ICS[AP] Dashboards are updated with the 18 CISA Advisories released on 5/14/26:
Siemens: 16 New
Universal Robots: 1 New
SWTCH EV: 1 Update
www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement
ICS Advisory Project
- 151 Followers
- 20 Following
- 721 Posts
The ICS Advisory Project is an open-source project to provide Critical Infrastructure Security Agency (CISA) Advisory data in CSV format & supports interactive dashboard for OT/ICS Asset Owners.
ICS[AP] updated CISA ICS Advisories Master File for 5/14/26 & the following year's CSVs:
CISA_ICS_ADV_2026_5_14.csv
Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main
GitHub - icsadvprj/ICS-Advisory-Project: The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a community effort: please contribute to improve, expand, and maintain this data source.
The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a co...
New ICSAP Analysis Report out today: "Reading Between the Advisories."
Reviewed 3,800 CISA ICS advisories and 12,468 ICS[AP] vendor advisories for Linux exposure to Copy Fail (CVE-2026-31431).
0.8% mention Linux. Schneider, Rockwell, Mitsubishi, Hitachi Energy, Moxa: zero references each across 755 advisories.
Advisory text alone won't show asset owners their exposure.
TLP:CLEAR → https://drive.google.com/file/d/1CDvyFi3ZcdMewTJmSURRQhEoNVWQI67s/view?usp=sharing
#OTSecurity #ICSSecurity #CopyFail #CVE202631431 #LinuxKernel #PSIRT
ICS[AP] Dashboards are updated with the 7 CISA Advisories released on 5/7/26:
Fuji Electric: 1 New
Subnet Solutions Inc.: 1 New
ABB: 4 New
Ashlar-Vellum: 1 Update
www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement
ICS[AP] updated CISA ICS Advisories Master File for 5/12/26 & the following year's CSVs:
CISA_ICS_ADV_2026_5_12.csv
CISA_ICS_ADV_2025_5_12_26.csv
Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main
GitHub - icsadvprj/ICS-Advisory-Project: The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a community effort: please contribute to improve, expand, and maintain this data source.
The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a co...
ICS[AP] Dashboards are updated with the 5 CISA Advisories released on 5/7/26:
MAXHUB: 1 New
Schneider Electric: 1 Update
Intrado: 1 Update
Medtronic: 2 Update
www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement
ICS[AP] updated CISA ICS Advisories Master File for 5/7/26 & the following year's CSVs:
CISA_ICS_ADV_2026_5_7.csv
CISA_ICS_ADV_2025_5_7_26.csv
CISA_ICS_ADV_2024_5_7_26.csv
CISA_ICS_ADV_2023_5_7_26.csv
ICS-CERT_ADV_2018_05_07_26.csv
Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main
GitHub - icsadvprj/ICS-Advisory-Project: The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a community effort: please contribute to improve, expand, and maintain this data source.
The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a co...
ICS[AP] Dashboards are updated with the 7 CISA Advisories released on 5/5/26:
Hitachi Energy: 1 New | 1 Update
B&R Industrial Automation: 3 New
Johnson Controls Inc.: 1 New
Schneider Electric: 1 Update
www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement
ICS[AP] updated CISA ICS Advisories Master File for 5/5/26 & the following year's CSVs:
CISA_ICS_ADV_2026_5_5.csv
CISA_ICS_ADV_2024_5_5_26.csv
CISA_ICS_ADV_2023_5_5_26.csv
Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main
GitHub - icsadvprj/ICS-Advisory-Project: The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a community effort: please contribute to improve, expand, and maintain this data source.
The ICS Advisory Project is an open-source project to provide CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is a co...
ICSAP Analysis Report | ICSAP-AN-26-001
Reading Between the Advisories: Linux Kernel CVE-2026-31431 in the ICS Ecosystem
CVE-2026-31431 ("Copy Fail") was added to CISA's KEV Catalog on May 1. Theori's Xint Code research team disclosed it on April 29. It's a 9-year-old logic flaw in the Linux kernel's algif_aead module that lets any unprivileged local user escalate to root using a 732-byte Python script. The same exploit works on Ubuntu, Amazon Linux, RHEL, and SUSE without modification.
The mainstream security community has covered this well. What hasn't been written is the ICS angle.
We reviewed both the CISA ICS Advisory dataset (3,800 advisories since 2010) and the ICS[AP] Other CERT and Vendor ICS Advisories dataset (12,468 advisories) to see which industrial control system products have documented Linux exposure to this CVE.
Three observations:
Only 0.8% of CISA ICS advisories have ever explicitly mentioned Linux, the kernel, or embedded Linux components. Across 3,800 advisories, only two disclose a specific kernel version, and both are end-of-life branches.
Schneider Electric (234 CISA advisories, zero Linux mentions), Rockwell Automation (246, zero), Mitsubishi Electric (119, zero), Hitachi Energy (103, zero), and Moxa (53, zero) have published nothing about Linux in their CISA advisory text, despite shipping Linux-based product lines per their own technical documentation.
Container escape applies. CODESYS Control containers, Advantech IoTSuite Edge dockers, Bosch Rexroth ctrlX CORE container apps, and similar containerized industrial edge platforms are subject to the container-breakout behavior identified in Microsoft Defender's published analysis.
Asset owners cannot rely on advisory text to assess exposure. Direct vendor PSIRT engagement is the only defensible path. As of publication, no major ICS vendor has published a CVE-2026-31431-specific advisory.
ICSAP-AN-26-001 is the inaugural ICSAP Analysis Report. It covers the CVE technical mechanism with primary-source attribution to Theori, a Tier 1A list of 16 ICS product lines with documented Linux exposure, a Tier 2 list of 14 vendors whose Linux products do not surface in advisory text, and practitioner guidance for the next four to six weeks.
Read the full report at icsadvisoryproject.com or - download at https://drive.google.com/file/d/1v5RWBFT0cHFUDkUhM0enwh3t1PdOGVcv/view
#ICS #OTSecurity #CriticalInfrastructure #LinuxKernel #CopyFail #VulnerabilityManagement