Serial number: AV26-265
Date: March 23, 2026
Between March 16 and 22, 2026, CISA published ICS advisories to address vulnerabilities in the following products:
- Automated Logic WebCTRL Premium Server – versions prior to v8.5
- CODESYS in Festo Automation Suite – multiple versions
- CTEK Chargeportal – all versions
- IGL-Technologies eParking.fi – all versions
- Mitsubishi Electric CNC Series – multiple versions
- Schneider Electric EcoStruxure Automation Expert – versions prior to v25.0.1
- Schneider Electric EcoStruxure Data Center Expert – version v9.0 and prior
- Schneider Electric EcoStruxure PME and EPO – multiple versions
- Schneider Electric Modicon Controllers M241/M251/M258/LMC058 – multiple versions
- Schneider Electric Modicon M241/M251 – versions prior to 5.4.13.12
- Schneider Electric Modicon M262 – versions prior to 5.4.10.12
- Schneider Electric SCADAPack and RemoteConnect – versions prior to R3.4.2
- Siemens SICAM SIAPP SDK – version prior to V2.1.7
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.