1 article
Two critical vulnerabilities in Eclipse BaSyx V2 — the open-source Industrial Internet of Things Asset Administration Shell implementation used in Industry 4.0 infrastructure — allow an unauthenticated attacker to achieve remote code execution and bypass network segmentation. CVE-2026-7411 (CVSS 10.0) enables arbitrary file write on the BaSyx server; CVE-2026-7412 (CVSS 8.6) enables blind SSRF that can bypass OT network isolation. Patches are available in BaSyx V2 milestone-10.
Eclipse BaSyx's CVSS 10.0 vulnerability is not a story about old OT equipment running Windows XP. It is a story about new, modern, actively maintained open-source ICS infrastructure that was deployed rapidly into Industry 4.0 architectures without the security scrutiny that its network position demands. The security debt in operational technology environments has migrated upward — into the integration and orchestration layer that connects IT and OT.
CipherWatch Editorial
Security Intelligence Platform