Radar
A personal hobby project. Radar aggregates security advisories from CISA, Zero Day Initiative and CERT-EU and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This…
Read more → -
Hitachi Energy RTU500
The advisory lists multiple overlapping version ranges for the RTU500 series CMU firmware, with repeated CVEs across entries, which may indicate consolidated reporting of previously disclosed issues.
Read more → -
B&R PPT30 Operating System
The vulnerability affects the OPC-UA server in B&R PPT30 Operating System versions prior to 1.8.0 and could be exploited by an unauthenticated network-based attacker to block access to the service.
Read more → -
Hitachi Energy ITT600 Explorer
The affected ITT600 Explorer versions include those prior to 2.1 SP6 and specifically 2.1 SP6 itself, with a patch available in 2.1 SP6 HF1.
Read more → -
Hitachi Energy MACH HiDraw
The vulnerability affects MACH HiDraw versions 9.22 and prior, with exploitation requiring authenticated local access and a specially crafted XML file.
Read more → -
NAVTOR NavBox
The advisory states that hard-coded credentials in NavBox's SOAP implementation could allow a local attacker to bypass authentication and access privileged file operations.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability involves deserialization of untrusted data in a Magento extension, a flaw type often exploited to achieve remote code execution.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2022-0492 involves improper authentication in the Linux kernel, a component present in many enterprise and embedded systems. Its inclusion in the KEV catalog indicates observed exploitation despite its 2022 publication date.
Read more → -
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
The advisory states that internet-exposed ATG systems are being targeted via hardcoded credentials and command execution. Removing these systems from public networks is explicitly recommended.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-21182 Oracle WebLogic Server Unspecified Vulnerability This type of…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS that CISA has observed being actively exploited.
Read more → -
Supply Chain Compromises Impact Nx Console and GitHub Repositories
The malicious Nx Console extension (18.95.0) was distributed via VS Code’s automatic update mechanism, potentially affecting systems without user interaction.
Read more → -
MacGregor Voyage Data Recorder (VDR) G4e
The advisory states that default credentials are present without enforced password changes, and authenticated users can extract password hashes via backup files.
Read more → -
KMW CCTV Security Cameras
The advisory states that affected KMW cameras allow unauthenticated password resets, enabling full access to camera feeds and settings.
Read more → -
XCharge C6
The advisory states that XCharge C6 devices with firmware prior to May 22, 2026, are affected by multiple critical vulnerabilities, including firmware update mechanisms that lack cryptographic validation.
Read more → -
CP Plus 8 Ch. Network Video Recorder
The advisory specifies a stored XSS vulnerability that persists in the device backend and executes when users access affected pages.
Read more → -
Fourth Frontier Frontier X Mobile Application, Frontier X2
The advisory states that unauthenticated BLE access allows read/write of critical GATT characteristics, and the mobile app does not authenticate the connected device, enabling spoofing and data injection.
Read more → -
ABB Busch-Welcome 2 Wire Door Opener Actuator
The advisory states that toggling the mode switch and restarting power can recalibrate the system to correct the misconfiguration.
Read more → -
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
The advisory states that hard-coded administrative credentials are present in the firmware of the affected device, which can be extracted and used to gain unauthorized access.
Read more → -
ABB EIBPORT
The advisory states that affected ABB EIBPORT devices can expose session IDs and allow configuration changes if exploited. A firmware update is available to address the vulnerabilities.
Read more → -
CISA Adds Three Known Exploited Vulnerabilities to Catalog
The advisory adds two vulnerabilities involving embedded malicious code in developer tools, which may indicate supply chain compromise.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-48172 is a privilege escalation vulnerability in the LiteSpeed cPanel plugin, now added to CISA's KEV Catalog due to evidence of active exploitation.
Read more → -
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
The advisory states that the System Diagnostics Manager (SDM) is disabled by default in Automation Runtime 6 and not intended to be enabled outside secured production networks.
Read more → -
ABB AC500 V2
The advisory states that fragments of previous Modbus responses may be exposed due to a buffer over-read when unsupported function codes are sent to the AC500 V2 Modbus server.
Read more → -
ABB AbilityTM Zenon Remote Transport Vulnerability
The vulnerability allows unauthorized reboot of the system via the Remote Transport Service due to missing authentication, but requires prior network access.
Read more → -
Eppendorf BioFlo 320
The advisory states that all versions of the Eppendorf BioFlo 320 bioreactor are affected due to a hard-coded password in a VNC server, which could allow full access if remote access is enabled.
