The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten new advisories addressing vulnerabilities in Industrial Control Systems (ICS).
These advisories aim to inform stakeholders about critical security issues, exploits, and mitigation strategies for ICS technologies widely deployed across essential sectors like manufacturing, energy, healthcare, and infrastructure.
Overview of Released Advisories
The advisories cover vulnerabilities in products from leading vendors such as Siemens, Rockwell Automation, ABB, Subnet Solutions Inc., and INFINITT Healthcare. Below is a summary of the affected systems:
.png
)
Siemens License Server (ICSA-25-100-01)
The advisory includes vulnerabilities including improper privilege management (CWE-269) and certificate validation flaws (CWE-295).
Exploits could allow local users to escalate privileges or execute arbitrary code. CVE-2025-29999 and CVE-2025-30000 have been assigned, with CVSS v4 scores of 5.4 each.
Siemens SIDIS Prime (ICSA-25-100-02)
Siemens’ SIDIS Prime faces 13 distinct vulnerabilities with a CVSS v4 score of 9.1, marking it as a high-priority target for attackers.
Exploitable remotely with low complexity, the flaws include heap-based buffer overflows, race conditions, and improper input validation, which could enable unauthorized deletions, denial-of-service (DoS) conditions, or remote code execution.
Siemens Solid Edge (ICSA-25-100-03)
An Out-of-Bounds Write vulnerability, tracked as CVE-2024-54091, categorized as CWE-787, presents a significant security risk, as successful exploitation can result in arbitrary code execution.
The vulnerability is triggered through the processing of maliciously crafted X_T files. The severity of this issue is reflected in its CVSS v4 score of 7.32, indicating a high potential for impact.
Siemens Industrial Edge Devices (ICSA-25-100-04)
Weak authentication mechanisms (CWE-1390) in API endpoints could allow remote attackers to bypass authentication and impersonate legitimate users.
CVE-2024-54092 has a CVSS v4 score of 9.3, highlighting its criticality for edge computing environments.
Siemens Insights Hub Private Cloud (ICSA-25-100-05)
Multiple vulnerabilities including CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, CVE-2025-24514 in Kubernetes ingress-nginx configurations.
Attackers could exploit improper input validation to inject malicious configurations, leading to arbitrary code execution or exposure of cluster-wide secrets.
Siemens SENTRON 7KT PAC1260 Data Manager (ICSA-25-100-06)
A path traversal vulnerability (CWE-22) in the web interface could enable unauthorized access to files with root privileges. CVE-2024-41792 has been assigned a CVSS v4 score of 8.6.
Rockwell Automation Arena (ICSA-25-100-07)
Multiple vulnerabilities including two high-risk vulnerabilities, CVE-2025-2285 and CVE-2025-2293, each with a CVSS v4 score of 8.5.
The vulnerabilities expose systems to potential code execution or information disclosure due to out-of-bounds writes (CWE-787) and stack-based buffer overflows (CWE-125).
Subnet Solutions PowerSYSTEM Center (ICSA-25-100-08)
Vulnerabilities including out-of-bounds reads (CWE-125) and deserialization of untrusted data (CWE-502) present risks of denial-of-service or privilege escalation.
CVE-2025-31354 and CVE-2025-31935 have been assigned CVSS v4 scores reaching 6.9.
ABB Arctic Wireless Gateways (ICSA-25-100-09)
ABB’s Arctic Wireless Gateways, used in industrial IoT deployments, contain seven vulnerabilities, including path traversal (CVE-2023-47614) and buffer overflows in Telit modem firmware.
These flaws, with CVSS v4 scores up to 9.2, allow local attackers to escalate privileges or disclose sensitive data.
INFINITT Healthcare PACS (ICSMA-25-100-01)
INFINITT Healthcare’s Picture Archiving and Communication System (PACS) is affected by CVE-2025-27714 (unrestricted file upload, CVSS v4 8.7) and CVE-2025-27721 (unauthorized access, CVSS v4 8.7), which could enable attackers to execute malicious code or access patient data.
These vulnerabilities pose significant risks across sectors such as energy, manufacturing, healthcare, and water systems.
Exploitation could result in unauthorized access, data manipulation, denial-of-service conditions, or remote code execution—potentially disrupting essential services.
Mitigation Recommendations
CISA advises affected organizations to:
- Update vulnerable systems to the latest firmware or software versions as specified in vendor advisories.
- Restrict network access to ICS devices using firewalls and secure configurations.
- Avoid exposing ICS devices directly to the internet.
- Implement Virtual Private Networks (VPNs) for remote access while ensuring VPNs are secure and updated.
The release of these ten ICS advisories underscores the growing cybersecurity challenges facing industrial control systems globally.
Organizations are urged to act swiftly to mitigate risks associated with these vulnerabilities and protect critical infrastructure from exploitation.
Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial
