Cyber Centre Daily Advisory Digest — 2026-06-03 (3 advisories)

What Happened

The Canadian Centre for Cyber Security has issued alerts for security flaws in three products: the Google Chrome web browser, ABB T-MAC Plus control systems, and Phoenix Contact charging controllers. These flaws could potentially allow unauthorized access or information disclosure, such as downloading logs without a password. Organizations and individuals using these products are affected. It is important to address these issues to prevent attackers from exploiting them. Users and administrators should apply the latest updates and firmware patches provided by the vendors.

Key Takeaways

• Google Chrome requires updates for Desktop versions prior to 149.0.7827.53/54 (Windows/Mac) and 149.0.7827.53 (Linux).
• ABB T-MAC Plus control systems contain multiple vulnerabilities (CVE-2025-14771 to CVE-2025-14774) in versions prior to 4.0-24.
• Phoenix Contact CHARX SEC-3xxx charging controllers suffer from an unauthenticated log download vulnerability in firmware prior to 1.9.0.

Affected Systems

• Google Chrome Stable Channel for Desktop (Windows, Mac, Linux)
• ABB T-MAC Plus
• Phoenix Contact CHARX SEC-3150, SEC-3050, and SEC-3000

Vulnerabilities (CVEs)

• CVE-2025-14771
• CVE-2025-14772
• CVE-2025-14773
• CVE-2025-14774

Attack Chain

The advisory does not detail a specific attack chain but highlights vulnerabilities that could be exploited by threat actors. For example, the Phoenix Contact vulnerability allows unauthenticated attackers to download logs, potentially leading to information disclosure that could facilitate further targeted attacks against the ICS/OT environment.

Detection Availability

• YARA Rules: No
• Sigma Rules: No
• Snort/Suricata Rules: No
• KQL Queries: No
• Splunk SPL Queries: No
• EQL Queries: No
• Other Detection Logic: No

No specific detection rules are provided in the advisory.

Detection Engineering Assessment

EDR Visibility: Low — EDR solutions typically do not have visibility into ICS/OT firmware vulnerabilities like those in ABB or Phoenix Contact devices. Network Visibility: Medium — Network monitoring might detect anomalous traffic to ICS devices, such as unauthenticated log download attempts on Phoenix Contact controllers. Detection Difficulty: Moderate — Detecting exploitation requires specific network signatures for the unauthenticated log downloads or monitoring for outdated Chrome versions via endpoint management.

Required Log Sources

• Network traffic logs
• Web proxy logs
• Vulnerability management/Endpoint inventory logs

Hunting Hypotheses

Control Gaps

• Lack of OT network segmentation
• Delayed patch management for endpoints and ICS devices

Key Behavioral Indicators

• Anomalous log access requests on ICS networks
• Outdated Chrome versions in endpoint inventory

False Positive Assessment

• Low

Recommendations

Immediate Mitigation

• Verify against your organization's incident response runbook and team escalation paths before acting.
• Update Google Chrome to version 149.0.7827.53/54 (Windows/Mac) or 149.0.7827.53 (Linux).
• Update Phoenix Contact CHARX SEC-3xxx firmware to version 1.9.0 or later.
• Apply mitigations or updates for ABB T-MAC Plus versions prior to 4.0-24 as per the vendor advisory.

Infrastructure Hardening

• Ensure ICS/OT devices like ABB T-MAC Plus and Phoenix Contact controllers are not directly exposed to the internet.
• Implement or review network segmentation to restrict access to charging controllers and control systems to authorized personnel only.

User Protection

• Ensure automated updates are enabled for Google Chrome on all user endpoints.

Security Awareness

• Remind users to restart their browsers when prompted to apply pending updates.