As operational technology (OT) and industrial control systems (ICS) continue to underpin critical infrastructure worldwide, the security landscape remains complex and rapidly evolving. Recent disclosures highlight emerging vulnerabilities, evolving threat tactics, and challenges in maintaining robust cyber defenses amid organizational constraints.
Claroty Uncovers Critical RCE Vulnerabilities in EnOcean SmartServer IoT Platform
Claroty’s Team82 discovered two critical vulnerabilities in EnOcean’s SmartServer IoT platform (version 4.60.009 and earlier) that could allow attackers to execute remote code with root privileges and bypass ASLR protections. Exploiting these flaws could enable full control over building management systems, including HVAC, power, and environmental controls. EnOcean has released a patch in SmartServer 4.6 Update 2 (v4.60.023) to address these issues.
Source: Industrial Cyber
CISA Issues Advisory for Data-Theft Flaw in NSA’s End-of-Life GrassMarlin OT Tool
CISA published an advisory for CVE-2026-6807, an XML External Entity (XXE) vulnerability in GrassMarlin, an OT network analysis tool originally developed by the NSA. This flaw allows local attackers to extract sensitive OT network information from ICS and SCADA analysis systems. Since GrassMarlin reached end-of-life in 2017, no patch is available, and a public proof-of-concept exploit has already been released, heightening the risk of exploitation.
Source: The CyberSignal
CISA, FBI, and Partners Release Joint Advisory on Adapting Zero Trust to OT Environments
A coalition including CISA, FBI, and several government departments published guidance on implementing Zero Trust principles tailored for OT environments. Recognizing the unique constraints of OT, the advisory recommends comprehensive asset visibility, zone-based segmentation aligned with ISA/IEC 62443 standards, expanded identity management to include machines and service accounts, and continuous monitoring with anomaly detection as compensating controls.
Source: IC3.gov / CISA
Resilience Report: Manufacturing Is the Top Ransomware Target, MFA Failures Drive 26% of Losses
A Resilience report analyzing nearly five years of cyber insurance claims confirms manufacturing as the most targeted sector for cyberattacks, with ransomware causing over 90% of financial losses despite representing only 12% of claims. Alarmingly, misconfigured multi-factor authentication contributes to about 26% of total losses, including the dataset’s single largest incident. The report also notes that connected IoT devices in manufacturing facilities are expected to more than double by 2030, expanding the potential attack surface.
Source: Industrial Cyber
CISA Budget Cuts Leave Critical Infrastructure Cyber Partnerships at a ‘Standstill’
Recent testimony before the House Homeland Security cybersecurity subcommittee revealed that CISA has lost about one-third of its staff in the past year, with its Stakeholder Engagement Division shrinking significantly. The elimination of the Critical Infrastructure Partnership Advisory Council (CIPAC) has halted strategic collaboration with industry, leaving small public utilities and local governments increasingly exposed to ransomware and nation-state cyber threats targeting critical infrastructure.
Source: Federal News Network
As threats to OT and ICS environments continue to evolve, maintaining vigilance and proactively implementing adaptive security measures remains essential for protecting critical infrastructure. Stay informed and prepared to address emerging risks.
