Daily OT Security News – June 24, 2026

Today’s OT and ICS security landscape is marked by urgent warnings from international alliances and critical vulnerability disclosures impacting industrial and automation systems worldwide. Organizations managing operational technology must prioritize patching and network hardening as threat actors rapidly evolve their tactics.

Five Eyes Alliance Warns Frontier AI Will Transform Cyberattacks Within Months

On June 23, 2026, cybersecurity agencies from the U.S., U.K., Canada, Australia, and New Zealand issued a rare joint alert highlighting that frontier AI models will soon surpass current industry capabilities, fundamentally changing offensive and defensive cyber operations. They emphasized that this transformation will occur within months, urging immediate action to strengthen network defenses, accelerate patching, and address legacy systems—especially within OT and critical infrastructure sectors where patching delays are common.

Source: The Record

CISA Adds Four Actively Exploited Flaws in Lantronix EDS5000 and Ubiquiti UniFi OS to KEV Catalog

CISA updated its Known Exploited Vulnerabilities catalog on June 23, 2026, including four critical flaws with a June 26 remediation deadline for federal agencies. The vulnerabilities affect Lantronix EDS5000 secure device servers and Ubiquiti UniFi OS, with issues such as unauthenticated root command execution and critical access control bypasses. Given the Lantronix devices’ role in bridging serial industrial equipment to Ethernet, these flaws pose significant risks to OT environments.

Source: Security Affairs

Siemens SINEC INS Vulnerabilities Republished by CISA, Patch Urged for OT Network Services Platform

CISA republished a Siemens advisory on June 23, 2026, detailing four vulnerabilities in SINEC INS versions prior to V1.0 SP2 Update 6. The most severe is an authenticated command injection via SFTP upload that can lead to remote code execution with service user privileges. Additional issues include path traversal, privilege escalation, and weak password hashing, affecting critical sectors such as manufacturing, energy, healthcare, transportation, and government worldwide.

Source: Windows Forum

Critical CVSS 9.8 RCE Flaw in AVer PTC Cameras Disclosed by CISA Advisory

CISA’s advisory ICSA-26-169-01 highlights a critical remote code execution vulnerability (CVE-2026-40624) affecting multiple AVer PTC camera models used in government, healthcare, and commercial settings. The flaw arises from improper input validation in the web management interface, allowing unauthenticated attackers to execute arbitrary code without user interaction. All firmware versions are impacted; a firmware update is available, and organizations are advised to isolate affected cameras on separate VLANs until patched.

Source: Security Online

B&R Industrial Automation Discloses Linux Kernel Privilege Escalation Bugs Affecting OT Automation Systems

B&R Industrial Automation disclosed multiple Linux kernel vulnerabilities in June 2026 impacting Linux for B&R 12 and earlier, APROL process control systems, and X20EDS410 edge devices. The most notable flaw, CVE-2026-31431, enables local privilege escalation via the AF_ALG cryptographic interface and has public proof-of-concept exploits. While local access is required, such access is often available in industrial environments through maintenance accounts and engineering workstations, increasing the risk.

Source: Windows Forum

As threat actors continue to leverage advanced techniques and exploit critical vulnerabilities, OT and ICS stakeholders must remain vigilant and proactive in their security measures to protect vital infrastructure.