CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS

The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories on April 1, 2025, highlighting significant vulnerabilities in critical infrastructure components. 

These advisories, ICSA-25-091-01 and ICSA-24-331-04, address security flaws in Rockwell Automation and Hitachi Energy products respectively, providing essential information about vulnerabilities that could potentially compromise industrial operations if exploited.

Rockwell Automation Lifecycle Services Vulnerabilities

The ICSA-25-091-01 advisory addresses CVE-2025-23120, a critical deserialization vulnerability (CWE-502) in Rockwell Automation’s Lifecycle Services when integrated with Veeam Backup & Replication. 

This flaw rated CVSS v3.1 9.9 and CVSS v4.0 9.4, allows authenticated attackers with administrative privileges to execute remote code on Industrial Data Center (IDC) Generations 1–5 and VersaVirtual Appliance (VVA) Series A–C systems. 

Exploitation occurs via untrusted data deserialization in Veeam’s backup software, potentially enabling lateral movement across operational technology (OT) networks.

Affected Veeam versions include 12.3.0.310 and earlier, with patches available in version 12.3.1 or a hotfix for 12.3.0.310 deployments.

CISA emphasizes urgency due to the vulnerability’s critical manufacturing sector impact and recommends reviewing mitigation strategies in their ICS-TIP-12-146-01B technical document. As of April 2025, no active exploitation has been reported.

High-Severity Vulnerabilities in Hitachi Energy Systems

The ICSA-24-331-04 advisory targets multiple high-severity vulnerabilities in Hitachi Energy’s MicroSCADA Pro/X SYS600 products. 

The most critical vulnerability (CVE-2024-4872) received a CVSS v3 base score of 9.9, indicating the potential for severe impact if exploited. This flaw exists in the query validation functionality and could allow authenticated attackers to inject malicious code towards persistent data.

Additional vulnerabilities documented in the advisory include an improper limitation of pathname to a restricted directory (CVE-2024-3980), commonly known as path traversal vulnerability, along with authentication bypass (CVE-2024-3982), missing authentication for critical function (CVE-2024-7940), and URL redirection to untrusted sites (CVE-2024-7941).

The vulnerabilities affect various versions of the MicroSCADA Pro/X SYS600 product line, including versions 10.0 through 10.5 and some 9.4 versions with specific feature packs.

Hitachi Energy has issued specific mitigations, including:

• Upgrading affected systems to Version 10.6.
• Applying version-specific vulnerability patch 2025_01 for versions 10.3, 10.4, and 10.5.
• Implementing Patch 9.4 FP2 HF6 for MicroSCADA Pro SYS600.

Implications for Critical Infrastructure

These vulnerabilities have potential implications across multiple critical infrastructure sectors, including manufacturing, energy, water systems, and chemical facilities. 

The advisories represent part of CISA’s ongoing effort to address growing cyber threats targeting operational technologies that control essential industrial processes.

CISA strongly encourages users and administrators of affected systems to review the advisories immediately and implement recommended mitigations. Organizations are advised to:

• Minimize ICS exposure to external networks.
• Implement secure remote access methods.
• Update to patched software versions.
• Deploy defense-in-depth security measures.

Proper impact analysis and risk assessment should be conducted prior to deploying defensive measures. 

For comprehensive protection guidance, CISA provides additional resources through its ICS webpage, including detailed technical information papers and cybersecurity best practices documents.

No public exploitation targeting these specific vulnerabilities has been reported to CISA at this time, but organizations are urged to act promptly to secure their systems against potential threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free