CISA ICS-CERT Advisories

CISA Adds Wing FTP Server Vulnerability to KEV Catalog

CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation and poses significant risks to federal agencies.

CISA Adds Two Exploited Vulnerabilities to KEV Catalog

CISA has added two new vulnerabilities, CVE-2026-3909 and CVE-2026-3910, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities per Binding Operational Directive (BOD) 22-01.

CISA: Ignition Software Vulnerable to Code Execution

CISA issued an advisory for Inductive Automation Ignition Software versions prior to 8.3.0, identifying a deserialization vulnerability (CVE-2025-13913) that could allow remote code execution. Users are recommended to upgrade to version 8.3.0 or later.