Daily OT Security News: July 11, 2026

Viakoo OT/IoT Security News Briefing – July 11, 2026

The operational technology (OT) and Internet of Things (IoT) security landscape continues to face significant challenges as critical vulnerabilities emerge across widely deployed industrial and consumer devices. From programmable logic controllers to smart home hubs and healthcare supply chains, attackers are exploiting flaws that threaten critical infrastructure and sensitive data worldwide.

CISA Issues Critical Advisory for OpenPLC v3: CVSS 9.9 Arbitrary Code Execution Flaw

On July 9, 2026, CISA released ICS Advisory ICSA-26-190-01 warning of a critical vulnerability (CVE-2026-14480, CVSS 9.9) in OpenPLC Runtime v3. An authenticated attacker can exploit a path traversal flaw in the legacy web UI to write arbitrary files and escalate to native code execution by injecting malicious C++ code during runtime compilation. This affects multiple sectors including Critical Manufacturing, Energy, Transportation, and Water/Wastewater globally. OpenPLC v3 is end-of-life; CISA recommends upgrading to OpenPLC v4 and isolating control system networks from the internet.

Source: CISA Advisory ICSA-26-190-01

CISA Warns of CVSS 10 Gardyn IoT Hub Flaw Exposing 138,000+ Devices to Remote Takeover

CISA published advisory ICSA-26-183-03 detailing three vulnerabilities in the Gardyn IoT Hub, a smart indoor garden controller with over 138,000 devices. The most severe flaw (CVE-2026-13768, CVSS 10.0) involves hard-coded credentials exposing a privileged Azure IoT Hub key, enabling unauthenticated remote command execution and lateral movement across a victim’s home network. Gardyn has patched its cloud infrastructure; users are urged to maintain internet connectivity for automatic firmware updates.

Source: CISA Advisory ICSA-26-183-03

Schneider Electric Easergy MiCOM Px40 Series Protection Relays Carry Hard-Coded SNMP Credentials

CISA advisory ICSA-26-190-03 (July 9, 2026) reveals a hard-coded credentials vulnerability (CVE-2026-4832, CVSS 5.3) in Schneider Electric’s Easergy MiCOM Px40 Series protection relays. An unauthenticated attacker able to reach the SNMP port can access sensitive device identification data. This affects multiple relay models deployed in Critical Manufacturing, Energy, and Transportation sectors worldwide. Schneider Electric advises disabling SNMP where unnecessary, applying firmware updates, and isolating relays behind firewalls.

Source: CISA Advisory ICSA-26-190-03

Six U-Boot Bootloader Flaws Threaten Millions of IoT and Industrial Devices with Pre-Boot Code Execution

Firmware security firm Binarly disclosed six vulnerabilities (BRLY-2026-037 through BRLY-2026-042) in U-Boot, the open-source bootloader used in routers, smart cameras, industrial controllers, and data-center chips. Two flaws allow arbitrary code execution before signature verification, undermining the chain of trust. These issues have existed since U-Boot version 2013.07 across many stable releases. No stable fix is available yet; vendors must backport patches until the next release in October 2026.

Source: The Hacker News

Healthcare Ransomware Attacks Surge 110% Year-Over-Year in H1 2026 as Extortion Groups Target Supply Chain

A Comparitech report reveals ransomware attacks on healthcare businesses surged 110% in the first half of 2026 compared to H1 2025, with a 35% increase over H2 2025. Attackers focus on supply chain vendors to access data from hundreds of hospitals and clinics. Notable incidents include a prolonged shutdown of the University of Mississippi Medical Center and a breach of German billing provider Unimed. Health-ISAC highlights legacy device complexity and continuous clinical operations as ongoing defense challenges.

Source: Dark Reading

As threat actors continue to exploit vulnerabilities across OT and IoT ecosystems, maintaining robust security hygiene and timely patching remains critical. Stay vigilant and prioritize network segmentation and device updates to defend against evolving risks.

Share this