CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) issued seven Industrial Control Systems (ICS) advisories detailing critical vulnerabilities in widely used systems. 

These advisories highlight critical vulnerabilities in ICS products from major vendors such ABB, Carrier, Siemens and Mitsubishi Electric, providing technical details, potential risks, and recommended mitigations to safeguard critical infrastructure.

Overview of the Key Advisories

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series (ICSA-25-051-01)

The vulnerability, identified as CVE-2024-51547, involves the use of hard-coded credentials (CWE-798) embedded in the firmware as plain text. 

This flaw, with a CVSS v4 severity score of 9.3, could allow unauthorized access to the affected systems. ABB has recommended specific mitigations to reduce the risk of exploitation.

ABB FLXEON Controllers (ICSA-25-051-02)

The advisory  outlines multiple vulnerabilities in ABB FLXEON Controllers, including improper neutralization of special elements used in commands (CWE-77, CVE-2024-48841), missing origin validation in WebSockets (CWE-1385, CVE-2024-48849), and insertion of sensitive information into log files (CWE-532, CVE-2024-48852). 

These vulnerabilities collectively have a maximum CVSS v4 score of 10.0 and could enable remote code execution, unauthorized HTTPS requests, and sensitive data exposure. ABB urges users to update to firmware version 9.3.5 to address these issues.

Siemens SiPass Integrated (ICSA-25-051-04)

The advisory pertains to Siemens SiPass Integrated systems. A directory traversal vulnerability (CWE-22) in DotNetZip versions prior to v1.16.0 allows remote attackers to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component. 

This vulnerability, tracked as CVE-2024-48510, has a CVSS v4 score of 9.3. Siemens has released updates for SiPass Integrated and recommends users upgrade to versions V2.90.3.19 or V2.95.3.15 and later.

Rapid Response Monitoring My Security Account App (ICSA-25-051-05)

This highlights a vulnerability in Rapid Response Monitoring’s My Security Account App caused by an authorization bypass through a user-controlled key (CWE-639). 

This flaw, assigned CVE-2025-0352, allows attackers to manipulate API requests and access other users’ information with a CVSS v4 score of 8.7. The vendor has patched this issue on their end, requiring no user action.

Elseta Vinci Protocol Analyzer (ICSA-25-051-06)

The advisory addresses an OS command injection vulnerability (CWE-78) in Elseta Vinci Protocol Analyzer that could allow attackers to escalate privileges and execute arbitrary code on affected systems. 

This vulnerability, identified as CVE-2025-1265, has a CVSS v4 score of 9.4. Users are advised to update their systems to version 3.2.3.19 or later to mitigate the risk.

Mitsubishi Electric CNC Series (ICSA-24-291–03 Update A)

The advisory discusses a denial-of-service (DoS) vulnerability (CWE–1284) in Mitsubishi Electric CNC Series products that could be exploited by sending specially crafted packets to TCP port 683. 

This flaw, tracked as CVE–2024–7316, has a CVSS v4 score of 8.2 and could disrupt operations in numerical control systems (CNC). Mitsubishi Electric recommends applying updates to address this issue.

Medixant RadiAnt DICOM Viewer (ICSMA–25–051–01)

Lastly, the seventh advisory, focuses on Medixant RadiAnt DICOM Viewer’s improper certificate validation (CWE–295). 

This vulnerability (CVE–2025–1001) could allow attackers to alter network traffic and conduct machine-in-the-middle (MITM) attacks due to the failure of the update mechanism to verify server certificates properly. With a CVSS v4 score of 5.7, Medixant advises users to download version 2025.1 or later for enhanced security.

These advisories underscore the importance of timely updates and proactive measures in mitigating risks associated with ICS vulnerabilities. 

CISA encourages organizations using these products to review the technical details provided and implement recommended mitigations promptly to protect their systems from potential exploitation.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here