← Back to home
ICSA-26-181-06  ·  Published 2026-06-30  ·  View on CISA ICS-CERT ↗

StoneFly Storage Concentrator

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems.

Remediations

  • StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities.
  • For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/.

Affected Vendors

StoneFly

Affected Products (6)

StoneFly · Storage Concentrator <8.0.4.22
StoneFly · Storage Concentrator Virtual Machine <8.0.4.22
StoneFly · Storage Concentrator <8.0.4.26
StoneFly · Storage Concentrator Virtual Machine <8.0.4.26
StoneFly · Storage Concentrator <8.0.4.29
StoneFly · Storage Concentrator Virtual Machine <8.0.4.29

Affected Sectors

Defense Industrial Base, Energy, Financial Services, Healthcare and Public Health, Information Technology

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more