CISA Releases Multiple ICS Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) released a coordinated set of 18 Industrial Control Systems (ICS) advisories, detailing newly discovered vulnerabilities across a range of products from vendors such as Siemens, Mitsubishi Electric, AVEVA, Brightpick AI, and General Industrial Controls. These advisories highlight critical and high-severity issues including improper authentication, buffer overflows, weak cryptography, DLL hijacking, and improper certificate validation, many of which are remotely exploitable and could lead to code execution, privilege escalation, denial-of-service, or unauthorized access to sensitive systems. Affected products span widely used ICS components such as Siemens LOGO! 8 BM Devices, AVEVA Edge, Brightpick Mission Control, and General Industrial Controls Lynx+ Gateway, with several vulnerabilities assigned CVSS v4 scores above 8, indicating significant risk to industrial environments.
CISA urges organizations to review the technical details and apply mitigations as recommended in the advisories to reduce exposure to these threats. The advisories provide actionable intelligence for asset owners and operators, including lists of affected product versions, vulnerability descriptions, and remediation steps. This coordinated disclosure underscores the ongoing targeting of ICS environments and the need for timely patching and robust security practices to protect critical infrastructure from exploitation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
CISA announces release of 18 ICS advisories
CISA issued a roundup notice stating it had released 18 Industrial Control Systems advisories on that date, including multiple vendor-specific advisories published or republished the same day.
CISA republishes Siemens COMOS vulnerability advisory
CISA republished Siemens ProductCERT advisory SSA-682326 covering two high-severity COMOS vulnerabilities that could enable arbitrary code execution or data infiltration in affected deployments. The advisory states the issues are fixed in COMOS v10.4.5 or later and that no known public exploitation had been reported at publication.
CISA publishes Siemens Software Center and Solid Edge vulnerability advisory
CISA published advisory ICSA-25-317-17 for CVE-2025-40827, an uncontrolled search path element flaw that could allow DLL hijacking and arbitrary code execution on Siemens Software Center versions before 3.5 and Solid Edge SE2025 versions before V225.0 Update 10. Siemens recommended updating to fixed versions, and CISA said the flaw was not remotely exploitable and had no known public exploitation.
CISA republishes Siemens LOGO! 8 BM vulnerabilities advisory
CISA republished a Siemens advisory describing three vulnerabilities in LOGO! 8 BM devices: CVE-2025-40815, a buffer overflow that could enable remote code execution or denial of service, and CVE-2025-40816 and CVE-2025-40817, missing-authentication flaws that could allow unauthorized configuration changes. Siemens said no fix is available for CVE-2025-40815 and no fixes are planned for the other two issues, instead providing mitigations such as strong passwords and restricting access to UDP port 10006.
CISA republishes Mitsubishi MELSEC iQ-F DoS vulnerability advisory
CISA republished a Mitsubishi Electric advisory for CVE-2025-10259, a remotely exploitable denial-of-service flaw in MELSEC iQ-F Series CPU modules that can disconnect targeted TCP communications. Mitsubishi recommended mitigations including VPN use and restricting physical and LAN access, and CISA said no public exploitation was known.
Siemens fixes two COMOS vulnerabilities in version 10.4.5
Siemens addressed CVE-2023-45133 affecting COMOS Web deployments and CVE-2024-0056 affecting COMOS installations using the COMOS Snapshots component by recommending updates to COMOS v10.4.5 or later.
CISA says Siemens COMOS flaws will not receive further CISA advisory updates
The Siemens COMOS advisory notes that, as of 2023-01-10, CISA will no longer update Siemens ICS advisories beyond their initial publication and directs users to Siemens ProductCERT for the latest information.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Siemens Software Center and Solid Edge
cisa.gov
Open sourceSiemens COMOS
cisa.gov
Open sourceMitsubishi Electric MELSEC iQ-F Series
cisa.gov
Open sourceAVEVA Edge
cisa.gov
Open sourceCISA Releases 18 Industrial Control Systems Advisories
cisa.gov
Open sourceAVEVA Application Server IDE
cisa.gov
Open sourceSiemens Solid Edge
cisa.gov
Open sourceSiemens SICAM P850 family and SICAM P855 family
cisa.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors, including Inductive Automation, Schneider Electric, Mitsubishi Electric, Siemens, Rockwell Automation, and Axis Communications. The vulnerabilities span a variety of attack vectors, such as improper privilege management, deserialization of untrusted data, OS command injection, and flaws in network protocol implementations. Exploitation of these vulnerabilities could result in severe outcomes, including SYSTEM-level code execution, denial-of-service conditions, information tampering, information disclosure, authentication bypass, and remote code execution across affected ICS platforms. Vendors have issued patches and mitigation guidance for impacted products, urging organizations in critical infrastructure sectors to update their systems promptly. The advisories highlight the global deployment of these products in sectors such as manufacturing, energy, and commercial facilities, underscoring the potential for widespread impact if left unaddressed. CISA encourages administrators to review the technical details and apply recommended remediations to reduce the risk of exploitation and maintain operational resilience.
