web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-40630" View CVE Details /a /p hr h4 Affected Products /h4 h5 SenseLive X3050 /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br SenseLive /div div class="ics-version" strong Product Version: /strong br SenseLive X3050: V1.523 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact br a href="https://senselive.io/contact" https://senselive.io/contact /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/288.html" CWE-288 Authentication Bypass Using an Alternate Path or Ch
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Analytics Toolkit are affected: /p ul li Siemens Software Center vers:intdot/ lt;3.5.8.2 (CVE-2025-40745) /li li Simcenter 3D vers:intdot/ lt;2506.6000 (CVE-2025-40745) /li li Simcenter Femap vers:intdot/ lt;2506.0002 (CVE-2025-40745) /li li Simcenter STAR-CCM+ vers:intdot/ lt;2602 (CVE-2025-40745) /li li Solid Edge SE2025 /li li Solid Edge SE2026 /li li Tecnomatix Plant Simulation vers:intdot/ lt;2504.0008 (CVE-2025-40745) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 3.7 /td td Siemens /td td Siemens Analytics Toolkit /td td Improper Certificate Validation /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-40745 /a /h3 div class="csaf-accordion-content" p Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-40745" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Analytics Toolkit /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026, Tecnomatix Plant Simulation /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V225.0 Update 13 or later version br a href="https://support.sw.siemens.com/product/246738425/" https://support.sw.siemens.com/product/246738425/ /a /p p strong Vendor fix /strong br Update to V226.0 Update 04 or later version br a href="https://support.sw.siemens.com/product/246738425/" https://support.sw.siem
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-07.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. /strong /p p The following versions of Siemens SCALANCE are affected: /p ul li SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) vers:intdot/ lt;6.6.0 (C
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-05.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. /strong /p p The following versions of Hardy Barth Salia EV Charge Controller are affected: /p ul li Salia Board Firmware lt;=2.3.81 (CVE-2025-5873, CVE-2025-10371) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.3 /td td Hardy Barth /td td Hardy Barth Salia EV Charge Controller /td td Unrestricted Upload of File with Dangerous Type /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy, Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-5873 /a /h3 div class="csaf-accordion-content" p A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.3.81. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-5873" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hardy Barth Salia EV Charge Controller /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hardy Barth /div div class="ics-version" strong Product Version: /strong br Hardy Barth Salia Board Firmware: lt;=2.3.81 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Hardy Barth did not respond to CISA's request for coordination. /p p strong Mitigation /strong br Contact Hardy Barth using their contact page here: https://www.hardy-barth.de/de/kontakt for more information. br a href="https://www.hardy-barth.de/de/kontakt" https://www.hardy-barth.de/de/kontakt /a /p p strong Mitigation /strong br Alternatively, Hardy Barth can also be contacted through their eCharge brand here: https://www.echarge.de/en/contact_company br a href="https://www.echarge.de/en/contact_company" https://www.echarge.de/en/contact_company /a /p /div p strong Relevant
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Siemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. /strong /p p The following versions of Siemens SINEC NMS are affected: /p ul li SINEC NMS /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.3 /td td Siemens /td td Siemens SINEC NMS /td td Improper Verification of Cryptographic Signature /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-24032 /a /h3 div class="csaf-accordion-content" p The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564) /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-24032" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens SINEC NMS /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br SINEC NMS /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V4.0 SP3 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000760/" https://support.industry.siemens.com/cs/ww/en/view/110000760/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/347.html" CWE-347 Improper Verification of Cryptographic Signature /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-06.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware. /strong /p p The following versions of Zero Motorcycles Firmware are affected: /p ul li Zero Motorcycles firmware lt;=44 (CVE-2026-1354) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 6.4 /td td Zero Motorcycles /td td Zero Motorcycles Firmware /td td Key Exchange without Entity Authentication /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-1354 /a /h3 div class="csaf-accordion-content" p Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-1354" View CVE Details /a /p hr h4 Affected Products /h4 h5 Zero Motorcycles Firmware /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Zero Motorcycles /div div class="ics-version" strong Product Version: /strong br Zero Motorcycles Zero Motorcycles firmware: lt;=44 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Zero Motorcycles has investigated this report and cautions users to pair their mobile device to their vehicle in a safe location where they can be sure no one else will try to pair at the same time. Once initiated, complete the full pairing process and confirm it is successful. Store physical keys in a secure location and do not leave the bike unattended with the key in the "ON" position. Zero Motorcycles plans to address
