2 Updates Published – 6-2-26

Today CISA’s NCCIC-ICS published two updates for control system security advisories for products from Schneider Electric and Dreame Technology. I also include a brief down-the-rabbit-hole look at failing to coordinate with CISA.

Schneider Update

This update provides additional information on the EcoStruxure advisory that was originally published on March 20^th, 2025. The new information includes announcing that a fix was available for available for EcoStruxure Process Expert for AVEVA System Platform.

NOTE: I briefly mentioned the Schneider update upon which this is based on May 17^th, 2026.

Dreame Update

This update provides additional information on the Dreamehome iOS advisory that was originally published on August 7^th, 2025. The new information includes announcing that Dreame had new versions that mitigate the vulnerability.

DTRH No Coordination

The original advisory included the note that: “Dreame Technology did not respond to CISA’s request for coordination.” I have not gone back and tallied up the number of these ‘did not respond’ that were attached to advisories for products from China, but it seems to me that a significant number are from companies headquartered there.

Hopefully this is just a communications issue, but I suspect that it is more of a socio-political commentary that to the Chinese, the American government just does not count. That may be influenced by the relative size of the market in the two countries. And let’s not forget, their customers, even those in this country, will probably never see the CISA advisory and CISA’s ‘did not respond’ comment.

Please note that CISA did not mention the earlier failure to coordinate, in fact, that comment was removed from the advisory. Their job is to share information, not make judgements. And that is the way that is supposed to be. But, some of us need to remember.