Multiple ICS and Enterprise Product Vulnerabilities Disclosed by CISA and IBM
CISA released a series of Industrial Control System (ICS) security advisories addressing vulnerabilities in a wide range of products from vendors such as Advantech, Axis Communications, Hitachi Energy, Inductive Automation, Johnson Controls, Mitsubishi Electric, National Instruments, Rockwell Automation, Schneider Electric, and Siemens. These advisories urge administrators to review mitigation steps and apply available updates to protect critical infrastructure systems from potential exploitation.
Separately, IBM published security advisories for multiple enterprise products, including IBM API Connect, CloudPak for AIOps, DataPower Gateway, Db2, QRadar Suite, and Watson services, among others. The advisories highlight critical updates and recommend immediate patching to address identified vulnerabilities. Both CISA and IBM emphasize the importance of timely remediation to reduce risk exposure in operational and enterprise environments.
Sources
Related Stories
Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors, including Inductive Automation, Schneider Electric, Mitsubishi Electric, Siemens, Rockwell Automation, and Axis Communications. The vulnerabilities span a variety of attack vectors, such as improper privilege management, deserialization of untrusted data, OS command injection, and flaws in network protocol implementations. Exploitation of these vulnerabilities could result in severe outcomes, including SYSTEM-level code execution, denial-of-service conditions, information tampering, information disclosure, authentication bypass, and remote code execution across affected ICS platforms. Vendors have issued patches and mitigation guidance for impacted products, urging organizations in critical infrastructure sectors to update their systems promptly. The advisories highlight the global deployment of these products in sectors such as manufacturing, energy, and commercial facilities, underscoring the potential for widespread impact if left unaddressed. CISA encourages administrators to review the technical details and apply recommended remediations to reduce the risk of exploitation and maintain operational resilience.
2 months agoCISA Releases Multiple ICS Vulnerability Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) released a coordinated set of 18 Industrial Control Systems (ICS) advisories, detailing newly discovered vulnerabilities across a range of products from vendors such as Siemens, Mitsubishi Electric, AVEVA, Brightpick AI, and General Industrial Controls. These advisories highlight critical and high-severity issues including improper authentication, buffer overflows, weak cryptography, DLL hijacking, and improper certificate validation, many of which are remotely exploitable and could lead to code execution, privilege escalation, denial-of-service, or unauthorized access to sensitive systems. Affected products span widely used ICS components such as Siemens LOGO! 8 BM Devices, AVEVA Edge, Brightpick Mission Control, and General Industrial Controls Lynx+ Gateway, with several vulnerabilities assigned CVSS v4 scores above 8, indicating significant risk to industrial environments. CISA urges organizations to review the technical details and apply mitigations as recommended in the advisories to reduce exposure to these threats. The advisories provide actionable intelligence for asset owners and operators, including lists of affected product versions, vulnerability descriptions, and remediation steps. This coordinated disclosure underscores the ongoing targeting of ICS environments and the need for timely patching and robust security practices to protect critical infrastructure from exploitation.
4 months agoMultiple Security Advisories for Enterprise and Industrial Products
Several major vendors, including Dell, IBM, and CISA, have released security advisories addressing vulnerabilities in a wide range of enterprise and industrial control system products. Dell's advisories cover critical updates for products such as APEX Cloud Platform for Red Hat OpenShift, Enterprise SONiC Distribution, NetWorker, PowerSwitch models, and iDRAC controllers, urging administrators to apply patches to mitigate potential risks. IBM has similarly published advisories for multiple products, while CISA has issued alerts for vulnerabilities in industrial control systems from vendors like ABB, Advantech, Delta Electronics, Fuji Electric, IDIS, Radiometrics, Survision, and Ubia, recommending prompt mitigation and updates. In addition to these broad advisories, a critical denial-of-service vulnerability (CVE-2024-20399) was identified in Cisco's Identity Services Engine (ISE), which could allow unauthenticated attackers to crash network access control systems by exploiting the RADIUS protocol. Cisco has provided both temporary and permanent mitigation steps for affected versions. Separately, CISA added a Samsung Mobile Devices out-of-bounds write vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risk posed by actively exploited flaws and urging organizations to prioritize remediation to protect against cyber threats.
4 months ago