Home / Technologies & innovation / ICS PROJECT

ICS PROJECT

A team dedicated to identifying vulnerabilities (CVEs) in industrial and embedded systems.

A direct contribution to the security of industrial and embedded systems

The ICS PROJECT (Intrusive Control Systems PROJECT) was created to actively identify vulnerabilities in systems (industrial & embedded) and contribute to their official recognition (CVE).

The work carried out goes beyond traditional client engagements and is part of a voluntary approach, with a clear objective: to produce exploitable vulnerabilities in controlled environments, qualify them, and have them publicly recognized. This approach makes it possible to act directly on the security of technologies used in industry by revealing real flaws and contributing to their remediation through responsible disclosure.

Beyond this contribution, the ICS PROJECT is a dedicated exploration space. It enables working on open-ended challenges, testing new approaches, and tackling high-impact technical topics. This dynamic, both individual and collective, fosters engagement, stimulates curiosity, and sustainably strengthens the team’s expertise.

“

Our objective is not limited to identifying vulnerabilities: we demonstrate that they are truly exploitable by producing concrete proof-of-concept exploits, up to their publication as CVEs.

Samir SghaierPentest Team Manager

A rigorous approach, grounded in real-world conditions

The work carried out within the ICS PROJECT is based on exploring existing environments under conditions close to production. Each research effort is conducted within a controlled framework, in compliance with responsible disclosure principles.

Concretely, the approach is based on several key steps:

Identify

Detection of vulnerabilities in real systems

Exploit

Development of proof-of-concept exploits (PoC)

Analyze

Technical assessment and impact assessment

Document

Clear and reproducible documentation

Report

Coordination with vendors (responsible disclosure)

Publish (CVE)

Official recognition
and international dissemination

OUR PRINCIPLES

We structure our approach around 3 principles

1

Proofs of exploitation

Contribute to the identification and remediation of vulnerabilities affecting technologies used across the entire industrial ecosystem.

2

Build structured knowledge

Rely on real-world cases
to enhance skills and enrich practices.

3

Capitalize on knowledge

Structure, share, and transmit knowledge derived from ICS PROJECT activities.

Security Advisories

2026

2026-06-16 | Medium – Use of Externally-Controlled Format String, (CVE-2026-10828) by Remi ONNO

2026-06-16 | High – Stack-based Buffer Overflow, (CVE-2026-10829) by Remi ONNO

Cookie	Duration	Description
_cookielawinfo [x4]		This Cookie is used to save your Cookies Setting Preferences.
_current_language		Allows the user's choice of language to be guided

Cookie	Duration	Description
_ga	2 years	This Cookie is used for visitor identification and tracking, storing the Client ID along with other parameters.
_gat	10 minutes	This Cookie is used for throttling analytics requests to Google Analytics servers, so as to increase the efficiency of network calls.
_gid	24 hours of inactivity	This Cookie is used to group user behavior together for each user.