CISA: Schneider Electric EcoStruxure Automation Expert Vulnerability Advisory

CISA issued an advisory regarding a critical vulnerability (CVE-2026-2273) in Schneider Electric's EcoStruxure Automation Expert software. The vulnerability could allow for arbitrary command execution on engineering workstations, potentially compromising industrial control systems. Schneider Electric has released version 25.0.1 as a fix.

CISA: Schneider Electric EcoStruxure PME/EPO Vulnerability Advisory

CISA issued an advisory regarding a deserialization of untrusted data vulnerability (CVE-2025-11739) affecting Schneider Electric's EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. The vulnerability could lead to arbitrary code execution, system compromise, operational disruption, and unauthorized administrative control.

CISA Advisory: Mitsubishi Electric CNC Series Vulnerability ICSA-26-078-05

CISA issued an advisory regarding a denial-of-service vulnerability (CVE-2025-2399) in Mitsubishi Electric CNC Series products. Successful exploitation could allow remote attackers to cause an out-of-bounds read. Affected products are deployed worldwide, with remediation guidance provided by the vendor.

CISA: CTEK Chargeportal Vulnerabilities Allow Unauthorized Administrative Control

CISA issued an advisory regarding critical vulnerabilities in CTEK Chargeportal software affecting energy and transportation sectors. Successful exploitation could lead to unauthorized administrative control or denial-of-service attacks on charging stations. The vendor is sunsetting the product in April 2026.

CISA: IGL-Technologies eParking.fi ICS Advisory

CISA released an advisory regarding vulnerabilities in IGL-Technologies eParking.fi charging stations. Successful exploitation could allow attackers to gain unauthorized administrative control or disrupt services. The advisory details two critical vulnerabilities, CVE-2026-29796 and CVE-2026-31903, affecting all versions of eParking.fi.

CISA Adds Cisco Vulnerability CVE-2026-20131 to KEV Catalog

CISA has added CVE-2026-20131, a vulnerability in Cisco Secure Firewall Management Center Software and Cisco Security Cloud Control, to its Known Exploited Vulnerabilities (KEV) Catalog. This action is based on evidence of active exploitation and requires Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability.

CISA ICS Advisory: WebCTRL Server Vulnerabilities Allow Communication Interception

CISA issued an advisory regarding multiple vulnerabilities in Automated Logic WebCTRL Premium Server. Successful exploitation could allow attackers to intercept or modify communications. The advisory provides details on affected versions and remediation guidance.

Renewables Obligation Certificate Issue Schedule 2026-2027

Ofgem has published the Renewables Obligation Certificate (ROC) issue schedule for the 2026-2027 period. The guidance outlines the deadlines for submitting ROC output data and the intended dates for ROC issuance by Ofgem.

Ofgem Decision on BUUK Connection Charging Methodology Modifications

Ofgem has issued a decision on proposed modifications to BUUK's connection charging methodology (CCM) statements. The decision follows a report submitted by BUUK on February 27, 2026, and was made within the 28-day review period stipulated by the gas transporter licence.

Ofgem DSO Performance Panel: Call for Stakeholder Evidence 2025-2026

Ofgem has issued a call for stakeholder evidence regarding the Distribution System Operator (DSO) Performance Panel's assessment of Distribution Network Operators' (DNOs) performance for the 2025-2026 period. The call seeks input on DNO performance against the DSO Panel Evaluation Criteria for the RIIO-ED2 price control period.