Read more → -
ABB Ability Camera Connect
The advisory states that an outdated VLC media player component in ABB Ability Camera Connect versions up to 1.5.0.14 contains multiple memory-related vulnerabilities, with a CVSS score of 9.8.
Read more → -
ABB LVS MConfig
The advisory states that sensitive information, including passwords, may be stored in cleartext in memory during runtime and exposed via memory dump files.
Read more → -
ABB Terra AC
The advisory states that unencrypted OCPP communications can enable exploitation of a heap-based buffer overflow, potentially allowing remote firmware manipulation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-9082 is an SQL injection vulnerability in Drupal Core that is already being exploited in the wild.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2026-34926 affects Trend Micro Apex One (On-Premise), a locally deployed endpoint security solution, and is actively exploited.
Read more → -
ABB B&R PCs
The advisory states that multiple ABB B&R PC models are affected by several vulnerabilities allowing remote code execution, DoS, DNS cache poisoning, or information disclosure.
Read more → -
ABB B&R Automation Runtime
The advisory states that the System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not intended to be enabled outside secure environments.
Read more → -
ABB B&R Automation Studio
The advisory lists 23 CVEs affecting ABB B&R Automation Studio versions prior to 6.5, primarily tied to outdated components like SQLite, with a CVSS score of 9.8.
Read more → -
Hitachi Energy GMS600
The advisory states that affected GMS600 versions use a vulnerable OpenSSL component enabling potential plaintext recovery via timing attacks.
Read more → -
ABB Terra AC Wallbox
The advisory states that exploitation requires prior Bluetooth hijacking, and communication is encrypted, which may limit attack feasibility.
Read more → -
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
The advisory states that versions of EcoStruxure Machine Expert HVAC prior to 1.10.0 store sensitive information in cleartext, potentially exposing protected source code during editing or compiling.
Read more → -
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
The advisory includes two recently added vulnerabilities in Microsoft Defender, a security product with broad deployment across federal systems.
Read more → -
ZKTeco CCTV Cameras
An undocumented, unauthenticated configuration export port on affected ZKTeco cameras can expose camera account credentials and service information.
Read more → -
ScadaBR
The advisory states that ScadaBR 1.2.0 is affected by multiple vulnerabilities, including unauthenticated remote code execution. Notably, the vendor has not responded to CISA's outreach for coordination.
Read more → -
ABB CoreSense HM and CoreSense M10
The advisory states that unauthenticated users can exploit a path traversal vulnerability to access restricted directories, potentially leading to full system compromise.
Read more → -
Siemens RUGGEDCOM APE1808 Devices
The advisory states that all versions of the Siemens RUGGEDCOM APE1808 are affected due to a buffer overflow in the User-ID Authentication Portal service inherited from Palo Alto Networks' PAN-OS software.
Read more → -
Kieback & Peter DDC Building Controllers
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Kieback & Peter DDC Building Controllers are affected…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-42897 is a cross-site scripting vulnerability in Microsoft Exchange Server now added to the KEV Catalog due to evidence of active exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more → -
Siemens SIPROTEC 5
Session identifier entropy issue in Siemens SIPROTEC 5 protection relays affects numerous hardware variants. The advisory notes that not all product endpoints use the vulnerable session mechanism.
Read more → -
Siemens SIMATIC
Unprotected help links on Siemens HMI panels allow unauthenticated web browser access. This may enable attackers to find backdoors and cause misconfigurations.
Read more → -
Siemens Industrial Devices
A single denial-of-service vulnerability (CVE-2025-40833 affects over 20 distinct Siemens industrial network devices. Patches are available for some products, while countermeasures are recommended for others awaiting fixes.
Read more → -
Siemens SIMATIC S7 PLC Web Server
SIMATIC S7 PLC web servers contain cross-site scripting vulnerabilities affecting multiple controller models. Siemens has released patches for some products and recommends mitigation for others.
Read more → -
Siemens Ruggedcom Rox
An authenticated attacker can read arbitrary files from the underlying OS filesystem via the web server's JSON-RPC interface. The advisory explicitly states these devices are used in critical manufacturing.
Read more → -
Siemens Opcenter RDnL
The advisory states that an unauthenticated attacker on an adjacent network can force a broker to connect to a rogue broker. The advisory notes that message integrity impact is low due to a missing auto refresh feature.
Read more → -
Siemens SENTRON 7KT PAC1261 Data Manager
The advisory states the vulnerability permits request smuggling in the web server of an energy sector device. This can lead to administrative control via stolen authorization tokens.
