The Cybersecurity and Infrastructure Security Agency (CISA) has released nine Industrial Control Systems (ICS) advisories on April 15, 2025, addressing significant security vulnerabilities in products from major industrial manufacturers including Siemens, Delta Electronics, ABB, and Mitsubishi Electric.
These advisories, identified as ICSA-25-105-01 through ICSA-25-105-09, are aimed at helping organizations understand and mitigate risks associated with these flaws.
CVE VulnerabilitiesEach advisory includes specific Common Vulnerabilities and Exposures (CVE) identifiers, providing technical details crucial for system administrators and cybersecurity professionals.
.png
)
ICSA-25-105-01 Siemens Mendix Runtime
The advisory covers the Siemens Mendix Runtime and highlights CVE-2025-30280, a vulnerability that could allow unauthenticated, remote attackers to enumerate all valid entities and attribute names due to distinguishable responses in certain client actions.
This flaw could lead to unauthorized disclosure of sensitive application structure information.
ICSA-25-105-02 Siemens Industrial Edge Device Kit
The advisory addresses the Siemens Industrial Edge Device Kit, which is affected by CVE-2024-54092.
When identity federation is implemented, impacted devices fail to appropriately enforce user authentication on particular API calls. This might make it easier for an unauthenticated remote attacker to pose as a genuine user to circumvent authentication.
ICSA-25-105-03 Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
In ICSA-25-105-03, Siemens products including SIMOCODE, SIMATIC, SIPLUS, SIDOOR, and SIWAREX are impacted by CVE-2024-23814.
When receiving carefully crafted messages aimed at IP fragment re-assembly, the afflicted devices’ network stack’s integrated ICMP service may be forced to exhaust its available memory. This could allow an unauthenticated remote attacker to cause a brief denial of service for the ICMP service.
ICSA-25-105-04 Growatt Cloud Applications
The advisory highlights multiple vulnerabilities in Growatt Cloud Applications such as cross-site scripting, Authorization bypass through user-controlled key, insufficient type distinction, external control of system or configuration setting.
Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices.
ICSA-25-105-05 Lantronix Xport
The advisory includes missing authentication for critical function CVE-2025-2567, that could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations.
ICSA-25-105-06 National Instruments LabVIEW
The National Instruments LabVIEW Out-of-bounds Write vulnerabilities CVE-2025-2631 and CVE-2025-2632.
The vulnerabilities lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory writes.
ICSA-25-105-07 Delta Electronics COMMGR
CVE-2025-3495 affecting Delta Electronics COMMGR software, which received a CVSS v4 score of 9.3. This critical flaw involves the use of a cryptographically weak pseudo-random number generator (PRNG).
The software uses insufficiently randomized values to generate session IDs. An attacker could easily brute force a session ID and load and execute arbitrary code.
ICSA-25-105-08 ABB M2M Gateway
The advisory discusses the multiple ABB M2M Gateway vulnerabilities including Integer Overflow, Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write and much more.
Successful exploitation of these vulnerabilities could allow an attacker to stop the product, make it inaccessible, take remote control of it, or insert and run arbitrary code.
ICSA-25-105-09 Mitsubishi Electric Europe B.V. smartRTU
Finally, ICSA-25-105-09 covers the Mitsubishi Electric Europe B.V. smartRTU, affected by Missing Authentication for Critical Function CVE-2025-3232 and OS Command Injection CVE-2025-3128.
The flaws might make it possible for an unauthenticated remote attacker to disclose, tamper with, destroy or delete data in the product or trigger a denial-of-service attack.
Industrial control systems vulnerabilities pose significant risks to critical infrastructure sectors, including energy, manufacturing, and healthcare.
CISA strongly urges all organizations using these products to review the advisories in detail, apply vendor-recommended patches or mitigations, and implement robust network security practices.
By addressing these CVEs promptly, organizations can significantly reduce the risk of exploitation and protect the operational integrity of their industrial control systems.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
