Multiple ICS Vulnerabilities Disclosed in November 2025 CISA Advisories
CISA published four new advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from Advantech, Ubia, and ABB. The vulnerabilities include improper input neutralization, path traversal, use of hard-coded credentials, insufficiently protected credentials, and improper validation of input types. Exploitation of these flaws could allow attackers to achieve remote code execution, denial-of-service, unauthorized access to camera feeds, or full remote control of affected devices. The impacted products are Advantech DeviceOn/iEdge (v2.0.2 and prior), Ubia Ubox (v1.1.124), and multiple ABB FLXeon controller models (various versions up to 9.3.5).
CISA recommends immediate review of the technical details and implementation of mitigations provided in the advisories. Notably, the Ubia Ubox vulnerability remains uncoordinated with the vendor, increasing risk for users. Organizations using these ICS products should prioritize patching, restrict network exposure, and follow CISA's defensive measures to minimize exploitation risk. The advisories underscore the ongoing threat to critical infrastructure posed by vulnerabilities in widely deployed ICS equipment.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
CISA announces release of four ICS advisories
CISA issued a general alert announcing the publication of four Industrial Control Systems advisories. The alert summarized that new ICS security guidance and vulnerability information had been released on November 6, 2025.
CISA publishes advisory on ABB FLXeon controller vulnerabilities
CISA released ICS Advisory ICSA-25-310-03 covering multiple vulnerabilities in ABB FLXeon controller product lines running firmware 9.3.5 and earlier. The advisory warned that successful exploitation could let attackers take control of devices, execute arbitrary code, or crash systems, and recommended firmware upgrades and reduced Internet exposure.
CISA publishes advisory on Ubia Ubox credential exposure flaw
CISA released ICS Advisory ICSA-25-310-02 for CVE-2025-12636 in Ubia Ubox version 1.1.124, warning that remotely exploitable insufficient credential protection could expose backend services, camera feeds, and device settings. CISA noted Ubia did not respond to coordination attempts and said no known public exploitation had been reported.
CISA publishes advisory on Advantech DeviceOn/iEdge flaws
CISA released ICS Advisory ICSA-25-310-01 warning of four vulnerabilities in Advantech DeviceOn/iEdge version 2.0.2 and earlier, including cross-site scripting and path traversal issues. Advantech said the affected products are end-of-life and advised customers to upgrade to DeviceOn, which is not affected.
Zero Science Lab reports ABB FLXeon vulnerabilities to ABB
Gjoko Krstikj of Zero Science Lab reported multiple vulnerabilities affecting ABB FLXeon controllers to ABB. The issues included hard-coded credentials, improper input validation, weak password storage, and path handling flaws that could enable remote code execution or device compromise.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CISA Releases Four Industrial Control Systems Advisories
cisa.gov
Open sourceAdvantech DeviceOn/iEdge
cisa.gov
Open sourceABB FLXeon Controllers
cisa.gov
Open sourceUbia Ubox
cisa.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing newly discovered vulnerabilities affecting a range of industrial control system (ICS) products from vendors including Advantech, Johnson Controls, Mitsubishi Electric, and SolisCloud. The vulnerabilities include a critical SQL injection flaw in Advantech iView (CVE-2025-13373), improper certificate expiration validation in Johnson Controls iSTAR (CVE-2025-61736), cleartext storage of sensitive information in Mitsubishi Electric GX Works2 (CVE-2025-3784), a forced browsing vulnerability in Johnson Controls OpenBlue Mobile Web Application (CVE-2025-26381), and an authorization bypass in SolisCloud Monitoring Platform (CVE-2025-13932). These flaws could allow attackers to access or modify sensitive data, disrupt communications, or gain unauthorized access to critical infrastructure systems. CISA's advisories provide technical details, affected product versions, and recommended mitigations, such as software updates and network segmentation, to reduce the risk of exploitation. The vulnerabilities impact products deployed globally across sectors such as critical manufacturing, energy, commercial facilities, and government services. Some advisories note that fixes are available, while others indicate that patches are still under development or that vendors have not responded to coordination efforts. CISA urges organizations using these products to review the advisories and implement recommended mitigations to protect against potential attacks targeting these ICS environments.
Mar 21, 2026
CISA Releases Multiple ICS Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) released a coordinated set of 18 Industrial Control Systems (ICS) advisories, detailing newly discovered vulnerabilities across a range of products from vendors such as Siemens, Mitsubishi Electric, AVEVA, Brightpick AI, and General Industrial Controls. These advisories highlight critical and high-severity issues including improper authentication, buffer overflows, weak cryptography, DLL hijacking, and improper certificate validation, many of which are remotely exploitable and could lead to code execution, privilege escalation, denial-of-service, or unauthorized access to sensitive systems. Affected products span widely used ICS components such as Siemens LOGO! 8 BM Devices, AVEVA Edge, Brightpick Mission Control, and General Industrial Controls Lynx+ Gateway, with several vulnerabilities assigned CVSS v4 scores above 8, indicating significant risk to industrial environments. CISA urges organizations to review the technical details and apply mitigations as recommended in the advisories to reduce exposure to these threats. The advisories provide actionable intelligence for asset owners and operators, including lists of affected product versions, vulnerability descriptions, and remediation steps. This coordinated disclosure underscores the ongoing targeting of ICS environments and the need for timely patching and robust security practices to protect critical infrastructure from exploitation.
Mar 21, 2026Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors, including Inductive Automation, Schneider Electric, Mitsubishi Electric, Siemens, Rockwell Automation, and Axis Communications. The vulnerabilities span a variety of attack vectors, such as improper privilege management, deserialization of untrusted data, OS command injection, and flaws in network protocol implementations. Exploitation of these vulnerabilities could result in severe outcomes, including SYSTEM-level code execution, denial-of-service conditions, information tampering, information disclosure, authentication bypass, and remote code execution across affected ICS platforms. Vendors have issued patches and mitigation guidance for impacted products, urging organizations in critical infrastructure sectors to update their systems promptly. The advisories highlight the global deployment of these products in sectors such as manufacturing, energy, and commercial facilities, underscoring the potential for widespread impact if left unaddressed. CISA encourages administrators to review the technical details and apply recommended remediations to reduce the risk of exploitation and maintain operational resilience.
Mar 21, 2026