Read more → -
Siemens Solid Edge
Two vulnerabilities in Siemens Solid Edge allow arbitrary code execution via crafted PAR files. The advisory notes deployment in critical manufacturing sectors worldwide.
Read more → -
Siemens Teamcenter
Teamcenter V2312 and V2406 incorporate a vulnerable PDF.js component (CVE-2024-4367) from Firefox/Thunderbird. Multiple versions across the product line are affected by three distinct CVEs.
Read more → -
Siemens Ruggedcom Rox
An authenticated remote attacker can execute arbitrary commands as root via feature key installation. The vulnerability affects multiple Ruggedcom Rox models in versions prior to 2.17.1.
Read more → -
Universal Robots Polyscope 5
An unauthenticated attacker can execute code via OS command injection in Universal Robots Polyscope 5 Dashboard Server. Versions below 5.25.1 are affected.
Read more → -
Siemens Simcenter Femap
The advisory states that Simcenter Femap has a heap-based buffer overflow when reading IPT files. Siemens recommends updating to version 2512.0003 or later.
Read more → -
Siemens Ruggedcom Rox
Siemens Ruggedcom Rox before v2.17.1 bundles multiple third-party vulnerabilities spanning 2019 to 2025. The advisory explicitly recommends updating to the latest versions.
Read more → -
Siemens Ruggedcom Rox
This vulnerability allows authenticated attackers to escalate to root command execution via the scheduler. Siemens has released new versions for all affected Ruggedcom Rox products.
Read more → -
Siemens SIMATIC
SIMATIC CN 4100 versions before 5.0 contain 37 distinct vulnerability types. Siemens recommends updating to the latest version.
Read more → -
Siemens gWAP
The vulnerability originates in a third-party Axios library dependency and exploits prototype pollution to escalate into remote code execution. Siemens has released version 3.1.1 to address this issue.
Read more → -
Siemens Siemens ROS#
ROS# file_server before version 2.2.2 contains a relative path traversal vulnerability. The advisory recommends running the service only on trusted networks and with minimal user rights.
Read more → -
Fuji Electric Tellus
The vulnerability involves a kernel driver installed with Tellus that grants all users read and write permissions. This is a privilege escalation issue specific to version 5.0.2.
Read more → -
ABB Automation Builder Gateway for Windows
The Windows gateway listens remotely on port 1217 by default, which may expose PLC networks to scanning. Many users are unaware of this remote access feature as it is typically used locally.
Read more → -
ABB AC500 V3 Multiple Vulnerabilities
The advisory notes that exposed visualization files contain only static data, not live process data. The update is available in firmware version 3.9.0.
Read more → -
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
The advisory specifies that these vulnerabilities were internally discovered by ABB. The affected device's Modbus service becomes unavailable until manually rebooted when exploited.
Read more → -
Subnet Solutions PowerSYSTEM Center
Multiple CVEs affect different versions of PowerSYSTEM Center, with the 2020, 2024, and 2026 product lines all impacted. The vendor specifies distinct update versions for each affected product line.
Read more → -
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
A stack buffer overflow occurs during CMS message parsing before authentication, requiring no key material. The vulnerability affects ABB AC500 V3 PLCs used in critical infrastructure sectors.
Read more → -
Software Bill of Materials for AI - Minimum Elements
The advisory introduces supplemental minimum elements for AI-specific Software Bill of Materials. This guidance reflects international consensus from G7 partners and is intended to evolve with AI technology.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
This advisory adds one vulnerability, CVE-2026-42208, to the Known Exploited Vulnerabilities catalog. The vulnerability affects BerriAI's LiteLLM and involves SQL injection.
Read more → -
MAXHUB Pivot Client Application
The advisory notes a hardcoded AES key in the MAXHUB Pivot client application allows decryption of tenant email addresses. An attacker can also cause denial-of-service by enrolling unauthorized devices.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-6973 is an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM) now added to CISA's Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0300 is an out-of-bounds write vulnerability in Palo Alto Networks PAN-OS that is actively being exploited.
Read more → -
ABB B&R PVI
Logging is disabled by default, limiting the exposure of this vulnerability. The issue only affects PVI client applications, not server components.
Read more → -
Johnson Controls CEM AC2000
The vulnerability affects multiple versions of Johnson Controls CEM AC2000 with a CVSS score of 8.7. The advisory explicitly mentions deployment in critical infrastructure sectors worldwide.
