Bg ShapeBg Shape
THREAT INTELLIGENCE

Multiple ICS Vulnerabilities Enable RCE and Takeover

Multiple high-severity vulnerabilities have been identified across Honeywell CCTV Products, GE Vernova Enervista UR Setup, Delta Electronics ASDA-Soft, and Siemens Simcenter Femap and Nastran. Successful exploitation could lead to account takeover, unauthorised access, remote code execution (RCE), buffer overflows, file system manipulation, or application crashes.

CVE

CVE-2026-1670
CVE-2026-1762
CVE-2026-1763
CVE-2026-1361
CVE-2026-23715–CVE-2026-23720

Targeting / Delivery Mechanism

  • Honeywell CCTV: Exploitation via unauthenticated API endpoint exposure, allowing attackers to modify password recovery settings.
  • GE Enervista UR Setup: Exploitable through malicious DLL placement or crafted firmware update files.
  • Delta ASDA-Soft: Triggered by malicious .par files causing buffer overflow.
  • Siemens Simcenter: Exploitation requires user interaction by opening malicious NDB or XDB files.

Internet-facing systems, exposed management interfaces, and environments where users handle untrusted files present elevated risk.

Execution Technique

  • Missing authentication enabling account takeover (Honeywell).
  • DLL hijacking and directory traversal enabling elevated code execution (GE).
  • Stack-based buffer overflow leading to structured exception handler corruption (Delta).
  • Out-of-bounds read/write and heap-based buffer overflows through malicious file parsing (Siemens).

Persistence / Deployment

Successful exploitation could allow attackers to gain administrative access, execute arbitrary code, manipulate system configurations, access surveillance feeds, or maintain persistence within operational technology environments.

Impact and Smarttech247's Recommended Actions

Operational Impact

Severity ranges from High to Critical (CVSS up to 9.8). Exploitation may result in surveillance system compromise, elevated privilege execution, integrity violations, and disruption of industrial or engineering operations.

Validate Integrity

Identify affected product versions:

  • Honeywell CCTV versions listed under CVE-2026-1670
  • GE Enervista UR Setup versions prior to 8.70
  • Delta ASDA-Soft ≤7.2.0.0
  • Siemens Simcenter Femap and Nastran versions prior to 2512

Review logs for unauthorised account changes, suspicious file activity, unexpected crashes, or abnormal administrative execution.

Respond to Confirmed Compromise

Isolate affected systems. Reset compromised credentials, particularly recovery email accounts in Honeywell deployments. Reinstall or upgrade impacted software. Conduct forensic review of file systems and user activity.

Strengthen Preventative Controls

Apply vendor patches immediately:

  • Upgrade GE Enervista to version 8.70 or later
  • Upgrade Delta ASDA-Soft to v7.2.2.0
  • Upgrade Siemens Simcenter to version 2512 or later
  • Contact Honeywell for patch guidance

Restrict administrative access, enforce file integrity monitoring, and prevent users from opening untrusted NDB, XDB, or .par files.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-01
https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-02
https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-03
https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-04

Download the Full Report

Explore More of the Latest Threat Intelligence

April 15, 2026

Multiple Adobe Product Vulnerabilities Allow Code Execution

Read Report
April 15, 2026

Ivanti Neurons for ITSM Flaws Allow Persistent Access, XSS

Read Report
April 15, 2026

Multiple Fortinet Flaws Enable Code Execution and Access

Read Report

Trusted by clients worldwide

Logo
Logo
Logo
Logo
Logo
Logo

Your 24/7 Security Partner

Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.

Awards Image
Awards Image
Awards Image
Awards Image
Awards Image
Awards Image