CISA Releases Multiple Industrial Control Systems Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a series of advisories addressing newly discovered vulnerabilities in a wide range of industrial control systems (ICS) products. These advisories, released between October 13 and 21, 2025, cover products from major vendors such as Rockwell Automation, Siemens, Schneider Electric, Delta Electronics, Hitachi Energy, and Oxford Nanopore Technologies. The advisories provide technical details about the vulnerabilities, including affected versions, potential impacts, and recommended mitigations. For Rockwell Automation, advisories were published for products including the 1783-NATR, Compact GuardLogix 5370, 1715 EtherNet/IP, ArmorStart AOP, FactoryTalk Linx, FactoryTalk View Machine Edition, and PanelView Plus 7 Terminal, with some vulnerabilities identified by specific CVEs such as CVE-2025-9063 and CVE-2025-9064. Siemens products affected include SIMATIC S7-1200 CPU V1/V2 Devices, RUGGEDCOM ROS Devices, HyperLynx, Industrial Edge App Publisher, SIMATIC ET 200SP Communication Processors, SINEC NMS, SiPass Integrated, Solid Edge SE2024 and SE2025, and TeleControl Server Basic. Schneider Electric advisories addressed issues in Pro-Face GP-Pro EX and Remote HMI, Modicon Controllers, Advanced Reporting and Dashboards Module for EcoStruxure Power Operation, and EcoStruxure Power Monitoring Expert (PME) across several versions. Additional advisories were released for CloudEdge Online Cameras and App, Raisecomm RAX701-GC Series, and Oxford Nanopore Technologies MinKNOW. The advisories detail the nature of the vulnerabilities, which range from improper input validation to authentication bypass and remote code execution risks. CISA and the Canadian Centre for Cyber Security both urge ICS users and administrators to review the advisories, apply recommended mitigations, and update affected systems to reduce the risk of exploitation. The coordinated release of these advisories highlights the ongoing threat landscape facing critical infrastructure and the need for timely patch management. Many of the vulnerabilities could allow attackers to gain unauthorized access, disrupt operations, or compromise sensitive industrial processes. The advisories include links to technical documentation and vendor updates, enabling organizations to assess their exposure and take immediate action. The affected products are widely deployed in sectors such as manufacturing, energy, and utilities, increasing the urgency for remediation. CISA’s advisories are part of a broader effort to enhance the security posture of industrial environments against evolving cyber threats. The inclusion of both new and updated advisories for previously disclosed vulnerabilities demonstrates the dynamic nature of ICS security. Organizations are reminded to follow best practices for ICS security, including network segmentation, access control, and regular vulnerability assessments. The advisories also emphasize the importance of monitoring for signs of exploitation and maintaining up-to-date incident response plans. By addressing these vulnerabilities promptly, asset owners can help safeguard critical infrastructure from potential cyberattacks.
Sources
Related Stories
Multiple Critical Vulnerabilities Disclosed in Industrial Control Systems by CISA
CISA released thirteen advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors including Rockwell Automation, Siemens, Hitachi Energy, Schneider Electric, and Delta Electronics. The advisories highlight severe security flaws such as missing authentication for critical functions, improper authorization, buffer overflows, SQL injection, and improper certificate validation. For Siemens TeleControl Server Basic, a vulnerability (CVE-2025-40765) allows unauthenticated remote attackers to obtain password hashes and perform authenticated operations on the database service, with a CVSS v3.1 score of 9.8, indicating critical risk. Rockwell Automation's FactoryTalk View Machine Edition and PanelView Plus 7 are susceptible to path traversal and improper authorization, potentially granting attackers unauthorized access to device file systems and sensitive diagnostic information. FactoryTalk ViewPoint is vulnerable to XML external entity injection, which could result in denial-of-service conditions. Siemens SiPass Integrated faces multiple issues, including buffer overflows and cross-site scripting, which could enable arbitrary code execution and unauthorized access. The Siemens SIMATIC ET 200SP Communication Processors have a missing authentication flaw that could allow attackers to access configuration data remotely. Siemens SINEC NMS is affected by a SQL injection vulnerability that could let low-privileged users escalate privileges. Siemens Solid Edge products are exposed to out-of-bounds read and write vulnerabilities, risking application crashes or code execution. Siemens HyperLynx and Industrial Edge App Publisher are vulnerable to type confusion, potentially leading to arbitrary code execution via crafted HTML pages. Hitachi Energy MACH GWS products have incorrect default permissions and improper validation issues, which could allow attackers to tamper with system files, cause denial of service, or perform man-in-the-middle attacks. The advisories provide technical details, affected product versions, and recommended mitigations, urging administrators to review and apply patches or workarounds. The vulnerabilities impact critical infrastructure sectors such as manufacturing, energy, water, and transportation, with products deployed worldwide. Many of the flaws are remotely exploitable with low attack complexity, increasing the urgency for remediation. CISA emphasizes the importance of timely action to prevent exploitation, as several vulnerabilities could lead to unauthorized access, data manipulation, or disruption of essential services. The advisories also reference the need to consult vendor-specific security updates for the most current information. Organizations are advised to assess their exposure, prioritize patching, and implement recommended security controls to mitigate these risks. The coordinated disclosure underscores the ongoing threat to ICS environments and the necessity for robust security practices across operational technology networks.
5 months agoCISA Releases Multiple ICS Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) released a coordinated set of 18 Industrial Control Systems (ICS) advisories, detailing newly discovered vulnerabilities across a range of products from vendors such as Siemens, Mitsubishi Electric, AVEVA, Brightpick AI, and General Industrial Controls. These advisories highlight critical and high-severity issues including improper authentication, buffer overflows, weak cryptography, DLL hijacking, and improper certificate validation, many of which are remotely exploitable and could lead to code execution, privilege escalation, denial-of-service, or unauthorized access to sensitive systems. Affected products span widely used ICS components such as Siemens LOGO! 8 BM Devices, AVEVA Edge, Brightpick Mission Control, and General Industrial Controls Lynx+ Gateway, with several vulnerabilities assigned CVSS v4 scores above 8, indicating significant risk to industrial environments. CISA urges organizations to review the technical details and apply mitigations as recommended in the advisories to reduce exposure to these threats. The advisories provide actionable intelligence for asset owners and operators, including lists of affected product versions, vulnerability descriptions, and remediation steps. This coordinated disclosure underscores the ongoing targeting of ICS environments and the need for timely patching and robust security practices to protect critical infrastructure from exploitation.
4 months agoMultiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors, including Inductive Automation, Schneider Electric, Mitsubishi Electric, Siemens, Rockwell Automation, and Axis Communications. The vulnerabilities span a variety of attack vectors, such as improper privilege management, deserialization of untrusted data, OS command injection, and flaws in network protocol implementations. Exploitation of these vulnerabilities could result in severe outcomes, including SYSTEM-level code execution, denial-of-service conditions, information tampering, information disclosure, authentication bypass, and remote code execution across affected ICS platforms. Vendors have issued patches and mitigation guidance for impacted products, urging organizations in critical infrastructure sectors to update their systems promptly. The advisories highlight the global deployment of these products in sectors such as manufacturing, energy, and commercial facilities, underscoring the potential for widespread impact if left unaddressed. CISA encourages administrators to review the technical details and apply recommended remediations to reduce the risk of exploitation and maintain operational resilience.
2 months ago