CVE-2025-14510 in ABB Ability OPTIMAX allows full authentication bypass when Azure Active Directory SSO is enabled, with no fix available for version 6.1 or 6.2 - part of a six-advisory ABB batch published 30 April 2026 affecting EU water and energy operators.
CVE-2025-14510 enables complete authentication bypass in ABB OPTIMAX systems using Azure AD integration, demonstrating cloud identity risks in OT environments.
SSA-770890 discloses a path traversal flaw in CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 substation RTUs; exposure depends on debug support activation state, making configuration audit the first step before patching.
A Mexican water utility disclosed eleven days of read-only access enabled by LLM-assisted reconnaissance. European sectoral SOCs face the same threat class within months. Behavioral baselines tuned to manual probing no longer detect the new tempo.
Schneider Electric disclosed a CVSS 9.8 pre-authentication remote code execution flaw in Modicon M340 and M580 PLCs on 22 April. Working exploit code appeared seventy-two hours later. EU operators should patch within fourteen days, not the ninety-day cycle NIS2 minimum language permits.
Six European water utilities disclosed ransomware between January and mid-April 2026, against three in the same period of 2025. The doubling reflects three distinct criminal ecosystems pivoting toward critical infrastructure with operational impact pricing in their negotiation logic.
Q1 2026 NIS2 Article 21 audits across nine EU member states surfaced three implementation patterns: supply-chain flow-down versus technical validation, encryption-at-rest scope, and governance documentation depth. The divergences will narrow with ENISA Q4 guidance.
Siemens ProductCERT released the Q2 2026 firmware bundle for SIMATIC S7-1500 controllers, containing five CVEs from CVSS 5.4 to 8.2. None are pre-authentication remote code execution. Thirty-day deployment window with internet-reachable units prioritized.