Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors, including Inductive Automation, Schneider Electric, Mitsubishi Electric, Siemens, Rockwell Automation, and Axis Communications. The vulnerabilities span a variety of attack vectors, such as improper privilege management, deserialization of untrusted data, OS command injection, and flaws in network protocol implementations. Exploitation of these vulnerabilities could result in severe outcomes, including SYSTEM-level code execution, denial-of-service conditions, information tampering, information disclosure, authentication bypass, and remote code execution across affected ICS platforms.
Vendors have issued patches and mitigation guidance for impacted products, urging organizations in critical infrastructure sectors to update their systems promptly. The advisories highlight the global deployment of these products in sectors such as manufacturing, energy, and commercial facilities, underscoring the potential for widespread impact if left unaddressed. CISA encourages administrators to review the technical details and apply recommended remediations to reduce the risk of exploitation and maintain operational resilience.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
CISA releases nine ICS advisories across multiple vendors
CISA announced the release of nine industrial control systems advisories covering products from Inductive Automation, Schneider Electric, National Instruments, Mitsubishi Electric, Siemens, Advantech, Rockwell Automation, and Axis Communications. The agency urged operators to review the advisories and apply recommended mitigations to reduce risk to critical infrastructure.
CISA discloses Rockwell Micro800 controller vulnerabilities
CISA published advisory ICSA-25-352-07 for CVE-2025-13823 and CVE-2025-13824 affecting Rockwell Automation Micro820, Micro850, and Micro870 controllers. The vulnerabilities could be exploited to trigger denial-of-service conditions in widely used industrial controllers.
CISA discloses Siemens Interniche IP-Stack vulnerability
CISA published advisory ICSA-25-352-05 covering CVE-2025-40820 in Siemens products using the Interniche IP-Stack. The issue stems from improper TCP sequence number validation and could enable denial-of-service attacks against TCP-based services.
CISA discloses Mitsubishi Electric Iconics command injection flaw
CISA published advisory ICSA-25-352-04 for CVE-2025-11774 affecting multiple Mitsubishi Electric Iconics Digital Solutions products. The vulnerability could allow arbitrary code execution, denial of service, tampering, or information disclosure through local configuration-file manipulation.
CISA discloses Schneider Electric Foxboro DCS Advisor RCE flaw
CISA published advisory ICSA-25-352-02 for CVE-2025-59287 affecting Schneider Electric EcoStruxure Foxboro DCS Advisor via WSUS. The critical vulnerability could allow remote code execution with system-level privileges if unpatched.
CISA discloses Ignition privilege-escalation vulnerability
CISA published advisory ICSA-25-352-01 for CVE-2025-13911 in Inductive Automation Ignition 8.1.x and 8.3.x. The flaw allows authenticated administrators to upload malicious project files whose Python scripts execute with SYSTEM privileges on Windows hosts.
Siemens releases updates and mitigations for Interniche IP-Stack flaw
Siemens published fixes for some affected products and workarounds for others in response to CVE-2025-40820 in the Interniche IP-Stack. The vulnerability could let an unauthenticated attacker disrupt TCP connection setup and cause denial of service in numerous Siemens industrial products.
Rockwell Automation releases updates for Micro800 controller flaws
Rockwell Automation released firmware updates and mitigation guidance for CVE-2025-13823 and CVE-2025-13824 affecting Micro820, Micro850, and Micro870 controllers. Successful exploitation could cause denial-of-service conditions that leave controllers unresponsive or in a fault state.
Mitsubishi Electric issues fixes for CVE-2025-11774
Mitsubishi Electric released patches for most affected Iconics Digital Solutions products impacted by CVE-2025-11774, and advised MC Works64 users to upgrade to a fixed product version. The flaw is an OS command injection issue in the keypad function that could enable arbitrary code execution with local access.
