Radar
A personal hobby project. Radar aggregates security advisories from CISA, Zero Day Initiative and CERT-EU and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability allows total control of affected systems post-exploitation and is already being actively exploited.
Read more → -
Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
View CSAF Summary Schneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product. The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#…
Read more → -
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
The advisory states that all versions of the FX5-ENET/IP module are affected by a DoS vulnerability due to excessive packet processing. No fix is planned for this product.
Read more → -
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
The device transmits sensitive health data in cleartext over Bluetooth, exposing glucose measurements to interception by nearby attackers.
Read more → -
Rockwell Automation FactoryTalk Historian Site Edition
The advisory identifies a race condition that could allow attackers to obtain a valid authentication token by repeatedly sending requests to the login endpoint.
Read more → -
Schneider Electric EasyLogic T150 and Saitel DP
View CSAF Summary Successful exploitation this vulnerability could allow an attacker to gain unauthorized access to sensitive files The following versions of Schneider Electric EasyLogic T150 and Saitel DP are…
Read more → -
AzeoTech DAQFactory
The advisory states that loading untrusted .ctl files in AzeoTech DAQFactory <=21.1 may lead to arbitrary code execution due to a type confusion vulnerability.
Read more → -
Mitsubishi Electric MELSEC iQ-F Series
The affected module may enter a denial-of-service state due to improper handling of rapid TCP connections, leading to memory access issues.
Read more → -
AVer PTC cameras
The advisory states that all versions of the affected AVer PTC camera models are vulnerable to arbitrary code execution via a crafted web request.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The vulnerability allows improper access control in the Widget Factory Joomla Content Editor, potentially enabling full system control post-exploitation.
Read more → -
Rockwell Automation CompactLogix
The advisory states that exposed Connection IDs on the web interface can be abused to trigger a denial-of-service condition via improper validation of CIP protocol fields.
Read more → -
Rockwell Automation FactoryTalk Analytics PavilionX
The advisory states that affected versions of FactoryTalk Analytics PavilionX lack proper authorization controls on API endpoints, potentially allowing unauthenticated attackers to perform administrative actions.
Read more → -
Rockwell Automation FLEX I/O EtherNet/IP Adapters
The advisory states that exploitation could lead to unauthorized access and loss of availability due to memory handling and authentication flaws in specific FLEX I/O adapter versions.
Read more → -
Rockwell Automation RSLinx
The advisory states that exploitation can cause a denial of service where the application becomes unresponsive and does not recover automatically.
Read more → -
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
Devices with less memory are more likely to experience a major nonrecoverable fault when a crafted CIP message is sent.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Two vulnerabilities involving path traversal in network and web management tools are now in the KEV catalog due to observed exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability affects Oracle PeopleSoft Enterprise PeopleTools and involves missing authentication for a critical function.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability allows OS command injection, which the advisory explicitly states grants total control of the affected asset post-exploitation.
Read more → -
Brickcom Cameras
The advisory states that live video snapshots can be accessed without authentication via the /ONVIF endpoint on affected Brickcom camera models.
Read more → -
Naxclow IoT Platform
The advisory states that all versions of multiple Naxclow IoT devices are affected by an authorization bypass vulnerability allowing silent device reassignment via replayed onboarding sequences.
Read more → -
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
Hard-coded credentials in the Yarbo mobile app grant access to all robot telemetry and command topics via the cloud MQTT infrastructure.
Read more → -
CISA Adds Three Known Exploited Vulnerabilities to Catalog
The addition of a network infrastructure vulnerability in Arista's Extensible Operating System may indicate interest in targeting backbone devices.
Read more → -
Schneider Electric Modicon Network Managed Switches
The vulnerability only affects devices where the RADIUS Server Message Authenticator option is disabled, as the default configuration is not vulnerable.
Read more → -
Schneider Electric EcoStruxure Panel Server
View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides…
Read more → -
Siemens KACO Blueplanet Inverters
The advisory states that serial numbers from affected inverters can be used to derive credentials, enabling unauthorized access. This affects a wide range of KACO blueplanet inverter models across multiple product lines.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2026-42271 involves command injection in BerriAI LiteLLM, indicating potential for unauthorized command execution where the software is deployed.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-28318 is an uncontrolled resource consumption vulnerability in SolarWinds Serv-U, now listed in CISA's KEV Catalog due to evidence of active exploitation.
