SEV3 — ElevatedCLOSEDCyber✓ Corroborated · 5 sources1d ago

Critical ICS/SCADA Vulnerabilities Flagged in Colorado Springs — Contact-Center and Knowledge-Worker Operations Footprint at Risk

A severity-10 sentinel alert flags critical vulnerabilities in Digi International PortServer TS and Digi One SP IA serial-to-network device servers in Colorado Springs — hardware commonly deployed in facility infrastructure, building access, and network edge environments supporting contact-center and back-office sites. With approximately 6,400 contact-center seats, 15,540 back-office seats, and 44,790 knowledge-worker seats in the area, exploitation of these ICS/SCADA-adjacent devices could disrupt site connectivity, physical access controls, or operational continuity. Site and IT security teams should audit exposure of Digi serial server deployments, apply available patches or compensating controls, and verify network segmentation between OT/IT boundaries.

Impact Summary

A severity-10 sentinel alert flags critical vulnerabilities in Digi International PortServer TS and Digi One SP IA serial-to-network device servers in Colorado Springs — hardware commonly deployed in facility infrastructure, building access, and network edge environments supporting contact-center and back-office sites. With approximately 6,400 contact-center seats, 15,540 back-office seats, and 44,790 knowledge-worker seats in the area, exploitation of these ICS/SCADA-adjacent devices could disrupt site connectivity, physical access controls, or operational continuity. Site and IT security teams should audit exposure of Digi serial server deployments, apply available patches or compensating controls, and verify network segmentation between OT/IT boundaries.

Domain
Cyber
Region
Colorado Springs, US, US
Opened By
watchkeeper
Jul 10, 2026, 12:30 AM UTC
Validated By
auto
Jul 10, 2026, 12:30 AM UTC
Event Cluster
1 event
OVIX Score
10.0
Closed
watchkeeper-auto(resolved)
Jul 11, 2026, 01:00 PM UTC

Timeline4

Incident openedby watchkeeperJul 10, 2026, 12:30 AM UTC
Declared from 1 signals. OVIX 10. News 1. BPO 1. High-confidence (auto).
Severity validatedby autoJul 10, 2026, 12:30 AM UTC
Auto-validated: SEV3 per policy.
Note addedby watchkeeperJul 10, 2026, 12:30 AM UTC
External corroboration: corroborated (5 sources via Exa). cybersecurefox.com, cyberpress.org, cybersecuritynews.com, osintsights.com, securityaffairs.com
Incident closedby watchkeeperJul 11, 2026, 01:00 PM UTC
Auto-closed: no new material events within 36h for this incident.

Evidence / Why this?

Traced to source — read-onlyUpdated Jul 10, 12:30 AM UTC
Why declareddeclareHybrid
Incident declaration (deterministic floor + LLM relevance gate)v1
DECLARE when deterministicFloor AND (llm.declare OR acuteWeatherFloor) AND NOT aggregateTitle, and no open same-domain incident merges it. deterministicFloor = maxSeverity>=8 AND (newsScore>=1 OR bpoScore>=1 OR acuteWeatherFloor). acuteWeatherFloor = maxSeverity>=9 AND any signal is an acute severe-weather WARNING (tornado/severe-thunderstorm/flash-flood) — overrides the LLM footprint-based suppression. aggregateTitle (grab-bag "Multiple/Several/Various…") is refused (agents-019 §D). Asset-class deny (military/war-zone, WFM-37) suppresses earlier. cyberFloor disabled (agents-009 hotfix).
domain
cyber
regions
["Colorado Springs"]
bpo score
1
news score
1
llm declare
yes
max severity
10
signal count
1
llm rationale
Severity-10 ICS/SCADA vulnerability alert in a region with confirmed, non-trivial contact-center and knowledge-worker footprint; distinct location from open incidents in Dallas-Fort Worth, Des Moines, and Denver — not a duplicate.
aggregate title
no
high confidence
yes
acute weather floor
no
deterministic floor
yes
model claude-sonnet-4-6 · prompt watchkeeper-declare-2026-06
Why SEV3SEV3score 3Deterministic
Incident severity level (SEV1–SEV4) at declarationv1
Base: SEV2 if sev>=9 AND news>=2 AND bpo>=1; else SEV3 if sev>=8 AND (news>=1 OR bpo>=1); else SEV4. Acute severe-weather (agents-028): if sev>=9 floor to SEV3 (SEV2→SEV3); minor/transient watches+advisories drop SEV2/SEV3→SEV4. Single-event cap: any SEV2 caps to SEV3 absent sustained multi-day BPO-region corroboration (SEV2 promotion is human-gated via revalidation). score = numeric SEV (1=most severe … 4); SEV3/SEV4 auto-validate, SEV1/SEV2 require human validation.
domain
cyber
bpo score
1
news score
1
persistent
no
max severity
10
auto validated
yes
acute weather floor
no
Geo Provenance
Tiercentroid
Sourcegeo_density
Deterministic

Related Signals14

[Colorado Springs] cyber 10.0 — OpenPLC v3sentinel8h ago[Colorado Springs] cyber 10.0 — Hitachi Energy e-mesh EMSsentinel10h ago[Colorado Springs] cyber 10.0 — OpenPLC v3sentinel14h ago[Colorado Springs] cyber 10.0 — Hitachi Energy PROMOD Vsentinel16h ago[Colorado Springs] cyber 10.0 — OpenPLC v3sentinel21h ago[Colorado Springs] cyber 10.0 — Digi International PortServer TS, Digi One SP IAsentinel23h ago[Colorado Springs] cyber 10.0 — OpenPLC v3sentinel1d ago[Colorado Springs] cyber 10.0 — Hydro-Québec Le Circuit Electrique charging station backendsentinel1d ago[Colorado Springs] cyber 10.0 — Labcenter Proteus 9sentinel1d ago[Colorado Springs] cyber 10.0 — Hydro-Québec Le Circuit Electrique charging station backendsentinel1d ago[Colorado Springs] cyber 10.0 — OpenPLC v3sentinel1d ago[Colorado Springs] cyber 10.0 — Hitachi Energy PROMOD Vsentinel1d ago[Colorado Springs] cyber 10.0 — Hydro-Québec Le Circuit Electrique charging station backendsentinel1d ago[Colorado Springs] cyber 10.0 — Digi International PortServer TS, Digi One SP IAsentinel1d ago

External Corroboration

✓ Corroborated · 5 sourcesChecked Jul 10, 2026, 12:30 AM UTC
Cisco Unified CM SSRF Bug CVE-2026-20230 Patch Guidecybersecurefox.comJun 29, 2026, 09:31 AM UTCCISA Warns Actively Exploited Cisco Unified Communications Manager SSRF Flawcyberpress.orgJun 26, 2026, 05:38 AM UTCCISA Warns of Cisco Unified CM Vulnerability Exploited in Attackscybersecuritynews.comJun 26, 2026, 07:47 AM UTCCISA Mandates Urgent Patching for Exploited Cisco Flaw | OSINTSightsosintsights.comJun 26, 2026, 08:13 PM UTCU.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalogsecurityaffairs.comJun 26, 2026, 10:35 AM UTC

Affected Regions

Colorado Springs