Advisory Database
Active Advisories
7 records — sorted by date — OT/ICS threat intelligence
Severity
Critical
High
Medium
Low
Info
CVE / ID Advisory Sectors Date
Threat Report
Water Sector Cyber Threats 2026 — From Oldsmar to Nation-State Pre-Positioning Water and wastewater systems face a growing and diverse cyber threat — from opportunistic attacks exploiting internet-exposed HMIs to sophisticated nation-state pre-positioning campaigns. This briefing covers the current threat landscape, attack vectors, and sector-specific defensive priorities.
💧 water
May 22, 2026 CVE-2026-20182 CISA ICS Advisory: Siemens RUGGEDCOM and SCADABr Remote Code Execution CISA has released a critical ICS advisory covering unauthenticated remote code execution vulnerabilities in Siemens RUGGEDCOM network devices and SCADABr SCADA software, both widely deployed in energy and manufacturing environments.
⚡ energy⚙️ manufacturing
May 14, 2026 Threat Report Volt Typhoon Pre-Positioning in US and UK OT Networks China-nexus threat actor Volt Typhoon has systematically infiltrated operational technology networks across US and UK critical infrastructure sectors, establishing persistent footholds in energy, water, and communications systems for potential future disruption.
⚡ energy💧 water
May 10, 2026 Sector Briefing OT Network Segmentation: Purdue Model, DMZ Design, and Historian Isolation A practical guide to network segmentation in OT environments, covering the Purdue Reference Model, industrial DMZ architecture, data historian isolation, and the tradeoffs between operational access and security posture.
⚡ energy⚙️ manufacturing
Apr 28, 2026 Threat Report TRITON/TRISIS: The Malware Designed to Kill TRITON is the only publicly known malware explicitly engineered to disable Safety Instrumented Systems—the last line of defense against industrial catastrophes. An analysis of its architecture, targeting of Schneider Electric Triconex controllers, and what it means for safety system cybersecurity.
⚡ energy🛢 petrochemical
Apr 15, 2026 Vuln Analysis Modbus and DNP3: Inherent Security Weaknesses in Legacy Industrial Protocols Modbus and DNP3 were designed for reliability and interoperability, not security. An analysis of the structural security weaknesses in both protocols—unauthenticated commands, lack of encryption, spoofing, and replay attacks—and the compensating controls available to practitioners.
⚡ energy💧 water
Apr 5, 2026 Sector Briefing The OT Asset Inventory Problem: Visibility Gaps, Passive Discovery, and Unmanaged Devices Most industrial operators cannot accurately enumerate the devices on their OT networks. This visibility gap is the foundational barrier to OT security—you cannot protect what you cannot see. A practical look at passive discovery tools, the limits of vendor inventories, and strategies for building actionable asset visibility.
⚡ energy⚙️ manufacturing
Mar 20, 2026