Read more → -
Hitachi Energy RTU500
The advisory lists multiple overlapping version ranges for the RTU500 series CMU firmware, with repeated CVEs across entries, which may indicate consolidated reporting of previously disclosed issues.
Read more → -
B&R PPT30 Operating System
The vulnerability affects the OPC-UA server in B&R PPT30 Operating System versions prior to 1.8.0 and could be exploited by an unauthenticated network-based attacker to block access to the service.
Read more → -
Hitachi Energy ITT600 Explorer
The affected ITT600 Explorer versions include those prior to 2.1 SP6 and specifically 2.1 SP6 itself, with a patch available in 2.1 SP6 HF1.
Read more → -
Hitachi Energy MACH HiDraw
The vulnerability affects MACH HiDraw versions 9.22 and prior, with exploitation requiring authenticated local access and a specially crafted XML file.
Read more → -
NAVTOR NavBox
The advisory states that hard-coded credentials in NavBox's SOAP implementation could allow a local attacker to bypass authentication and access privileged file operations.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability involves deserialization of untrusted data in a Magento extension, a flaw type often exploited to achieve remote code execution.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2022-0492 involves improper authentication in the Linux kernel, a component present in many enterprise and embedded systems. Its inclusion in the KEV catalog indicates observed exploitation despite its 2022 publication date.
Read more → -
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
The advisory states that internet-exposed ATG systems are being targeted via hardcoded credentials and command execution. Removing these systems from public networks is explicitly recommended.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2024-21182 is an unspecified vulnerability in Oracle WebLogic Server now confirmed as actively exploited.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS that CISA has observed being actively exploited.
Read more → -
Supply Chain Compromises Impact Nx Console and GitHub Repositories
The malicious Nx Console extension (18.95.0) was distributed via VS Code’s automatic update mechanism, potentially affecting systems without user interaction.
Read more → -
MacGregor Voyage Data Recorder (VDR) G4e
The advisory states that default credentials are present without enforced password changes, and authenticated users can extract password hashes via backup files.
Read more → -
KMW CCTV Security Cameras
The advisory states that affected KMW cameras allow unauthenticated password resets, enabling full access to camera feeds and settings.
Read more → -
XCharge C6
The advisory states that XCharge C6 devices with firmware prior to May 22, 2026, are affected by multiple critical vulnerabilities, including firmware update mechanisms that lack cryptographic validation.
Read more → -
CP Plus 8 Ch. Network Video Recorder
The advisory specifies a stored XSS vulnerability that persists in the device backend and executes when users access affected pages.
Read more → -
Fourth Frontier Frontier X Mobile Application, Frontier X2
The advisory states that unauthenticated BLE access allows read/write of critical GATT characteristics, and the mobile app does not authenticate the connected device, enabling spoofing and data injection.
Read more → -
ABB Busch-Welcome 2 Wire Door Opener Actuator
The advisory states that toggling the mode switch and restarting power can recalibrate the system to correct the misconfiguration.
Read more → -
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
The advisory states that hard-coded administrative credentials are present in the firmware of the affected device, which can be extracted and used to gain unauthorized access.
Read more → -
ABB EIBPORT
The advisory states that affected ABB EIBPORT devices can expose session IDs and allow configuration changes if exploited. A firmware update is available to address the vulnerabilities.
Read more → -
CISA Adds Three Known Exploited Vulnerabilities to Catalog
The advisory adds two vulnerabilities involving embedded malicious code in developer tools, which may indicate supply chain compromise.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-48172 is a privilege escalation vulnerability in the LiteSpeed cPanel plugin, now added to CISA's KEV Catalog due to evidence of active exploitation.
Read more → -
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
The advisory states that the System Diagnostics Manager (SDM) is disabled by default in Automation Runtime 6 and not intended to be enabled outside secured production networks.
Read more → -
ABB AC500 V2
The advisory states that fragments of previous Modbus responses may be exposed due to a buffer over-read when unsupported function codes are sent to the AC500 V2 Modbus server.
Read more → -
ABB AbilityTM Zenon Remote Transport Vulnerability
The vulnerability allows unauthorized reboot of the system via the Remote Transport Service due to missing authentication, but requires prior network access.
