The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released eight Industrial Control System (ICS) advisories on June 24, 2025, highlighting critical vulnerabilities across global industrial infrastructure.
These advisories target systems ranging from terminal operating systems to electric vehicle charging stations, with multiple vulnerabilities allowing remote code execution and data theft.
The coordinated disclosure impacts vendors, including Schneider Electric, Kaleris, and ControlID, with several flaws rated critical under CVSS v4 scoring.
Kaleris Navis N4 Terminal Operating System (ICSA-25-175-01) contains two critical flaws: CVE-2025-2566 (CVSS v4 9.3) enables remote code execution through unsafe Java deserialization, while CVE-2025-5087 (CVSS v4 6.0) allows credential theft via cleartext transmission.
Affected versions before 4.0 require immediate patching or network segmentation.
Schneider Electric Modicon Controllers (ICSA-25-175-03) face three unpatched vulnerabilities (CVE-2025-3905, CVE-2025-3116, CVE-2025-3117), with mitigations limited to firewall restrictions and VPN usage until a firmware update is released.
Schneider Electric’s discontinued EVLink WallBox (ICSA-25-175-04) carries three vulnerabilities (path traversal, XSS, OS command injection) rated CVSS v4 8.6, permitting full device takeover.
With no vendor patches available, CISA mandates firewall isolation and WPA3 encryption.
ControlID iDSecure On-Premises (ICSA-25-175-05) has a CVSS v4 9.3-rated improper authentication flaw enabling system compromise alongside SSRF and SQL injection risks.
No remediation timeline is provided.
Parsons AccuWeather Widget (ICSA-25-175-06) contains a cross-site scripting vulnerability (CVE-2025-5015, CVSS v4 8.7) allowing malicious RSS feed injection.
While cloud instances are patched, on-premise deployments require manual updates.
Mitsubishi Electric MELSEC-Q Series PLCs (ICSA-19-029-02) received Update B for legacy vulnerabilities, emphasizing the persistent threats to outdated industrial equipment.
CISA urges immediate review of all advisories, prioritizing network segmentation and credential hardening.
The agency notes no active exploitation but warns that unmitigated systems risk operational disruption and critical infrastructure compromise.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post CISA Releases ICS Advisories Addressing Current Vulnerabilities and Exploits appeared first on Cyber Security News.
A new trailer for Dragon Ball Super: Beerus has arrived, teasing a look at not…
Bandai Namco has announced Dragon Ball Xenoverse 3 for PC via Steam, PlayStation 5, and…
ABILENE, Texas (KTAB/KRBC) – Abilene City Council Place 4 candidate Tammy Fogle is sharing her…
A new weekend has arrived, and today, you can save big on Apple AirTags, 4K…
Director Joe Russo has confirmed the upcoming Avengers: Endgame re-release will include new footage that…
Cooperative pirate survival game Windrose has reached 1 million copies sold less than a week…
This website uses cookies.