ICSA-26-181-06
·
Published 2026-06-30
·
View on CISA ICS-CERT ↗
StoneFly Storage Concentrator
CVSS 10.0
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems.
Remediations
- StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities.
- For additional questions or support, users may contact StoneFly at https://stonefly.com/contact-us/.
Affected Vendors
StoneFly
Affected Products (6)
StoneFly
·
Storage Concentrator
<8.0.4.22
StoneFly
·
Storage Concentrator Virtual Machine
<8.0.4.22
StoneFly
·
Storage Concentrator
<8.0.4.26
StoneFly
·
Storage Concentrator Virtual Machine
<8.0.4.26
StoneFly
·
Storage Concentrator
<8.0.4.29
StoneFly
·
Storage Concentrator Virtual Machine
<8.0.4.29
Affected Sectors
Defense Industrial Base, Energy, Financial Services, Healthcare and Public Health, Information Technology
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more