#OT #Advisory VDE-2025-109
Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
#CVE CVE-2024-2511
https://certvde.com/en/advisories/vde-2025-109/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-109.json
#OT #Advisory VDE-2026-004
WAGO: Vulnerabilities in Managed Switch
Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
#CVE CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905
https://certvde.com/en/advisories/vde-2026-004/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-004.json
F/A-18's and F-35's return from the range during Grey Flag, September 2025 #f18 #growler #greyflag #mugu #ea18g #ea18growler #electronicattack #jamming #avgeek #nikon #aircraft #usnavy #Z9 #cvvhrn #VX9 #Vampires #OT #VX31 #RCAF
#news ⚡ Wehrbeauftragter Otte fordert Kurswechsel bei Auslandseinsätzen: Der Wehrbeauftragte des Deutschen Bundestags, Henning Otte (CDU), drängt auf eine deutlich stärkere Priorisierung von Bündnis- und Lan... https://hubu.de/?p=313306 | #auslandseinsaetzen #kurswechsel #ot
#OT #Advisory VDE-2026-006
Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service
The PIT User Authentication Service is affected by multiple vulnerabilities in included third-party components.
#CVE CVE-2025-31650, CVE-2025-48988, CVE-2025-12383, CVE-2025-61795
https://certvde.com/en/advisories/vde-2026-006/
#CSAF https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2026/ppsa-2026-001.json
CERT Poland on the December 29th incident:
"In the renewable energy sector, an attack targeted at least 30 wind and solar farms in Poland. The attack resulted in a loss of communication between the facilities and distribution system operators (DSOs), but it did not affect ongoing electricity generation. From the perspective of the transmission system operator (Polskie Sieci Elektroenergetyczne), the attack did not impact the stability of the Polish power system. It should be noted, however, that given the level of access obtained by the attacker, there was a risk of causing a disruption in electricity generation at the affected facilities. Even if such a disruption had occurred, analyses indicate that the combined loss of capacity across all 30 facilities would not have affected the stability of the Polish power system during the period in question."
I've already heard too many people exagerating the phyiscal impact of this attack.
USAF F-15E of the 422 TES, Nellis 91-0601 AFB, just before its mid field break during Grey Flag, September 2025 #422nd #OT #422tes #nellis #NellisAFB #milair #AvGeek #photography #greyflag #Nikon #Z9 #F15E #Eagle #cvvhrn #nasptmugu #mugu
Hackers russi hanno colpito ~30 siti energetici in Polonia a dicembre, disabilitando dispositivi di comunicazione (RTU) in impianti eolici, solari e cogenerazione. L'attacco è staro sventato prima del blackout, ma avrebbe potuto lasciare al buio 500.000 persone. Gli hacker hanno sfruttato vulnerabilità nei firewall per accedere ai sistemi.
𝟖𝟒 targets to hit. Don't miss the User Pillar. 🎯
The new 📃 DoW Zero Trust guidance sets 𝟖𝟒 activities as the OT baseline. The hardest part? Managing third-party risk.
Claroty Secure Remote Access - built for #OT - solves the User access puzzle:
🔸 Just-in-Time: Time-based access & auto-revocation
🔸 Accountability: Record and monitor every session
🔸 Least Privilege: Password vaults and role-based, least privilege access for 3rd parties
🔐 Built for OT. Ready for ZT.
Learn more: https://claroty.com/public-sector-cybersecurity/secure-access
#FederalOTSecurity #ZeroTrustforOT #ClarotyFederal #IndustrialCyber #CyberSecurity #OperationalTechnology #Infosec #Defense #DoW
#OT #Advisory VDE-2025-092
Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager
The vulnerability CVE-2025-41726 (NN-2025-0074) allows an authenticated remote user to execute arbitrary commands on the device. This can be exploited over the web UI or via API. In one case the execution of the arbitrary command happens within a privileged process.
#CVE CVE-2025-41726, CVE-2025-41727, CVE-2025-41728
https://certvde.com/en/advisories/vde-2025-092/
#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-092.json
Are you like other 🇺🇸 #Federal agencies concerned about budget and delaying critical #OTsecurity projects?
You can address the key first step in #OT and CPS security with comprehensive and accurate #AssetDiscovery in minutes with Claroty Edge.
🚫 New hardware
🚫 Switch upgrades
ℹ️ Learn more: https://claroty.com/platform/edge
📁 Download the 'Guardians of Government, Vol. 2: Fortifying the Cyber-Physical Frontier' report: https://claroty.com/resources/reports/guardians-of-government-vol-2-fortifying-the-cyber-physical-frontier
💡 New on Nexus: George Hulme talks to experts who identify 5️⃣ #cybersecurity trends most impacting cyber-physical systems protection in 2026. Those risks range from state-sponsored threats to #AI and the need to lock down internet-facing #OT.
Durch #Industrie 4.0 hat sich die Angriffsfläche in der Produktion deutlich vergrößert - mit der Folge steigender Sicherheitsanforderungen, weil klassische #IT-Welten und operative Produktionssysteme (#OT) zunehmend zusammenwachsen.
