Cyber & Coffee

Our news

  • Rockwell Automation CompactLogix 5370

    View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix 5370 are affected: CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CVSS Vendor Equipment Vulnerabilities v3 6.5 Rockwell Automation Rockwell Automation CompactLogix 5370 Improper Validation of Specified Quantity in Input

    READ MORE

  • EVMAPA

    View CSAF Summary Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. The following versions of EVMAPA are affected: EVMAPA (CVE-2025-54816, CVE-2025-53968, CVE-2025-55705) CVSS Vendor Equipment Vulnerabilities v3 9.4 EVMAPA EVMAPA Missing Authentication for Critical

    READ MORE

  • CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20045 Cisco Unified Communications Products Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the

    READ MORE

  • Festo Firmware

    View CSAF Summary Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent. Update A, 2022-12-13 Added affected device “Bus module CPX-E-PN, 4080497” Festo reports firmware in the following products is affected: Bus

    READ MORE

  • Schneider Electric devices using CODESYS Runtime

    View CSAF Summary Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If successfully exploited, these vulnerabilities could result in a denial of service or, in some cases, in remote code execution on PacDrive controllers, Modicon Controllers M241 /

    READ MORE

  • Rockwell Automation Verve Asset Manager

    View CSAF Summary Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server. The following versions of Rockwell Automation Verve Asset Manager are affected: Verve Asset Manager (CVE-2025-14376, CVE-2025-14377) Verve Asset Manager (CVE-2025-14376, CVE-2025-14377) Verve Asset Manager (CVE-2025-14376, CVE-2025-14377) Verve Asset Manager (CVE-2025-14376, CVE-2025-14377) Verve

    READ MORE

  • Schneider Electric EcoStruxure Foxboro DCS

    View CSAF Summary Schneider Electric is aware of a vulnerability disclosed by INTEL used in the EcoStruxure™ Foxboro DCS product formerly known as Foxboro Evo Process Automation System and I/A Series. The [EcoStruxure™ Foxboro DCS product](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/#overview) is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to

    READ MORE

  • Schneider Electric EcoStruxure Power Build Rapsody

    View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure Power Build Rapsody software. The [EcoStruxure Power Build Rapsody](https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=2309) is used to enter or import the single line diagram, to get the extensive bill of material of your switchboard, including all devices, connection items, and mounting components. Failure to apply the mitigations/remediations

    READ MORE

  • Siemens Industrial Edge Devices

    View CSAF Summary Siemens Industrial Edge Devices contain an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for

    READ MORE

  • Siemens SINEC Security Monitor

    View CSAF Summary SINEC Security Monitor before V4.10.0 contains multiple vulnerabilities. Siemens has released a new version for SINEC Security Monitor and recommends to update to the latest version. The following versions of Siemens SINEC Security Monitor are affected: SINEC Security Monitor (CVE-2025-40830, CVE-2025-40831) CVSS Vendor Equipment Vulnerabilities v3 6.7 Siemens Siemens SINEC Security Monitor

    READ MORE