Serial number: AV26–051
Date: January 26, 2026
Between January 19 and 25, 2026, CISA published ICS advisories to address vulnerabilities in the following products:
- AutomationDirect CLICK Programmable Logic Controller – version C0-0x
- AutomationDirect CLICK Programmable Logic Controller – version C0-1x
- AutomationDirect CLICK Programmable Logic Controller – version C2-x
- Delta Electronics DIAView – version 4.2.0
- EVMAPA EVMAPA – all versions
- Hubitat Elevation C3/C4/C5/C7/C8/C8 pro – firmware versions prior to firmware_2.4.2.157
- Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool – version 6.9.7 and prior
- Rockwell Automation CompactLogix 5370 – version 34.013 and prior
- Rockwell Automation CompactLogix 5370 – version 35.012 and prior
- Rockwell Automation CompactLogix 5370 – version 36.011
- Rockwell Automation Verve Asset Manager - multiple versions and models
- Schneider Electric EcoStruxure Foxboro DCS – multiple versions
- Schneider Electric EcoStruxure Process Expert – all versions
- Schneider Electric devices using CODESYS Runtime – multiple versions and models
- Weintek cMT X Series HMI EasyWeb Service – multiple versions and models
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.