THE ICS Advisory for the CubeSpace CW0057 Reaction Wheel, released on July 2, 2026, highlights a critical vulnerability that allows attackers to upload malicious firmware due to improper verification of cryptographic signatures. The affected firmware versions are prior to 5.0.20. The advisory indicates that exploitation requires physical access to the device, which limits remote attack potential.
CubeSpace has released firmware 5.0.20 to enable secure boot functionality, which must be activated by users for full protection. CISA recommends defensive measures to mitigate risks, including minimizing network exposure and employing secure remote access methods.