Today’s threat landscape underscores the convergence of IT-style vulnerabilities with OT/ICS assets. From exposed control systems to state-sponsored operations targeting critical infrastructure, defenders must prioritize asset hardening, network segmentation, and rapid patching.
Data Center OT Flaws Could Help Hackers Kill Power and AC
Claroty’s Team82 identified two high-severity vulnerabilities (CVSS 9.8) in Vertiv Liebert IS-UNITY-DP network cards used with UPS devices, alongside five medium-severity flaws in Trane Tracer SC+ HVAC controllers. The Vertiv flaws could enable a remote attacker to shut down equipment powered by the UPS, threatening data-center power availability. The Trane vulnerabilities can be chained to achieve unauthenticated remote code execution, giving attackers full control over building management systems and the ability to disable cooling, trigger thermal shutdowns, and cause hardware damage. CISA issued advisories for both products, highlighting the ongoing risk to mission-critical facilities, and researchers presented findings at the SANS ICS Security Summit in Orlando.
Source: BankInfoSecurity, June 10, 2026
Exposed Fuel Tank Gauges Under Attack in the US
A joint advisory from CISA, FBI, NSA, DoE, EPA, TSA, DOT, and USDA warned that threat actors — with links to Iran — are actively targeting Internet-exposed automatic tank gauge (ATG) systems at US gas stations and industrial facilities. ATGs are electronic gauges used to monitor liquid storage tanks and feed data to SCADA systems. Attackers can exploit legacy vulnerabilities (including CVSS 10.0 command injection flaws and authentication bypasses) to alter tank readings, disable safety alerts, and disrupt pump controls. The Shadowserver Foundation identified 909 exposed ATG devices in the US alone. Authorities recommend immediately removing ATGs from public internet exposure and enforcing strong credential and patching policies.
Source: Dark Reading, June 5, 2026
Critical Vulnerability in Universal Robots PolyScope 5 Exposes Industrial Robot Fleets to Hacking
Universal Robots patched CVE-2026-8153, a critical OS command injection vulnerability (CVSS 9.8) in the Dashboard Server interface of PolyScope 5, the operating system powering its collaborative industrial robots (cobots). An unauthenticated attacker with network access can craft commands executed on the robot’s OS, achieving remote code execution and full controller compromise. Claroty researcher Vera Mens warned that while cobots are not designed for direct internet exposure, their networks are often flat and unsegmented, making lateral movement relatively easy after an initial foothold. A successful exploit could compromise an entire fleet of cobots and their peripherals, posing physical hazards to workers. The flaw is patched in PolyScope 5.25.1.
Source: SecurityWeek, May 19, 2026
Russian APT Groups Breach ICS at Five Polish Water Treatment Plants
Poland’s Internal Security Agency (ABW) documented ICS security breaches at water treatment stations in five municipalities — Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo — during 2025. In some cases, attackers gained the ability to modify operational parameters of equipment, creating direct risk to the public water supply. ABW attributed the attacks primarily to Russian APT groups including APT28, APT29, and Belarusian-linked UNC1151, operating as hacktivist fronts. The primary attack vectors were weak password policies and systems directly exposed to the internet. The report also documented increased attacks on supply chains and other municipal utilities including wastewater treatment plants.
Source: SecurityWeek, May 8, 2026
CISA Releases Four ICS Security Advisories Covering IoT Platforms and Energy Systems
On June 11, 2026, CISA published four new Industrial Control Systems security advisories covering products used across multiple critical infrastructure sectors. The advisories address vulnerabilities in: the Yarbo Android/iOS Mobile Application and Cloud Infrastructure; the Naxclow IoT Platform; Brickcom Cameras; and the Schneider Electric Uni-Telway Driver (Update D) used in energy systems. Earlier on June 9, CISA also issued advisories for Schneider Electric EcoStruxure Panel Server, Siemens KACO Blueplanet Inverters (energy sector), and Schneider Electric Modicon Network Managed Switches (water/wastewater and energy sectors). Organizations are urged to review these advisories and apply mitigations to any affected equipment in their ICS/SCADA environments.
Source: CISA / WaterISAC, June 11, 2026
Protect your operations: review these advisories, inventory vulnerable devices, and implement mitigations now to reduce risk across OT/ICS environments.