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-11.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Industrial Edge Management are affected: /p ul li Industrial Edge Management Pro V1 vers:intdot/ gt;=1.7.6| lt;1.15.17 (CVE-2026-33892) /li li Industrial Edge Management Pro V2 vers:intdot/ gt;=2.0.0| lt;2.1.1 (CVE-2026-33892) /li li Industrial Edge Management Virtual vers:intdot/ gt;=2.2.0| lt;2.8.0 (CVE-2026-33892) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.1 /td td Siemens /td td Siemens Industrial Edge Management /td td Authentication Bypass by Primary Weakness /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-33892 /a /h3 div class="csaf-accordion-content" p Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-33892" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Industrial Edge Management /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br Industrial Edge Management Pro V1, Industrial Edge Management Pro V2, Industrial Edge Management Virtual /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Ensure network ac
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available. /strong /p p The following versions of Siemens TPM 2.0 are affected: /p ul li SIMATIC CN 4100 vers:all/* (CVE-2025-2884) /li li SIMATIC Field PG M5 vers:all/* (CVE-2025-2884) /li li SIMATIC Field PG M6 vers:all/* (CVE-2025-2884) /li li SIMATIC IPC BX-32A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC BX-39A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC BX-56A vers:intdot/ lt;32.01.09 (CVE-2025-2884) /li li SIMATIC IPC BX-59A vers:intdot/ lt;32.01.09 (CVE-2025-2884) /li li SIMATIC IPC MD-57A vers:intdot/ lt;30.01.10 (CVE-2025-2884) /li li SIMATIC IPC PX-32A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC PX-39A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC PX-39A PRO vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC RW-528A vers:intdot/ lt;34.01.02 (CVE-2025-2884) /li li SIMATIC IPC RW-548A vers:intdot/ lt;34.01.02 (CVE-2025-2884) /li li SIMATIC IPC227E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC277E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC427E vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li li SIMATIC IPC477E vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li li SIMATIC IPC477E PRO vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li li SIMATIC IPC627E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC647E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC677E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC847E vers:all/* (CVE-2025-2884) /li li SIMATIC ITP1000 vers:all/* (CVE-2025-2884) /li li SIPLUS IPC427E vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 6.6 /td td Siemens /td td Siemens TPM 2.0 /td td Out-of-bounds Read /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-2884 /a /h3 div class="csaf-accordion-conten
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-08.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the latest version. /strong /p p The following versions of Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) are affected: /p ul li RUGGEDCOM CROSSBOW Station Access Controller (SAC) vers:intdot/ lt;5.8 (CVE-2025-6965) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.7 /td td Siemens /td td Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) /td td Numeric Truncation Error /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-6965 /a /h3 div class="csaf-accordion-content" p There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-6965" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br RUGGEDCOM CROSSBOW Station Access Controller (SAC) /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V5.8 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000841/" https://support.industry.siemens.com/cs/ww/en/view/110000841/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/197.html" CWE-197 Numeric Truncation Error /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Sc
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-09.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. /strong /p p The following versions of Siemens SINEC NMS are affected: /p ul li SINEC NMS /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Siemens /td td Siemens SINEC NMS /td td Authorization Bypass Through User-Controlled Key /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-25654 /a /h3 div class="csaf-accordion-content" p Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-25654" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens SINEC NMS /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br SINEC NMS /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Limit network access to trusted users and systems only /p p strong Vendor fix /strong br Update to V4.0 SP3 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000760/" https://support.industry.siemens.com/cs/ww/en/view/110000760/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/639.html" CWE-639 Authorization Bypass Through User-Controlled Key /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /
Threat Intel Scraping sounds simple until it isn’t, here’s how cybersecurity teams avoid blocks, bad data, and unnecessary risk.