Serial number: AV26–391
Date: April 27, 2026
Between April 20 and 26, 2026, CISA published ICS advisories to address vulnerabilities in the following products:
- Carlson Software VASCO-B GNSS Receiver – versions prior to 1.4.0
- Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera – firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06
- Hardy Barth Salia EV Charge Controller – firmware version 2.3.81 and prior
- Intrado 911 Emergency Gateway (EGW) – versions 7.x, 6.x and 5.x
- Milesight Cameras – multiple versions and models
- RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) – versions prior to 5.8
- SenseLive X3050 – version V1.523
- Siemens Analytics Toolkit – multiple versions
- Siemens Industrial Edge Management – multiple versions and models
- Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) – version prior to V5.8
- Siemens SCALANCE – multiple versions
- Siemens SINEC NMS – version prior to V4.0 SP3
- Siemens SINEC NMS – version V4.0 SP3 with UMC and prior
- Siemens TPM 2.0 – multiple versions and models
- Silex Technology AMC Manager – versions prior to 5.0.2
- Silex Technology SD-330AC – version 1.42 and prior
- SpiceJet Online Booking System – all versions
- Yadea T5 Electric Bicycle – all versions
- Zero Motorcycles Firmware – version prior to 44
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.