Besonders gefragt sind deshalb Fachkräfte, die Produktionsanlagen, #IoT-Umgebungen und sogar kritische Infrastrukturen gegen Angriffe absichern können – gleichzeitig sind genau diese Profile am #Arbeitsmarkt rar gesät:
https://www.vdi-nachrichten.com/karriere/arbeitsmarkt/it-und-ot-neue-berufsbilder-fuer-ingenieure-entstehen/ #cybersecurity #KRITIS
#OT #Advisory VDE-2025-107
Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities
Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.
#CVE CVE-2022-33259, CVE-2022-33211, CVE-2022-25740, CVE-2022-25729, CVE-2022-25678, CVE-2020-3686, CVE-2020-11170, CVE-2019-2320, CVE-2019-2303, CVE-2019-14062, CVE-2019-10612, CVE-2019-10609, CVE-2019-10586, CVE-2019-10516, CVE-2019-10511, CVE-2019-10500, CVE-2019-10487, CVE-2020-3670, CVE-2020-3634, CVE-2020-11190, CVE-2020-11189, CVE-2020-11188, CVE-2020-11171, CVE-2020-11166, CVE-2020-11144, CVE-2019-14033, CVE-2019-14020, CVE-2019-14019, CVE-2019-14011, CVE-2019-10577, CVE-2019-10554, CVE-2019-10553, CVE-2019-10552, CVE-2020-11269, CVE-2020-11177, CVE-2022-25698, CVE-2022-25697, CVE-2022-25695, CVE-2023-21625, CVE-2022-33235, CVE-2022-33229, CVE-2022-33228, CVE-2022-33222, CVE-2022-25747, CVE-2022-25738, CVE-2022-25732, CVE-2022-25730, CVE-2022-25728, CVE-2022-25726, CVE-2020-11251, CVE-2020-11191, CVE-2020-3624, CVE-2020-3622, CVE-2020-11204, CVE-2020-11178, CVE-2019-14094, CVE-2019-14077, CVE-2019-14076, CVE-2019-14074, CVE-2019-14071, CVE-2019-14066, CVE-2019-14065, CVE-2019-14056, CVE-2019-14050, CVE-2019-14030, CVE-2019-14015, CVE-2019-14000, CVE-2019-13999, CVE-2019-13998, CVE-2019-13995, CVE-2019-13994, CVE-2019-10628, CVE-2019-10615, CVE-2019-10527, CVE-2022-33304, CVE-2022-33238, CVE-2022-33223, CVE-2022-33213, CVE-2022-25739, CVE-2022-25737, CVE-2022-25735, CVE-2022-25734, CVE-2022-25733, CVE-2022-25731, CVE-2022-25702, CVE-2021-30273, CVE-2020-11226, CVE-2020-11145, CVE-2019-2337, CVE-2019-2335, CVE-2019-14022, CVE-2019-10485, CVE-2019-14101, CVE-2019-14043, CVE-2019-14042, CVE-2019-10574, CVE-2019-14119, CVE-2019-10482, CVE-2020-3644, CVE-2020-3643, CVE-2020-3621, CVE-2020-3620, CVE-2019-2295, CVE-2019-14115, CVE-2019-14067, CVE-2019-14007, CVE-2019-10513, CVE-2020-11293
https://certvde.com/en/advisories/vde-2025-107/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-107.json
#OT #Advisory VDE-2025-106
Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
#CVE CVE-2025-41768
https://certvde.com/en/advisories/vde-2025-106/
#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-106.json
Der #cra kommt. Das ist ein wichtiger Baustein unseres Schutzwalls gegen crappy Produkte ohne Schutz. Und es ist ein Statement für ein demokratisch ausgehandeltes Regelwerk der #eu. Es gibt europäischen Unternehmen und Verbrauchern Sicherheit und lässt im besten Fall unsichere Produkte mit „digitalen Elementen“ nicht in den EU-Binnenmarkt. Der Kommentar dazu ist spannend. Mein Vademekum für die kommenden drei Arbeitsjahre. #infosec #itsec #ot #iiot #updates #compliance #euregulation #EUlaw
Tired of complex switch configuration? 🤔
Our Smart Dial Switches turn network setup from minutes to seconds.
🔁 Dial a Ring Network or 🛡️ Dial a VLAN — no CLI, no software, just instant, physical control.
Ideal for:
• Quick deployment in industrial sites
• Isolating devices securely
• Prioritizing critical data (VIP channel)
• Ensuring up-time with dual power
#EthernetSwitch #IndustrialNetworking #NetworkSimplified #oT #TechSolutions #Manufacturing
💡 On Nexus, David Ruzicka, OT Security Director at Clarios, a top #manufacturing organization, explains why it’s important for enterprises integrating and converging #IT and #OT to involve engineers and asset operators in #cybersecurity strategy. Ruzicka explains the advantages engineers can introduce into this integration, and how a collaborative approach secures the shop floor and brings value to the business.
Read here: https://nexusconnect.io/videos/david-ruzicka-on-bridging-the-gap-between-engineers-and-security
✨ New on Nexus: The United States Department of War has issued comprehensive guidance requiring all organizational units to implement #zerotrust security principles across operational technology (#OT) systems, marking a fundamental shift in how the military secures critical infrastructure from power grids to manufacturing control systems. https://nexusconnect.io/articles/pentagon-mandates-zero-trust-security-framework-for-operational-technology-environments
