CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five urgent Industrial Control Systems (ICS) advisories on May 29, 2025, addressing critical vulnerabilities across widely deployed industrial automation and infrastructure systems. 

These advisories highlight severe security flaws affecting Siemens access control systems, fire safety panels, environmental monitoring devices, and medical imaging software that could potentially disrupt critical operations and endanger public safety.

Widespread ICS Vulnerabilities Across Various Sectors

The five advisories encompass a diverse range of industrial control systems used across critical infrastructure sectors. ICSA-25-148-01 targets the Siemens SiPass electronic access control system.

The Siemens SiPass system suffers from CVE-2022-31807, an improper verification of cryptographic signature vulnerability with a CVSS v4 score of 8.2, enabling potential firmware manipulation attacks. 

The ICSA-25-148-02 addresses vulnerabilities in the more advanced SiPass Integrated platform. 

The SiPass Integrated platform contains CVE-2022-31812, an out-of-bounds read vulnerability scoring 8.7 on CVSS v4, which could allow unauthenticated remote denial-of-service attacks.

The ICSA-25-148-03 advisory focuses on the Consilium Safety CS5000 Fire Panel used in marine and industrial safety applications.

The vulnerabilities, including CVE-2025-41438 (initialization with insecure defaults) and CVE-2025-46352 (hard-coded credentials), both scoring 9.3 on CVSS v4. 

These flaws involve default accounts and unchangeable hard-coded passwords that could enable complete remote system compromise. 

ICSA-25-148-04 covers the Instantel Micromate environmental monitoring device deployed in construction, mining, and oil & gas sectors. 

The Instantel Micromate faces CVE-2025-1907, a missing authentication vulnerability also scoring 9.3, allowing unauthenticated command execution. 

Additionally, ICSMA-25-148-01 represents a medical advisory for the Santesoft Sante DICOM Viewer Pro software used in healthcare imaging.

This contains memory corruption vulnerability CVE-2025-5307,  enabling arbitrary code execution, particularly dangerous given the life-critical nature of medical environments.

Risk Mitigation

CISA emphasizes the critical importance of implementing vendor-recommended mitigations immediately. 

Siemens has provided patches for both SiPass systems, with specific recommendations to enable TLS communication and follow operational security guidelines. 

However, the Consilium Safety CS5000 Fire Panel presents unique challenges as no fixes are planned for current versions, with the vendor recommending upgrades to newer products manufactured after July 1, 2024.

For the Instantel Micromate, users should establish approved IP address lists while awaiting firmware updates. 

The medical sector faces particular urgency with the Santesoft DICOM Viewer, where version upgrades to v14.2.2 are essential to prevent potential patient data exposure and diagnostic system disruption.

CISA recommends comprehensive defensive measures, including network segmentation, firewall protection, VPN implementation for remote access, and continuous monitoring. 

Organizations must perform thorough impact assessments before deploying mitigations and maintain updated asset inventories to ensure complete vulnerability coverage. 

The advisory release underscores the evolving cybersecurity challenges facing critical infrastructure as digital transformation accelerates across industrial sectors.

Celebrate 9 years of ANY.RUN! Unlock the full power of TI Lookup plan (100/300/600/1,000+ search requests), and your request quota will double.

The post CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits appeared first on Cyber Security News.