CIRCLE WITH A DOT

CVE-2026-8072 (CRITICAL, 9.2): Ingeteam Ingecon Sun EMS Board uses weak hashing for SAT access credentials, risking privilege escalation. No mitigation yet — review access and monitor for updates. https://radar.offseq.com/threat/cve-2026-8072-cwe-327-use-of-a-broken-or-risky-cry-6e7aa5de #OffSeq #ICS #Vulnerability

ICSAP Analysis Report | ICSAP-AN-26-001 - Read full report at : https://drive.google.com/file/d/1v5RWBFT0cHFUDkUhM0enwh3t1PdOGVcv/viewReading Between the Advisories: Linux Kernel CVE-2026-31431 in the ICS EcosystemCVE-2026-31431 ("Copy Fail") was added to CISA's KEV Catalog on May 1. Theori's Xint Code research team disclosed it on April 29. It's a 9-year-old logic flaw in the Linux kernel's algif_aead module that lets any unprivileged local user escalate to root using a 732-byte Python script. The same exploit works on Ubuntu, Amazon Linux, RHEL, and SUSE without modification.The mainstream security community has covered this well. What hasn't been written is the ICS angle.We reviewed both the CISA ICS Advisory dataset (3,800 advisories since 2010) and the ICS[AP] Other CERT and Vendor ICS Advisories dataset (12,468 advisories) to see which industrial control system products have documented Linux exposure to this CVE.Three observations:Only 0.8% of CISA ICS advisories have ever explicitly mentioned Linux, the kernel, or embedded Linux components. Across 3,800 advisories, only two disclose a specific kernel version, and both are end-of-life branches.Schneider Electric (234 CISA advisories, zero Linux mentions), Rockwell Automation (246, zero), Mitsubishi Electric (119, zero), Hitachi Energy (103, zero), and Moxa (53, zero) have published nothing about Linux in their CISA advisory text, despite shipping Linux-based product lines per their own technical documentation.Container escape applies. CODESYS Control containers, Advantech IoTSuite Edge dockers, Bosch Rexroth ctrlX CORE container apps, and similar containerized industrial edge platforms are subject to the container-breakout behavior identified in Microsoft Defender's published analysis.Asset owners cannot rely on advisory text to assess exposure. Direct vendor PSIRT engagement is the only defensible path. As of publication, no major ICS vendor has published a CVE-2026-31431-specific advisory.ICSAP-AN-26-001 is the inaugural ICSAP Analysis Report. It covers the CVE technical mechanism with primary-source attribution to Theori, a Tier 1A list of 16 ICS product lines with documented Linux exposure, a Tier 2 list of 14 vendors whose Linux products do not surface in advisory text, and practitioner guidance for the next four to six weeks.Read the full report at icsadvisoryproject.com.#ICS #OTSecurity #CriticalInfrastructure #LinuxKernel #CopyFail #VulnerabilityManagement

️ HIGH severity: CVE-2026-3868 affects Moxa EDR-8010 v1.0 routers. Remote attackers can trigger a DoS via HTTPS mgmt interface buffer overflow. No patch yet — restrict access & monitor for outages. https://radar.offseq.com/threat/cve-2026-3868-cwe-130-improper-handling-of-length--680be2d5 #OffSeq #Moxa #Infosec #ICS

Update on my post/rant about enterprise network manufacturers. Instead of continuing to try to rent enterprise solutions, I decided to spend about $1k on hardware from D-Link, GL.iNet, LogiLink, MikroTik, PC ENGINES GMBH, and TP-Link Systems Inc..The benefits for me so far:1. Ownership of open-source hardware, I own the devices myself instead of just renting them this gives me maximum control.2. Excellent support, kudos to the manufacturers, forums, and the (F)OSS community who have helped me with my questions.3. Research & knowledge sharing, I plan to share my research results with these manufacturers, not with the enterprise providers from my previous post.It’s exciting to see how much support and innovation is happening outside of the major enterprise manufacturers. #cybersecurity #otsecurity #ics #ot