ICSA-26-106-03 · Published 2026-04-16 · View on CISA ICS-CERT ↗

Anviz Multiple Products

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications, and ultimately obtain full control over affected devices.

CVEs (12)

CVE-2026-33093 CVE-2026-35061 CVE-2026-32648 CVE-2026-40461 CVE-2026-35682 CVE-2026-35546 CVE-2026-40066 CVE-2026-32324 CVE-2026-31927 CVE-2026-33569 CVE-2026-40434 CVE-2026-32650

Remediations

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.

Affected Vendors

Anviz

Affected Products (3)

Anviz · CX2 Lite Firmware vers:all/*

Anviz · CX7 Firmware vers:all/*

Anviz · CrossChex Standard vers:all/*

Affected Sectors

Commercial Facilities, Critical Manufacturing, Defense Industrial Base, Energy, Financial Services, Food and Agriculture, Government Services and Facilities, Healthcare and Public Health, Information Technology, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more