ICSA-26-183-01
·
Published 2026-07-02
·
View on CISA ICS-CERT ↗
ST Engineering iDirect iQ-Series Terminals
CVSS 8.1
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.
CVEs (2)
Remediations
- ST Engineering iDirect has fixed the vulnerabilities and recommend users update the software to version 4.5.2.2 or newer.
- Registered users are able to download patches from the iDirect Support Portal https://support.idirect.net/s/login.
- Restrict management interfaces to trusted networks (e.g., VPN, ACLs).
- Avoid exposing administrative APIs to the public internet.
- Enforce strong authentication practices.
- Monitor for anomalous API activity and unexpected device reboots.
Affected Vendors
ST Engineering iDirect
Affected Products (3)
ST Engineering iDirect
·
Evolution iQ‑Series terminals
<=4.5.2.1
ST Engineering iDirect
·
3315‑Series terminals
<=4.5.2.1
ST Engineering iDirect
·
9‑Series terminals
<=4.5.2.1
Affected Sectors
Communications, Defense Industrial Base, Energy, Government Services and Facilities, Transportation Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more