Microsoft releases WSUS patches for CVE-2025-59287
Microsoft released security updates KB5070882 and KB5070884 to address CVE-2025-59287, a critical deserialization flaw in Windows Server Update Services used by Schneider Electric EcoStruxure Foxboro DCS Advisor. Schneider Electric later directed customers to apply these patches.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Inductive Automation Ignition
cisa.gov
Open sourceSchneider Electric EcoStruxure Foxboro DCS Advisor
cisa.gov
Open sourceMitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products
cisa.gov
Open sourceRockwell Automation Micro820, Micro850, Micro870
cisa.gov
Open sourceSiemens Interniche IP-Stack
cisa.gov
Open sourceCISA Releases Nine Industrial Control Systems Advisories
cisa.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Critical Vulnerabilities Disclosed in Industrial Control Systems by CISA
CISA released thirteen advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors including Rockwell Automation, Siemens, Hitachi Energy, Schneider Electric, and Delta Electronics. The advisories highlight severe security flaws such as missing authentication for critical functions, improper authorization, buffer overflows, SQL injection, and improper certificate validation. For Siemens TeleControl Server Basic, a vulnerability (CVE-2025-40765) allows unauthenticated remote attackers to obtain password hashes and perform authenticated operations on the database service, with a CVSS v3.1 score of 9.8, indicating critical risk. Rockwell Automation's FactoryTalk View Machine Edition and PanelView Plus 7 are susceptible to path traversal and improper authorization, potentially granting attackers unauthorized access to device file systems and sensitive diagnostic information. FactoryTalk ViewPoint is vulnerable to XML external entity injection, which could result in denial-of-service conditions. Siemens SiPass Integrated faces multiple issues, including buffer overflows and cross-site scripting, which could enable arbitrary code execution and unauthorized access. The Siemens SIMATIC ET 200SP Communication Processors have a missing authentication flaw that could allow attackers to access configuration data remotely. Siemens SINEC NMS is affected by a SQL injection vulnerability that could let low-privileged users escalate privileges. Siemens Solid Edge products are exposed to out-of-bounds read and write vulnerabilities, risking application crashes or code execution. Siemens HyperLynx and Industrial Edge App Publisher are vulnerable to type confusion, potentially leading to arbitrary code execution via crafted HTML pages. Hitachi Energy MACH GWS products have incorrect default permissions and improper validation issues, which could allow attackers to tamper with system files, cause denial of service, or perform man-in-the-middle attacks. The advisories provide technical details, affected product versions, and recommended mitigations, urging administrators to review and apply patches or workarounds. The vulnerabilities impact critical infrastructure sectors such as manufacturing, energy, water, and transportation, with products deployed worldwide. Many of the flaws are remotely exploitable with low attack complexity, increasing the urgency for remediation. CISA emphasizes the importance of timely action to prevent exploitation, as several vulnerabilities could lead to unauthorized access, data manipulation, or disruption of essential services. The advisories also reference the need to consult vendor-specific security updates for the most current information. Organizations are advised to assess their exposure, prioritize patching, and implement recommended security controls to mitigate these risks. The coordinated disclosure underscores the ongoing threat to ICS environments and the necessity for robust security practices across operational technology networks.
Mar 21, 2026Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing newly discovered vulnerabilities affecting a range of industrial control system (ICS) products from vendors including Advantech, Johnson Controls, Mitsubishi Electric, and SolisCloud. The vulnerabilities include a critical SQL injection flaw in Advantech iView (CVE-2025-13373), improper certificate expiration validation in Johnson Controls iSTAR (CVE-2025-61736), cleartext storage of sensitive information in Mitsubishi Electric GX Works2 (CVE-2025-3784), a forced browsing vulnerability in Johnson Controls OpenBlue Mobile Web Application (CVE-2025-26381), and an authorization bypass in SolisCloud Monitoring Platform (CVE-2025-13932). These flaws could allow attackers to access or modify sensitive data, disrupt communications, or gain unauthorized access to critical infrastructure systems. CISA's advisories provide technical details, affected product versions, and recommended mitigations, such as software updates and network segmentation, to reduce the risk of exploitation. The vulnerabilities impact products deployed globally across sectors such as critical manufacturing, energy, commercial facilities, and government services. Some advisories note that fixes are available, while others indicate that patches are still under development or that vendors have not responded to coordination efforts. CISA urges organizations using these products to review the advisories and implement recommended mitigations to protect against potential attacks targeting these ICS environments.
Mar 21, 2026
CISA Releases Multiple ICS Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) released a coordinated set of 18 Industrial Control Systems (ICS) advisories, detailing newly discovered vulnerabilities across a range of products from vendors such as Siemens, Mitsubishi Electric, AVEVA, Brightpick AI, and General Industrial Controls. These advisories highlight critical and high-severity issues including improper authentication, buffer overflows, weak cryptography, DLL hijacking, and improper certificate validation, many of which are remotely exploitable and could lead to code execution, privilege escalation, denial-of-service, or unauthorized access to sensitive systems. Affected products span widely used ICS components such as Siemens LOGO! 8 BM Devices, AVEVA Edge, Brightpick Mission Control, and General Industrial Controls Lynx+ Gateway, with several vulnerabilities assigned CVSS v4 scores above 8, indicating significant risk to industrial environments. CISA urges organizations to review the technical details and apply mitigations as recommended in the advisories to reduce exposure to these threats. The advisories provide actionable intelligence for asset owners and operators, including lists of affected product versions, vulnerability descriptions, and remediation steps. This coordinated disclosure underscores the ongoing targeting of ICS environments and the need for timely patching and robust security practices to protect critical infrastructure from exploitation.
Mar 21, 2026