Read more → -
Eppendorf BioFlo 320
The advisory states that all versions of the Eppendorf BioFlo 320 bioreactor are affected due to a hard-coded password in a VNC server, which could allow full access if remote access is enabled.
Read more → -
ABB Ability Camera Connect
The advisory states that an outdated VLC media player component in ABB Ability Camera Connect versions up to 1.5.0.14 contains multiple memory-related vulnerabilities, with a CVSS score of 9.8.
Read more → -
ABB LVS MConfig
The advisory states that sensitive information, including passwords, may be stored in cleartext in memory during runtime and exposed via memory dump files.
Read more → -
ABB Terra AC
The advisory states that unencrypted OCPP communications can enable exploitation of a heap-based buffer overflow, potentially allowing remote firmware manipulation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-9082 is an SQL injection vulnerability in Drupal Core that is already being exploited in the wild.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2026-34926 affects Trend Micro Apex One (On-Premise), a locally deployed endpoint security solution, and is actively exploited.
Read more → -
ABB B&R PCs
The advisory states that multiple ABB B&R PC models are affected by several vulnerabilities allowing remote code execution, DoS, DNS cache poisoning, or information disclosure.
Read more → -
ABB B&R Automation Runtime
The advisory states that the System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not intended to be enabled outside secure environments.
Read more → -
ABB B&R Automation Studio
The advisory lists 23 CVEs affecting ABB B&R Automation Studio versions prior to 6.5, primarily tied to outdated components like SQLite, with a CVSS score of 9.8.
Read more → -
Hitachi Energy GMS600
The advisory states that affected GMS600 versions use a vulnerable OpenSSL component enabling potential plaintext recovery via timing attacks.
Read more → -
ABB Terra AC Wallbox
The advisory states that exploitation requires prior Bluetooth hijacking, and communication is encrypted, which may limit attack feasibility.
Read more → -
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
The advisory states that versions of EcoStruxure Machine Expert HVAC prior to 1.10.0 store sensitive information in cleartext, potentially exposing protected source code during editing or compiling.
Read more → -
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
The advisory includes two recently added vulnerabilities in Microsoft Defender, a security product with broad deployment across federal systems.
Read more → -
ZKTeco CCTV Cameras
An undocumented, unauthenticated configuration export port on affected ZKTeco cameras can expose camera account credentials and service information.
Read more → -
ScadaBR
The advisory states that ScadaBR 1.2.0 is affected by multiple vulnerabilities, including unauthenticated remote code execution. Notably, the vendor has not responded to CISA's outreach for coordination.
Read more → -
ABB CoreSense HM and CoreSense M10
The advisory states that unauthenticated users can exploit a path traversal vulnerability to access restricted directories, potentially leading to full system compromise.
Read more → -
Siemens RUGGEDCOM APE1808 Devices
The advisory states that all versions of the Siemens RUGGEDCOM APE1808 are affected due to a buffer overflow in the User-ID Authentication Portal service inherited from Palo Alto Networks' PAN-OS software.
Read more → -
Kieback & Peter DDC Building Controllers
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Kieback & Peter DDC Building Controllers are affected…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-42897 is a cross-site scripting vulnerability in Microsoft Exchange Server now added to the KEV Catalog due to evidence of active exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more → -
Siemens SIPROTEC 5
Session identifier entropy issue in Siemens SIPROTEC 5 protection relays affects numerous hardware variants. The advisory notes that not all product endpoints use the vulnerable session mechanism.
Read more → -
Siemens SIMATIC
Unprotected help links on Siemens HMI panels allow unauthenticated web browser access. This may enable attackers to find backdoors and cause misconfigurations.
Read more → -
Siemens Industrial Devices
A single denial-of-service vulnerability (CVE-2025-40833 affects over 20 distinct Siemens industrial network devices. Patches are available for some products, while countermeasures are recommended for others awaiting fixes.
Read more → -
Siemens SIMATIC S7 PLC Web Server
SIMATIC S7 PLC web servers contain cross-site scripting vulnerabilities affecting multiple controller models. Siemens has released patches for some products and recommends mitigation for others.
Read more → -
Siemens Ruggedcom Rox
An authenticated attacker can read arbitrary files from the underlying OS filesystem via the web server's JSON-RPC interface. The advisory explicitly states these devices are used in critical manufacturing.
Read more → -
Siemens Opcenter RDnL
The advisory states that an unauthenticated attacker on an adjacent network can force a broker to connect to a rogue broker. The advisory notes that message integrity impact is low due to a missing auto refresh feature.
