← Back to home
ICSA-26-183-01  ·  Published 2026-07-02  ·  View on CISA ICS-CERT ↗

ST Engineering iDirect iQ-Series Terminals

CVSS 8.1 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.

Remediations

  • ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.
  • Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s/login.
  • Restrict management interfaces to trusted networks (e.g., VPN, ACLs).
  • Avoid exposing administrative APIs to the public internet.
  • Enforce strong authentication practices.
  • Monitor for anomalous API activity and unexpected device reboots.

Affected Vendors

ST Engineering iDirect

Affected Products (3)

ST Engineering iDirect · Evolution iQ‑Series terminals <=4.5.2.1
ST Engineering iDirect · 3315‑Series terminals <=4.5.2.1
ST Engineering iDirect · 9‑Series terminals <=4.5.2.1

Affected Sectors

Communications, Defense Industrial Base, Energy, Government Services and Facilities, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more