At ADISRA, we closely follow developments across the industrial automation and cybersecurity landscape because the challenges affecting the industry ultimately affect our customers as well. From emerging cyber threats and aging infrastructure to changing technology standards and operating system support, the industrial automation market continues to evolve rapidly.
As part of our commitment to supporting our customers and partners, we decided to dedicate this blog to sharing important industry insights and public service announcements that may help organizations better understand potential risks and prepare for the future. Our goal is simple: provide practical information that can help improve awareness, strengthen operations, and encourage proactive planning.
For this first public service update, we wanted to focus on safety and cybersecurity. According to recent research from Check Point Research, manufacturing and industrial automation remained the number one targeted industry globally for cyberattacks in 2025 for the fourth consecutive year, accounting for approximately 27.7% of all recorded incidents. Ransomware attacks targeting manufacturing increased dramatically, rising 56% to 1,466 documented incidents compared to 937 incidents in 2024. Much of this increase has been attributed to vulnerable legacy OT (Operational Technology) systems, increasingly complex supply chains, and the rapid growth of Ransomware-as-a-Service (RaaS) operations. Ransomware-as-a-Service is a cybercrime business model where developers sell pre-written ransomware to other hackers for their own ransomware attacks. The growing use of AI-driven attack campaigns is expected to further accelerate these threats in the coming years.
AI generated
Legacy Operating Systems and OT Environments
One area of growing concern across industrial operations is the continued use of aging operating systems. Microsoft Windows 10 officially reached the end of support on October 14, 2025, meaning the operating system no longer receives standard security updates or mainstream technical support.
According to StatCounter, a significant percentage of desktop systems worldwide are still running Windows 10. While these systems may continue to operate normally, unsupported platforms increase cybersecurity exposure and operational risk over time.
It is important to note that many OT and industrial automation systems do not typically run standard Windows 10 editions. Instead, many industrial platforms operate on Windows 10 LTSC (Long-Term Servicing Channel) or Windows Server, which continue to receive support for longer periods. For example:
• Windows 10 Enterprise LTSC 2021 mainstream support ends January 12, 2027
• Windows Server 2022 mainstream support ends October 13, 2026
• Windows Server 2025 mainstream support ends November 13, 2029
Even with extended support timelines, organizations should understand exactly where these operating systems are deployed within their OT environments and develop long-term migration and cybersecurity strategies before support deadlines are reached. Visibility into legacy systems is becoming increasingly important as cyber threats continue to target older infrastructure.
AI generated
Internet-Connected OT Devices and Infrastructure Awareness
On April 7, 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with several partner agencies, issued an advisory regarding increased cybersecurity activity targeting internet-connected industrial control systems across critical infrastructure sectors. According to the advisory, a group identified as CyberAv3ngers was observed targeting certain internet-accessible Allen-Bradley PLCs manufactured by Rockwell Automation.
The activity reportedly affected facilities in areas such as water treatment, energy, and manufacturing operations. The advisory indicated that attackers attempted to manipulate data displayed on HMI and SCADA systems, interfere with project files, and disrupt PLC functionality. Devices mentioned in the advisory included CompactLogix and Micro850 PLC platforms.
The purpose of the advisory was not to create alarm, but rather to encourage organizations to review the security posture of operational technology (OT) systems that may be directly accessible from the public internet. The advisory also noted the potential for similar activity targeting other industrial devices across critical infrastructure environments.
According to internet monitoring firm Censys, more than 5,200 Allen-Bradley devices were identified as publicly exposed to the internet globally, with approximately 75% located in the United States.
As industrial connectivity continues to expand, visibility into networked OT assets and adherence to cybersecurity best practices become increasingly important for maintaining reliable and secure operations.
AI generated
Network Infrastructure Security and SD-WAN Awareness
Another important cybersecurity topic for industrial organizations in 2026 involved a security advisory related to Cisco Catalyst SD-WAN Controllers. Cisco Catalyst SD-WAN is widely adopted and identified as a market leader for large-scale enterprise and multi-cloud networking, and SD-WAN (Software-Defined Wide Area Network) technologies are widely used to securely connect distributed operations, remote facilities, manufacturing plants, and critical infrastructure environments.
Security researchers disclosed a critical vulnerability, CVE-2026-20182, affecting certain Cisco Catalyst SD-WAN Controller platforms. The vulnerability involved an authentication bypass issue that could potentially allow unauthorized access to the central network management infrastructure. Because SD-WAN controllers often sit at the center of trusted communications between facilities, cloud infrastructure, and remote operations, vulnerabilities in these systems can receive significant industry attention.
The advisory serves as another reminder of how modern industrial environments increasingly rely on interconnected IT and OT infrastructure. Network management platforms, remote access systems, edge devices, and centralized control architectures have become essential for supporting distributed industrial operations, but they also require ongoing cybersecurity maintenance and monitoring.
Cisco has released software updates to address the vulnerability and provided guidance to help organizations review indicators of compromise and validate system integrity. At the time of the advisory, no alternative workaround was available other than applying the recommended software updates.