Read more → -
Siemens SENTRON 7KT PAC1261 Data Manager
The advisory states the vulnerability permits request smuggling in the web server of an energy sector device. This can lead to administrative control via stolen authorization tokens.
Read more → -
Siemens Solid Edge
Two vulnerabilities in Siemens Solid Edge allow arbitrary code execution via crafted PAR files. The advisory notes deployment in critical manufacturing sectors worldwide.
Read more → -
Siemens Teamcenter
Teamcenter V2312 and V2406 incorporate a vulnerable PDF.js component (CVE-2024-4367) from Firefox/Thunderbird. Multiple versions across the product line are affected by three distinct CVEs.
Read more → -
Siemens Ruggedcom Rox
An authenticated remote attacker can execute arbitrary commands as root via feature key installation. The vulnerability affects multiple Ruggedcom Rox models in versions prior to 2.17.1.
Read more → -
Universal Robots Polyscope 5
An unauthenticated attacker can execute code via OS command injection in Universal Robots Polyscope 5 Dashboard Server. Versions below 5.25.1 are affected.
Read more → -
Siemens Simcenter Femap
The advisory states that Simcenter Femap has a heap-based buffer overflow when reading IPT files. Siemens recommends updating to version 2512.0003 or later.
Read more → -
Siemens Ruggedcom Rox
Siemens Ruggedcom Rox before v2.17.1 bundles multiple third-party vulnerabilities spanning 2019 to 2025. The advisory explicitly recommends updating to the latest versions.
Read more → -
Siemens Ruggedcom Rox
This vulnerability allows authenticated attackers to escalate to root command execution via the scheduler. Siemens has released new versions for all affected Ruggedcom Rox products.
Read more → -
Siemens SIMATIC
SIMATIC CN 4100 versions before 5.0 contain 37 distinct vulnerability types. Siemens recommends updating to the latest version.
Read more → -
Siemens gWAP
The vulnerability originates in a third-party Axios library dependency and exploits prototype pollution to escalate into remote code execution. Siemens has released version 3.1.1 to address this issue.
Read more → -
Siemens Siemens ROS#
ROS# file_server before version 2.2.2 contains a relative path traversal vulnerability. The advisory recommends running the service only on trusted networks and with minimal user rights.
Read more → -
Fuji Electric Tellus
The vulnerability involves a kernel driver installed with Tellus that grants all users read and write permissions. This is a privilege escalation issue specific to version 5.0.2.
Read more → -
ABB Automation Builder Gateway for Windows
The Windows gateway listens remotely on port 1217 by default, which may expose PLC networks to scanning. Many users are unaware of this remote access feature as it is typically used locally.
Read more → -
ABB AC500 V3 Multiple Vulnerabilities
The advisory notes that exposed visualization files contain only static data, not live process data. The update is available in firmware version 3.9.0.
Read more → -
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
The advisory specifies that these vulnerabilities were internally discovered by ABB. The affected device's Modbus service becomes unavailable until manually rebooted when exploited.
Read more → -
Subnet Solutions PowerSYSTEM Center
Multiple CVEs affect different versions of PowerSYSTEM Center, with the 2020, 2024, and 2026 product lines all impacted. The vendor specifies distinct update versions for each affected product line.
Read more → -
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
A stack buffer overflow occurs during CMS message parsing before authentication, requiring no key material. The vulnerability affects ABB AC500 V3 PLCs used in critical infrastructure sectors.
Read more → -
Software Bill of Materials for AI - Minimum Elements
The advisory introduces supplemental minimum elements for AI-specific Software Bill of Materials. This guidance reflects international consensus from G7 partners and is intended to evolve with AI technology.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
This advisory adds one vulnerability, CVE-2026-42208, to the Known Exploited Vulnerabilities catalog. The vulnerability affects BerriAI's LiteLLM and involves SQL injection.
Read more → -
MAXHUB Pivot Client Application
The advisory notes a hardcoded AES key in the MAXHUB Pivot client application allows decryption of tenant email addresses. An attacker can also cause denial-of-service by enrolling unauthorized devices.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-6973 is an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM) now added to CISA's Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0300 is an out-of-bounds write vulnerability in Palo Alto Networks PAN-OS that is actively being exploited.
Read more →