.webp?w=1600&resize=1600,900&ssl=1 "CISA")
The Cybersecurity and Infrastructure Security Agency (CISA) has released twenty new Industrial Control Systems (ICS) advisories, aimed at addressing critical vulnerabilities in industrial systems.
The advisories cover a wide range of ICS products from prominent vendors such as Siemens, ORing, mySCADA, and Mitsubishi Electric.
Each advisory highlights specific vulnerabilities that attackers could exploit to disrupt operations, gain unauthorized access, or execute malicious code.
Key Advisories and Vulnerabilities
Siemens SIMATIC S7-1200 CPU Family
This advisory addresses vulnerabilities in Siemens’ widely used programmable logic controllers (PLCs) which includes improper resource shutdown or release (CVE-2022-38465) and improper validation of syntactic correctness of input (CVE-2025-24811). Updating firmware is strongly advised.
Siemens SIMATIC
This advisory highlights Observable Discrepancy (CVE-2023-37482) across the broader SIMATIC product line with a CVSS v3 base score of 5.3. Siemens recommends applying security patches and isolating devices from external networks.
Siemens SIPROTEC 5
Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access.
This advisory focuses on the vulnerability in SIPROTEC 5 devices, allowing active debug code resulting in arbitrary code execution (CVE-2024-53648). Siemens advises users to update firmware and restrict network access.
Siemens SIPROTEC 5 Devices
Vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device tracked as (CVE-2024-54015). Mitigation strategies include updating firmware and implementing strong access controls.
Siemens RUGGEDCOM APE1808 Devices
The RUGGEDCOM APE1808 networking devices are vulnerable to DoS condition, machine-in-the middle attack (MITM), escalate privileges, execute unauthorized code, and access unauthorized systems and information.
The CVEs include CVE-2024-36504, CVE-2024-46665, CVE-2024-46666, CVE-2024-46668, CVE-2024-46669, CVE-2024-46670, CVE-2024-52963, CVE-2024-48884, CVE-2024-48885 and CVE-2024-54021.
Mitigations include applying vendor-provided patches and isolating these devices from untrusted networks.
Siemens Teamcenter
Siemens Teamcenter, a product lifecycle management software, contains a flaw tracked as CVE-2025-23363 Url Redirection to an untrusted site (‘open Redirect’). Users should apply the latest patches and enforce strict access controls.
Siemens OpenV2G
OpenV2G is vulnerable to buffer overflow vulnerability without checking size of input tracked as CVE-2025-24956. Updating software versions is recommended.
Siemens SCALANCE W700
This advisory details vulnerabilities in SCALANCE W700 wireless communication devices used in industrial environments. A few vulnerabilities include improper restriction of communication channels to intended endpoints, improper resource shutdown or Release, inadequate encryption strength, and race condition.
Siemens Questa and ModelSim
Questa and ModelSim simulation tools are affected by vulnerabilities tracked as CVE-2024-53977, Uncontrolled search path element causing elevation of privileges.
Siemens APOGEE PXC and TALON TC Series
Vulnerabilities include CVE-2024-54089, inadequate encryption strength, and out-of-bounds read, tagged as CVE-2024-54090. Applying vendor-recommended updates is critical for mitigation.
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
These monitoring tools for industrial PCs have vulnerability tracked as CVE-2025-23403, incorrect permission assignment for critical resource causing privilege escalation. Users are advised to apply patches immediately.
Siemens SIMATIC PCS neo and TIA Administrator
Vulnerabilities in these process control systems causes Insufficient session expiration tracked as CVE-2024-45386. Regular patching and secure deployment practices are essential.
Siemens Opcenter Intelligence
Opcenter Intelligence software is vulnerable to the following vulnerabilities:
- CVE-2022-22127- Improper authentication flaw
- CVE-2022-22128 – Improper limitation of pathname to restricted directory
- CVE-2023-46604- Deserialization of untrusted data
- CVE-2025-26490- insertion of sensitive information into log file
These vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to change passwords for users. Mitigation involves updating software and securing network communications.
ORing IAP-420
The ORing IAP-420 industrial routers have been found vulnerable to Cross-site Scripting, Command Injection tracked as CVE-2024-5410 and CVE-2024-5411.
Firmware updates are required for protection.
mySCADA myPRO Manager
This SCADA management software contains vulnerabilities including OS Command Injection CVE-2025-25067, Missing Authentication for Critical Function CVE-2025-24865, Cleartext Storage of Sensitive Information CVE-2025-22896 , Cross-Site Request Forgery (CSRF) CVE-2025-23411.
Users should update their software immediately and implement strong authentication measures.
Outback Power Mojave Inverter
Renewable energy systems using Mojave Inverters are at risk of being disrupted by attackers exploiting these vulnerabilities. Use of GET request method with sensitive Query Strings CVE-2025-26473, exposure of sensitive information to an unauthorized actor CVE-2025-25281, command injection CVE-2025-24861.
Dingtian DT-R0 Series
Dingtian DT-R0 series devices have been identified with authentication Bypass Using an Alternate Path or Channel tracked as CVE-2025-1283. Updating firmware is strongly advised.
Mitsubishi Electric FA Engineering Software Products
An updated advisory for Mitsubishi Electric’s engineering software addresses missing authentication for critical function CVE-2023-6942 and unsafe reflection CVE-2023-6943.
Qardio Heart Health iOS/Android App & QardioARM A100
Although primarily a medical IoT device, this advisory highlights risks such as exposure of private personal information to an unauthorized actor CVE-2025-20615, uncaught exception CVE-2025-24836 and files or directories accessible to external parties CVE-2025-23421.
CISA urges all users, administrators, and organizations relying on these ICS products to review the advisories thoroughly, apply vendor-recommended patches, and implement robust security measures such as network segmentation and strong authentication protocols to mitigate risks effectively.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
