Cisa Advisory
The latest Cisa Advisory coverage — news, analysis, and updates from the WindowsNews.AI desk.
AVEVA Pipeline Simulation Critical Authorization Flaw (CVE-2026-5387): Patch Now to Prevent Unauthenticated Attacks
AVEVA's Pipeline Simulation platform contains a critical missing-authorization vulnerability that allows unauthenticated attackers to execute actions reserved for high-privilege users, including...
CISA Issues Critical Advisory for Anviz Access Control Vulnerabilities (CVSS 9.8)
The Cybersecurity and Infrastructure Security Agency (CISA) has published a critical advisory warning of multiple severe vulnerabilities in Anviz access control systems. The vulnerabilities affect...
CISA Warns of Critical Horner PLC Vulnerability CVE-2026-6284 with CVSS 9.1 Score
The Cybersecurity and Infrastructure Security Agency has issued an advisory about a critical vulnerability in Horner Automation's PLCs that exposes industrial control systems to password brute-force...
CISA Warns: Obsolete BASC-20T ICS Controller Has Critical Remote Code Execution Flaw
The Cybersecurity and Infrastructure Security Agency has issued an urgent advisory about a critical vulnerability in Contemporary Controls' BASC-20T building automation controller. CVE-2025-13926...
CISA Warns Iranian Hackers Are Targeting Internet-Facing PLCs in US Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency issued an urgent advisory on April 7, 2026, warning that Iranian state-sponsored cyber actors have moved beyond reconnaissance and nuisance...
CVE-2026-1579 Critical: PX4 MAVLink Vulnerability Enables Remote Shell Access in Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has published a critical industrial control systems advisory warning that PX4 Autopilot software contains a severe vulnerability enabling...
Anritsu Remote Spectrum Monitor Critical Flaw: CISA Warns of CVSS 9.8 Vulnerability in Industrial Systems
A critical vulnerability in Anritsu's Remote Spectrum Monitor devices has prompted an urgent ICS security advisory from CISA, with the flaw earning a maximum CVSS score of 9.8. The industrial control...
CISA Warns of Critical Authentication Bypass in Pharos Mosaic Show Controller (CVE-2026-2417)
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory about an authentication bypass vulnerability in Pharos Controls' Mosaic Show Controller. Designated...
CISA Warns: Three WebCTRL Vulnerabilities Could Let Attackers Hijack Building Controls
On March 19, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory detailing three vulnerabilities in Automated Logic’s WebCTRL Premium Server, a building...
CVE-2026-3611: Honeywell IQ4 BMS Controllers Ship with Unauthenticated Web HMI, Creating Critical Infrastructure Risk
Honeywell's IQ4 building management system controllers can ship from the factory with their web-based human-machine interface completely exposed without authentication, creating what cybersecurity...
CISA Warns of Critical ePower EV Charging Vulnerabilities: What You Need to Know
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning about multiple vulnerabilities in ePower's electric vehicle charging management platform,...
Frick Quantum HD CVEs Expose Critical RCE Risk in Industrial Refrigeration Systems
A critical security vulnerability in Johnson Controls' Frick Controls Quantum HD industrial refrigeration controllers has raised alarms across critical infrastructure sectors, exposing facilities to...