SEV3 — ElevatedCLOSEDCyber✓ Corroborated · 5 sources1d ago

Critical ICS/SCADA Vulnerabilities Flagged in Dallas-Fort Worth — Contact-Center and Knowledge-Worker Operations Footprint at Risk

Two Severity-10 Sentinel signals have flagged critical vulnerabilities in OpenPLC v3 and Digi International PortServer TS/Digi One SP IA — industrial control and serial-device-server products commonly embedded in building management, power distribution, and network infrastructure at large facilities. Dallas-Fort Worth hosts one of the densest contact-center and knowledge-worker footprints in the US, with nearly 790,000 seats across in-house and outsourced operations, making facility-level disruption from exploitation of these vulnerabilities a material risk to staffing continuity and service levels. Operations leaders should verify whether DFW-area sites rely on affected ICS/SCADA or serial gateway products and confirm with facility and IT security teams that patching or network isolation is underway.

Impact Summary

Two Severity-10 Sentinel signals have flagged critical vulnerabilities in OpenPLC v3 and Digi International PortServer TS/Digi One SP IA — industrial control and serial-device-server products commonly embedded in building management, power distribution, and network infrastructure at large facilities. Dallas-Fort Worth hosts one of the densest contact-center and knowledge-worker footprints in the US, with nearly 790,000 seats across in-house and outsourced operations, making facility-level disruption from exploitation of these vulnerabilities a material risk to staffing continuity and service levels. Operations leaders should verify whether DFW-area sites rely on affected ICS/SCADA or serial gateway products and confirm with facility and IT security teams that patching or network isolation is underway.

Domain
Cyber
Region
Dallas-Fort Worth, US, US
Opened By
watchkeeper
Jul 10, 2026, 12:00 AM UTC
Validated By
auto
Jul 10, 2026, 12:00 AM UTC
Event Cluster
2 events
OVIX Score
10.0
Closed
watchkeeper-auto(resolved)
Jul 11, 2026, 12:30 PM UTC

Timeline4

Incident openedby watchkeeperJul 10, 2026, 12:00 AM UTC
Declared from 2 signals. OVIX 10. News 1. BPO 3. High-confidence (auto).
Severity validatedby autoJul 10, 2026, 12:00 AM UTC
Auto-validated: SEV3 per policy.
Note addedby watchkeeperJul 10, 2026, 12:00 AM UTC
External corroboration: corroborated (5 sources via Exa). cybersecurefox.com, cyfar.ca, cybersecuritynews.com, windowsnews.ai, cybernoz.com
Incident closedby watchkeeperJul 11, 2026, 12:30 PM UTC
Auto-closed: no new material events within 36h for this incident.

Evidence / Why this?

Traced to source — read-onlyUpdated Jul 10, 12:00 AM UTC
Why declareddeclareHybrid
Incident declaration (deterministic floor + LLM relevance gate)v1
DECLARE when deterministicFloor AND (llm.declare OR acuteWeatherFloor) AND NOT aggregateTitle, and no open same-domain incident merges it. deterministicFloor = maxSeverity>=8 AND (newsScore>=1 OR bpoScore>=1 OR acuteWeatherFloor). acuteWeatherFloor = maxSeverity>=9 AND any signal is an acute severe-weather WARNING (tornado/severe-thunderstorm/flash-flood) — overrides the LLM footprint-based suppression. aggregateTitle (grab-bag "Multiple/Several/Various…") is refused (agents-019 §D). Asset-class deny (military/war-zone, WFM-37) suppresses earlier. cyberFloor disabled (agents-009 hotfix).
domain
cyber
regions
["Dfw"]
bpo score
3
news score
1
llm declare
yes
max severity
10
signal count
2
llm rationale
Severity-10 ICS/SCADA vulnerabilities in a high-density DFW operations hub with nearly 790,000 seats represent a credible, acute threat to facility infrastructure underpinning contact-center and knowledge-worker continuity; this is geographically and technically distinct from the open Denver incident and warrants a declared incident.
aggregate title
no
high confidence
yes
acute weather floor
no
deterministic floor
yes
model claude-sonnet-4-6 · prompt watchkeeper-declare-2026-06
Why SEV3SEV3score 3Deterministic
Incident severity level (SEV1–SEV4) at declarationv1
Base: SEV2 if sev>=9 AND news>=2 AND bpo>=1; else SEV3 if sev>=8 AND (news>=1 OR bpo>=1); else SEV4. Acute severe-weather (agents-028): if sev>=9 floor to SEV3 (SEV2→SEV3); minor/transient watches+advisories drop SEV2/SEV3→SEV4. Single-event cap: any SEV2 caps to SEV3 absent sustained multi-day BPO-region corroboration (SEV2 promotion is human-gated via revalidation). score = numeric SEV (1=most severe … 4); SEV3/SEV4 auto-validate, SEV1/SEV2 require human validation.
domain
cyber
bpo score
3
news score
1
persistent
no
max severity
10
auto validated
yes
acute weather floor
no
Geo Provenance
Tierapprox
Sourcenone
Deterministic

Related Signals14

[Dfw] cyber 10.0 — OpenPLC v3sentinel8h ago[Dfw] cyber 10.0 — Hitachi Energy e-mesh EMSsentinel10h ago[Dfw] cyber 10.0 — OpenPLC v3sentinel21h ago[Dfw] cyber 10.0 — Hitachi Energy e-mesh EMSsentinel22h ago[Dfw] cyber 10.0 — Digi International PortServer TS, Digi One SP IAsentinel23h ago[Dfw] cyber 10.0 — OpenPLC v3sentinel1d ago[Dfw] cyber 10.0 — Hydro-Québec Le Circuit Electrique charging station backendsentinel1d ago[Dfw] cyber 10.0 — Labcenter Proteus 9sentinel1d ago[Dfw] cyber 10.0 — Hydro-Québec Le Circuit Electrique charging station backendsentinel1d ago[Dfw] cyber 10.0 — OpenPLC v3sentinel1d ago[Dfw] cyber 10.0 — Hitachi Energy PROMOD Vsentinel1d ago[Dfw] cyber 10.0 — Hydro-Québec Le Circuit Electrique charging station backendsentinel1d ago[Dfw] cyber 10.0 — Digi International PortServer TS, Digi One SP IAsentinel1d ago[Dfw] cyber 10.0 — OpenPLC v3sentinel1d ago

External Corroboration

✓ Corroborated · 5 sourcesChecked Jul 10, 2026, 12:00 AM UTC
Cisco Unified CM SSRF Bug CVE-2026-20230 Patch Guidecybersecurefox.comJun 29, 2026, 09:31 AM UTCCyber Centre Daily Advisory Digest — 2026-07-06 (8 advisories) · cyfar.cacyfar.caJul 6, 2026, 04:10 PM UTCCISA Warns of Cisco Unified CM Vulnerability Exploited in Attackscybersecuritynews.comJun 26, 2026, 07:47 AM UTCCritical SNMP Vulnerability in Schneider Electric Easergy Relays Opens Door to Grid Disruption - Windows Newswindowsnews.aiJul 9, 2026, 04:32 PM UTCCVE-2024-2658 vulnerability in Schneider Electric software: risks to industrial control systems - Cybernozcybernoz.comJul 1, 2026, 07:10 PM UTC

Affected Regions

Dfw