Mar 21, 2026
CISA Releases Multiple Industrial Control Systems Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a series of advisories addressing newly discovered vulnerabilities in a wide range of industrial control systems (ICS) products. These advisories, released between October 13 and 21, 2025, cover products from major vendors such as Rockwell Automation, Siemens, Schneider Electric, Delta Electronics, Hitachi Energy, and Oxford Nanopore Technologies. The advisories provide technical details about the vulnerabilities, including affected versions, potential impacts, and recommended mitigations. For Rockwell Automation, advisories were published for products including the 1783-NATR, Compact GuardLogix 5370, 1715 EtherNet/IP, ArmorStart AOP, FactoryTalk Linx, FactoryTalk View Machine Edition, and PanelView Plus 7 Terminal, with some vulnerabilities identified by specific CVEs such as CVE-2025-9063 and CVE-2025-9064. Siemens products affected include SIMATIC S7-1200 CPU V1/V2 Devices, RUGGEDCOM ROS Devices, HyperLynx, Industrial Edge App Publisher, SIMATIC ET 200SP Communication Processors, SINEC NMS, SiPass Integrated, Solid Edge SE2024 and SE2025, and TeleControl Server Basic. Schneider Electric advisories addressed issues in Pro-Face GP-Pro EX and Remote HMI, Modicon Controllers, Advanced Reporting and Dashboards Module for EcoStruxure Power Operation, and EcoStruxure Power Monitoring Expert (PME) across several versions. Additional advisories were released for CloudEdge Online Cameras and App, Raisecomm RAX701-GC Series, and Oxford Nanopore Technologies MinKNOW. The advisories detail the nature of the vulnerabilities, which range from improper input validation to authentication bypass and remote code execution risks. CISA and the Canadian Centre for Cyber Security both urge ICS users and administrators to review the advisories, apply recommended mitigations, and update affected systems to reduce the risk of exploitation. The coordinated release of these advisories highlights the ongoing threat landscape facing critical infrastructure and the need for timely patch management. Many of the vulnerabilities could allow attackers to gain unauthorized access, disrupt operations, or compromise sensitive industrial processes. The advisories include links to technical documentation and vendor updates, enabling organizations to assess their exposure and take immediate action. The affected products are widely deployed in sectors such as manufacturing, energy, and utilities, increasing the urgency for remediation. CISA’s advisories are part of a broader effort to enhance the security posture of industrial environments against evolving cyber threats. The inclusion of both new and updated advisories for previously disclosed vulnerabilities demonstrates the dynamic nature of ICS security. Organizations are reminded to follow best practices for ICS security, including network segmentation, access control, and regular vulnerability assessments. The advisories also emphasize the importance of monitoring for signs of exploitation and maintaining up-to-date incident response plans. By addressing these vulnerabilities promptly, asset owners can help safeguard critical infrastructure from potential cyberattacks.
Mar 21, 2026Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing newly discovered vulnerabilities affecting a range of industrial control system (ICS) products from vendors including Advantech, Johnson Controls, Mitsubishi Electric, and SolisCloud. The vulnerabilities include a critical SQL injection flaw in Advantech iView (CVE-2025-13373), improper certificate expiration validation in Johnson Controls iSTAR (CVE-2025-61736), cleartext storage of sensitive information in Mitsubishi Electric GX Works2 (CVE-2025-3784), a forced browsing vulnerability in Johnson Controls OpenBlue Mobile Web Application (CVE-2025-26381), and an authorization bypass in SolisCloud Monitoring Platform (CVE-2025-13932). These flaws could allow attackers to access or modify sensitive data, disrupt communications, or gain unauthorized access to critical infrastructure systems. CISA's advisories provide technical details, affected product versions, and recommended mitigations, such as software updates and network segmentation, to reduce the risk of exploitation. The vulnerabilities impact products deployed globally across sectors such as critical manufacturing, energy, commercial facilities, and government services. Some advisories note that fixes are available, while others indicate that patches are still under development or that vendors have not responded to coordination efforts. CISA urges organizations using these products to review the advisories and implement recommended mitigations to protect against potential attacks targeting these ICS environments.
Mar 21, 2026