As industrial networks continue to expand across facilities, cloud systems, and edge infrastructure, cybersecurity awareness is increasingly integral to maintaining reliable and resilient operations.
AI generated
Industrial Network Segmentation and PLC Security Best Practices
Another recent advisory concerned certain Siemens SIMATIC S7 PLCs, in which multiple vulnerabilities were identified in the embedded web server functionality. According to the advisory, the vulnerabilities could potentially allow cross-site scripting (XSS) attacks under certain conditions. Cross-site scripting is a web security vulnerability that allows an attacker to inject malicious client-side scripts into a trusted website. Siemens released updated software versions for affected products and recommended that organizations update systems to the latest supported releases where appropriate.
Beyond the specific vulnerability itself, the advisory reinforces several cybersecurity best practices that continue to apply across industrial automation environments regardless of vendor or platform. One of the most important recommendations is to minimize direct network exposure of control system devices and, whenever possible, ensure that PLCs, HMIs, engineering workstations, and remote OT assets are not directly accessible from the public internet.
The advisory also highlighted the importance of placing industrial control networks behind properly configured firewalls and isolating OT systems from general business networks using defense-in-depth strategies. Defense-in-depth strategy uses multiple, overlapping layers of security controls to protect assets. Network segmentation continues to be one of the most effective approaches for reducing cybersecurity risk in industrial environments.
At the same time, organizations must balance cybersecurity improvements with operational continuity. CISA recommends that industrial operators conduct appropriate impact analyses and risk assessments before deploying defensive changes or updates to production control systems.
AI Generated
Collaborative Robot Security and Network Exposure
A recent CISA advisory highlighted a critical vulnerability affecting certain Universal Robots PolyScope 5 software versions prior to 5.25.1. The vulnerability affected the Dashboard Server interface and could allow unauthorized network access to robot controllers if systems were improperly exposed.
In 2026, over 100,000 Universal Robots collaborative robots have been sold worldwide, with a significant portion of these units running on the PolyScope 5 platform.
The advisory serves as another reminder that modern cobot robots are increasingly connected systems that rely on network communications, remote management, and integration with broader automation architectures. As industrial devices become more interconnected, cybersecurity considerations are becoming an important part of maintaining operational reliability and resilience.
Universal Robots released updated software to address the issue and recommended upgrading affected systems to PolyScope 5.25.1 or newer. Additional recommendations included disabling unused network services, limiting access to trusted hosts, and reviewing firewall and segmentation strategies for industrial networks.
Conclusion
As industrial automation systems continue to evolve, organizations are becoming more connected than ever before through cloud infrastructure, remote access, edge computing, IIoT devices, collaborative robotics, and integrated OT/IT architectures. While these technologies create tremendous opportunities for efficiency, visibility, and operational intelligence, they also require increased awareness around cybersecurity, infrastructure management, and operational resilience.
Some of the best operational practices are:
- Review whether OT devices are directly exposed to the public internet
- Verify remote access and firewall configurations
- Maintain current firmware and software updates where possible
- Segment OT and IT networks appropriately
- Monitor for unusual system activity or unauthorized access attempts
- Restrict remote access to authorized systems and personnel
- Maintain current software and firmware updates
- Review engineering workstation and remote support access policies
- Monitor centralized management systems closely
- Regularly review cybersecurity advisories from vendors and government agencies such as CISA
The purpose of this blog was not to create alarm, but rather to share practical industry insights and recent advisories that may help organizations better understand the changing industrial landscape. Many of the recommendations discussed throughout these advisories are not new concepts, including network segmentation, limiting internet exposure, maintaining current software updates, reviewing remote access policies, and understanding where legacy systems exist within operations. However, these foundational practices continue to play an important role in supporting reliable and secure industrial environments.
At ADISRA, we believe awareness and proactive planning are critical components of modern industrial operations. As cybersecurity, connectivity, and automation technologies continue to evolve, we will continue sharing industry insights, trends, and public service advisories that we believe may benefit our customers, partners, OEMs, system integrators, and the broader industrial automation community.
To learn more about ADISRA and our industrial automation software solutions, please visit our website at www.adisra.com.
To experience ADISRA SmartView firsthand, download the software here. If you would like a personalized demonstration or would like to discuss your industrial automation requirements and applications, you can request a meeting with our team here.
Microsoft, Windows, Windows 10, Windows 11, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation
Allen-Bradley, CompactLogix, Micro850, and Rockwell Automation are trademarks of Rockwell Automation, Inc.
Cisco Catalyst is a trademark of Cisco Systems, Inc.
SIMATIC and S7 are trademarks or registered trademarks of Siemens AG
Universal Robots and PolyScope are trademarks or registered trademarks of Universal Robots A/S
ADISRA®, ADISRA’S logo, InsightView®, and KnowledgeView® are registered trademarks of ADISRA, LLC.
© 2026 ADISRA, LLC. All Rights Reserved.