CISA ICS Advisory: Schneider Electric Modicon Vulnerabilities

CISA issued an advisory regarding vulnerabilities in Schneider Electric Modicon M241, M251, and M262 controllers. Successful exploitation could lead to a denial-of-service condition. Affected versions are prior to 5.4.13.12 for M241/M251 and 5.4.10.12 for M262.

CISA ICS Advisory: Schneider Electric Modicon Controllers Vulnerable

CISA issued an advisory regarding vulnerabilities in Schneider Electric Modicon Controllers M241, M251, M258, and LMC058. Successful exploitation could lead to cross-site scripting or open redirect attacks, potentially resulting in account takeover or code execution.

CISA: Schneider Electric EcoStruxure Automation Expert Vulnerability Advisory

CISA issued an advisory regarding a critical vulnerability (CVE-2026-2273) in Schneider Electric's EcoStruxure Automation Expert software. The vulnerability could allow for arbitrary command execution on engineering workstations, potentially compromising industrial control systems. Schneider Electric has released version 25.0.1 as a fix.

CISA: Schneider Electric EcoStruxure PME/EPO Vulnerability Advisory

CISA issued an advisory regarding a deserialization of untrusted data vulnerability (CVE-2025-11739) affecting Schneider Electric's EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. The vulnerability could lead to arbitrary code execution, system compromise, operational disruption, and unauthorized administrative control.

CISA Advisory: Mitsubishi Electric CNC Series Vulnerability ICSA-26-078-05

CISA issued an advisory regarding a denial-of-service vulnerability (CVE-2025-2399) in Mitsubishi Electric CNC Series products. Successful exploitation could allow remote attackers to cause an out-of-bounds read. Affected products are deployed worldwide, with remediation guidance provided by the vendor.

CISA: CTEK Chargeportal Vulnerabilities Allow Unauthorized Administrative Control

CISA issued an advisory regarding critical vulnerabilities in CTEK Chargeportal software affecting energy and transportation sectors. Successful exploitation could lead to unauthorized administrative control or denial-of-service attacks on charging stations. The vendor is sunsetting the product in April 2026.

CISA: IGL-Technologies eParking.fi ICS Advisory

CISA released an advisory regarding vulnerabilities in IGL-Technologies eParking.fi charging stations. Successful exploitation could allow attackers to gain unauthorized administrative control or disrupt services. The advisory details two critical vulnerabilities, CVE-2026-29796 and CVE-2026-31903, affecting all versions of eParking.fi.

CISA Adds Cisco Vulnerability CVE-2026-20131 to KEV Catalog

CISA has added CVE-2026-20131, a vulnerability in Cisco Secure Firewall Management Center Software and Cisco Security Cloud Control, to its Known Exploited Vulnerabilities (KEV) Catalog. This action is based on evidence of active exploitation and requires Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability.

CISA ICS Advisory: WebCTRL Server Vulnerabilities Allow Communication Interception

CISA issued an advisory regarding multiple vulnerabilities in Automated Logic WebCTRL Premium Server. Successful exploitation could allow attackers to intercept or modify communications. The advisory provides details on affected versions and remediation guidance.

Renewables Obligation Certificate Issue Schedule 2026-2027

Ofgem has published the Renewables Obligation Certificate (ROC) issue schedule for the 2026-2027 period. The guidance outlines the deadlines for submitting ROC output data and the intended dates for ROC issuance by Ofgem.