The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released eight Industrial Control System (ICS) advisories on June 24, 2025, highlighting critical vulnerabilities across global industrial infrastructure.
These advisories target systems ranging from terminal operating systems to electric vehicle charging stations, with multiple vulnerabilities allowing remote code execution and data theft.
The coordinated disclosure impacts vendors, including Schneider Electric, Kaleris, and ControlID, with several flaws rated critical under CVSS v4 scoring.
Kaleris Navis N4 Terminal Operating System (ICSA-25-175-01) contains two critical flaws: CVE-2025-2566 (CVSS v4 9.3) enables remote code execution through unsafe Java deserialization, while CVE-2025-5087 (CVSS v4 6.0) allows credential theft via cleartext transmission.
Affected versions before 4.0 require immediate patching or network segmentation.
Schneider Electric Modicon Controllers (ICSA-25-175-03) face three unpatched vulnerabilities (CVE-2025-3905, CVE-2025-3116, CVE-2025-3117), with mitigations limited to firewall restrictions and VPN usage until a firmware update is released.
Schneider Electric’s discontinued EVLink WallBox (ICSA-25-175-04) carries three vulnerabilities (path traversal, XSS, OS command injection) rated CVSS v4 8.6, permitting full device takeover.
With no vendor patches available, CISA mandates firewall isolation and WPA3 encryption.
ControlID iDSecure On-Premises (ICSA-25-175-05) has a CVSS v4 9.3-rated improper authentication flaw enabling system compromise alongside SSRF and SQL injection risks.
No remediation timeline is provided.
Parsons AccuWeather Widget (ICSA-25-175-06) contains a cross-site scripting vulnerability (CVE-2025-5015, CVSS v4 8.7) allowing malicious RSS feed injection.
While cloud instances are patched, on-premise deployments require manual updates.
Mitsubishi Electric MELSEC-Q Series PLCs (ICSA-19-029-02) received Update B for legacy vulnerabilities, emphasizing the persistent threats to outdated industrial equipment.
CISA urges immediate review of all advisories, prioritizing network segmentation and credential hardening.
The agency notes no active exploitation but warns that unmitigated systems risk operational disruption and critical infrastructure compromise.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post CISA Releases ICS Advisories Addressing Current Vulnerabilities and Exploits appeared first on Cyber Security News.
In September, Donald Trump claimed that "the United States is getting a tremendous fee" for…
ABILENE, Texas (KTAB/KRBC) - Two men in Abilene, a father and son, were arrested Friday…
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
This website uses cookies.