The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB.
These advisories, published on April 22, 2025, provide detailed information on security flaws, associated Common Vulnerabilities and Exposures (CVEs), and recommended mitigations for affected organizations.
This advisory identifies multiple SQL injection vulnerabilities in Siemens TeleControl Server Basic SQL, exposing systems to unauthorized database access and potential code execution.
The vulnerabilities are present in several internal methods, including CreateTrace CVE-2025-27495 (CVSS v3.1: 9.8), VerifyUser CVE-2025-27539 (CVSS v3.1: 9.8), UpdateConnectionVariables CVE-2025-30002 (CVSS v3.1: 8.8), ImportDatabase CVE-2025-30030 (CVSS v3.1: 8.8), and LockProject CVE-2025-32822 (CVSS v3.1: 8.8).
Each vulnerability allows attackers to bypass authorization controls and manipulate the application’s database.
A separate advisory for Siemens TeleControl Server Basic highlights a vulnerability CVE-2025-29931 (CVSS v3.1: 3.7) related to improper handling of length parameter inconsistency.
This flaw can result in a partial denial-of-service (DoS) condition if exploited in redundant server setups where the connection between servers is disrupted.
This advisory details an information exposure vulnerability CVE-2024-6407 (CVSS v3.1: 9.8) in the Wiser Home Controller WHC-5918A.
Exploitation could allow remote attackers to disclose sensitive credentials by sending specially crafted messages to the device.
ABB MV Drives are affected by a series of vulnerabilities in the CODESYS Runtime System, including improper restriction of operations within memory buffers, improper input validation, and out-of-bounds write conditions.
These vulnerabilities could allow attackers to gain full access or cause a denial-of-service.
This advisory, updated in April, addresses an incorrect calculation of buffer size vulnerability tracked as CVE-2024-11425 (CVSS v3.1: 7.5) in Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC devices. Exploitation could result in denial-of-service via crafted HTTPS packets.
These vulnerabilities could allow attackers to slip maliciously crafted packets through unpatched firmware, potentially disrupting critical automation processes in manufacturing, energy, and transportation sectors.
CISA emphasizes several key recommendations for organizations utilizing affected systems:
Organizations utilizing any of the affected components should prioritize security updates according to their risk assessment protocols and implement recommended mitigations without delay.
A new information-stealing malware dubbed "PupkinStealer" has been identified by cybersecurity researchers, targeting sensitive user…
The cybersecurity landscape in 2025 is defined by increasingly sophisticated malware threats, with attackers leveraging…
As artificial intelligence transforms industries and enhances human capabilities, the need for strong AI security…
Cryptocurrency exchanges are intensifying security measures in 2025 to focus on preventing phishing attacks, as…
As AI systems using adversarial machine learning integrate into critical infrastructure, healthcare, and autonomous technologies,…
NGINX monitoring tools ensure NGINX web servers' optimal performance and reliability. These tools provide comprehensive…