Read more → -
Hitachi Energy PCM600
The vulnerability is a known path traversal flaw in SharpZipLib, designated CVE-2018-1002208. Multiple PCM600 versions, including legacy 2.11 and newer 3.x releases, are affected.
Read more → -
ABB B&R Automation Runtime
An unauthenticated network attacker can trigger a permanent DoS via race condition in ANSL-Server. The advisory notes shorter cycle times in customer projects increase exploitation likelihood.
Read more → -
ABB B&R Automation Studio
The vulnerability allows an attacker to intercept and manipulate data exchanges by exploiting improper certificate validation in the OPC-UA and ANSL over TLS clients.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The vulnerability is listed as a 'Linux Kernel Incorrect Resource Transfer Between Spheres' issue. The advisory provides no technical details about the exploit mechanism or affected kernel versions.
Read more → -
Careful Adoption of Agentic AI Services
International collaboration has produced guidance for agentic AI adoption, emphasizing security challenges and risk management integration.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-41940 affects WebPros cPanel & WHM and WP2, involving a missing authentication mechanism for a critical function.
Read more → -
ABB PCM600
ABB PCM600 versions 1.5 through 2.13 contain a path traversal vulnerability in SharpZip.dll that allows arbitrary code execution via crafted messages. The fix in version 2.14 is incompatible with RE_630 protection relays, requiring separate mitigation.
Read more → -
ABB Ability OPTIMAX
An authentication bypass vulnerability affects ABB Ability OPTIMAX systems integrated with Azure AD SSO. Versions 6.1 and 6.2 are all affected, while specific versions of 6.3 and 6.4 require patching.
Read more → -
ABB System 800xA, Symphony Plus IEC 61850
The vulnerability affects specific ABB automation controllers (CI868, CI850, PM 877) and S+ Operations nodes using IEC 61850 MMS. Exploitation requires network access and causes device faults or communication driver crashes.
Read more → -
ABB Edgenius Management Portal
An authentication bypass vulnerability in ABB Edgenius Management Portal allows full system control via network access. The vendor recommends disabling the portal entirely until patching.
Read more → -
ABB AWIN Gateways
An authentication bypass vulnerability allows unauthenticated querying of system configuration on ABB AWIN Gateways. The advisory notes deployment in critical manufacturing sectors.
Read more → -
ABB Ability Symphony Plus Engineering
The vulnerability originates from PostgreSQL components bundled with ABB's industrial control software. Exploitation requires network access to the S+ Client Server.
Read more → -
Adapting Zero Trust Principles to Operational Technology
The advisory states that operational technology systems are increasingly interconnected, reducing the effectiveness of perimeter-based defenses.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Two vulnerabilities involving remote access and system protection mechanisms have been added to the KEV Catalog due to observed exploitation.
Read more → -
NSA GRASSMARLIN
The advisory notes that NSA GRASSMARLIN has been end-of-life since 2017 and will receive no patches. This vulnerability affects all versions of the software.
Read more → -
CISA Adds Four Known Exploited Vulnerabilities to Catalog
The advisory adds a command injection flaw in D-Link DIR-823X devices, which could allow remote code execution if exploited.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
Marimo is a vulnerability being actively exploited in the wild. The advisory provides no details about the product or attack vector.
Read more → -
SpiceJet Online Booking System
SpiceJet's online booking system allows unauthenticated access to passenger name records and booking details. The vendor did not coordinate with CISA on remediation.
Read more → -
Intrado 911 Emergency Gateway (EGW)
The vulnerability allows network-based attackers to bypass authentication on the Intrado 911 Emergency Gateway management interface. A CVSS 3.1 base score of 9.8 indicates high severity.
Read more → -
Milesight Cameras
Five CVEs affect multiple Milesight camera models with the same firmware versions. The advisory does not specify patch availability or mitigation details.
Read more → -
Yadea T5 Electric Bicycle
The advisory notes that Yadea did not respond to coordination attempts, indicating no patch is available. This affects all versions of the T5 Electric Bicycle through a weak authentication mechanism.
Read more → -
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
The advisory notes that the vendor has not responded to CISA mitigation requests. Unauthenticated access to 31 specific ONVIF endpoints allows full video stream capture.
Read more → -
Carlson Software VASCO-B GNSS Receiver
GNSS receiver lacks authentication for configuration access. The advisory notes deployment in critical manufacturing sectors worldwide.
Read more → -
FIRESTARTER Backdoor
FIRESTARTER is a backdoor targeting Cisco ASA and FTD software on publicly accessible firewall devices. The advisory indicates confirmed successful implants on Cisco Firepower devices running ASA.
Read more →