Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
ABB CoreSense HM and M10 Path Traversal Vulnerability (CVE-2025-3465)
Occurred 16 Apr 2025·Detected 23 May 2026·
Worldwide deployment of ABB CoreSense HM and M10 ICS products; ABB headquartered in Switzerland1 reportEnded 29 May 2026
Cyber
CISA has republished an ABB advisory disclosing a path traversal vulnerability (CVE-2025-3465) affecting ABB CoreSense HM and CoreSense M10 industrial control system products deployed worldwide. The flaw allows unauthenticated users with local network access to traverse restricted directories, potentially leading to complete system compromise and sensitive information exposure. Affected sectors include Food and Agriculture, Commercial Facilities, and Critical Manufacturing. A vendor patch is available.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: Second-pass historical recalibration. This cyber advisory or vulnerability item is relevant to Cyber and technology-dependent Property/Casualty books, but it does not evidence confirmed insured loss, claims activity, ransomware/business interruption, critical infrastructure outage, or quantified market impact sufficient for HIGH.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:34
Status changed to active
evidence_trigger: authoritative_fast_track
signal → active
Initial Detection23 May 2026, 21:14
Initial Detection
CISA has republished an ABB advisory disclosing a path traversal vulnerability (CVE-2025-3465) affecting ABB CoreSense HM and CoreSense M10 industrial control system products deployed worldwide. The flaw allows unauthenticated users with local network access to traverse restricted directories, potentially leading to complete system compromise and sensitive information exposure. Affected sectors include Food and Agriculture, Commercial Facilities, and Critical Manufacturing. A vendor patch is available.
A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information.
Source: CISA Advisories (Official Advisory) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts