www.cisa.gov 7/2/2026, 5:11:22 PM · external

CubeSpace Reaction Wheel Flaw Allows Malicious Firmware Upload

CyberSIXT Evidence Panel Source marked as original reporting

THE ICS Advisory for the CubeSpace CW0057 Reaction Wheel, released on July 2, 2026, highlights a critical vulnerability that allows attackers to upload malicious firmware due to improper verification of cryptographic signatures. The affected firmware versions are prior to 5.0.20. The advisory indicates that exploitation requires physical access to the device, which limits remote attack potential.

CubeSpace has released firmware 5.0.20 to enable secure boot functionality, which must be activated by users for full protection. CISA recommends defensive measures to mitigate risks, including minimizing network exposure and employing secure remote access methods.

View full article

Article by CyberSIXT