Serial number: AV26-074
Date: February 2, 2026
Between January 26 and February 1, 2026, CISA published ICS advisories to address vulnerabilities in the following products:
- Festo Didactic SE MES PC – version shipped with Windows 10
- Johnson Controls Metasys Application and Data Server (ADS) – version 14.1 and prior
- Johnson Controls Metasys Controller Configuration Tool (CCT) – version 17.0 and prior
- Johnson Controls Metasys Extended Application and Data Server (ADX) – version 14.1 and prior
- Johnson Controls Metasys LCS8500 – version 12.0 to version 14.1 and prior
- Johnson Controls Metasys NAE8500 – version 12.0 to version 14.1 and prior
- Johnson Controls Metasys System Configuration Tool (SCT) – version 17.1 and prior
- KiloView Encoder Series – multiple versions and models
- Rockwell Automation ArmorStart LT 290D/291D/294D – version V2.002 and prior
- Rockwell Automation ControlLogix – all versions
- Schneider Electric Zigbee Products – multiple versions and models
- iba Systems ibaPDA – version 8.12.0
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.