Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Siemens SIMATIC CN 4100 Multiple Vulnerabilities – CISA ICS Advisory ICSA-26-134-10
Occurred 14 May 2026·Detected 23 May 2026·
🇩🇪 Siemens AG headquarters in Munich, Germany; affected devices deployed globally in critical manufacturing sectors1 reportEnded 29 May 2026
Cyber
CISA has issued an ICS advisory for Siemens SIMATIC CN 4100 industrial communication devices running firmware versions prior to V5.0. The advisory discloses over 40 distinct vulnerabilities including NULL pointer dereferences, use-after-free, stack-based buffer overflows, integer overflows, race conditions, and improper access controls. The highest CVSS v3 score is 9.6 (Critical). Affected devices are deployed worldwide in critical manufacturing sectors. Siemens has released a patch (V5.0) and recommends immediate update.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: Second-pass historical recalibration. This cyber advisory or vulnerability item is relevant to Cyber and technology-dependent Property/Casualty books, but it does not evidence confirmed insured loss, claims activity, ransomware/business interruption, critical infrastructure outage, or quantified market impact sufficient for HIGH.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Affected countries
🇩🇪 Germany🇬🇱 GLOBAL
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:34
Status changed to active
evidence_trigger: authoritative_fast_track
signal → active
De-escalation25 May 2026, 17:12
Impact changed
high → medium
Initial Detection23 May 2026, 21:24
Initial Detection
CISA has issued an ICS advisory for Siemens SIMATIC CN 4100 industrial communication devices running firmware versions prior to V5.0. The advisory discloses over 40 distinct vulnerabilities including NULL pointer dereferences, use-after-free, stack-based buffer overflows, integer overflows, race conditions, and improper access controls. The highest CVSS v3 score is 9.6 (Critical). Affected devices are deployed worldwide in critical manufacturing sectors. Siemens has released a patch (V5.0) and recommends immediate update.
SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. CVSS Vendor Equipment Vulnerabilities v3 9.6 Siemens Siemens SIMATIC. Critical Infrastructure Sectors: Critical Manufacturing. Countries/Areas Deployed: Worldwide.
Source: CISA Advisories (Official Advisory) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts