CISA Releases Nine ICS Advisories Surrounding Vulnerabilities, and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has published nine Industrial Control Systems (ICS) advisories on August 28, 2025, detailing high- and medium-severity vulnerabilities across leading vendors’ products. 

The advisories highlight remote-exploitable flaws, privilege-escalation weaknesses, memory corruption bugs, and insecure configurations. 

CISA and vendors aim to empower operators with precise guidance to safeguard ICS environments against emerging cyber threats.

Key Takeaways
1. Nine ICS advisories detail critical flaws—from authentication bypass and credential leaks to buffer overflows and privilege escalations.
2. Apply vendor patches, isolate control networks with VPNs/firewalls.
3. Perform impact assessments, follow defense-in-depth (ICS-TIP) guidance.

Mitsubishi Electric MELSEC iQ-F Series Flaws

ICSA-25-240-01 and ICSA-25-240-02 underpin two distinct vulnerabilities in the MELSEC iQ-F Series CPU modules.

Missing Authentication for Critical Function (CVE-2025-7405) in ICSA-25-240-01 (CVSS v4 6.9, CWE-306) allows remote attackers to read/write device values or halt program execution without authentication.

Cleartext Transmission of Sensitive Information (CVE-2025-7731) in ICSA-25-240-02 (CVSS v4 8.7, CWE-319) exposes SLMP credentials over the network.

Affected models span FX5U, FX5UC, FX5UJ, and FX5S series, with firmware version thresholds specified. Vendors recommend LAN isolation, VPN enforcement, IP filtering, and physical access controls.

Schneider, Delta, GE Vernova Flaws

Schneider Electric’s Saitel DR/DP RTUs in ICSA-25-240-03 disclose Improper Privilege Management (CVE-2025-8453, CVSS v3 6.7), enabling authenticated engineers to escalate privileges via configuration file tampering. Patch HUe v11.06.30 addresses this.

Delta Electronics surfaces two advisories: CNCSoft-G2 Out-of-bounds Write (CVE-2025-47728, CVSS v4 8.5) in ICSA-25-240-04 allows arbitrary code execution through malformed DPAX files; update to v2.1.0.27 or later.

COMMGR Buffer Overflow & Code Injection (CVE-2025-53418 CVSS v4 8.8; CVE-2025-53419 CVSS v4 8.4) in ICSA-25-240-05 requires patching to v2.10.0.

GE Vernova’s CIMPLICITY HMI/SCADA suite (ICSA-25-240-06) suffers from an Uncontrolled Search Path Element (CVE-2025-7719, CVSS v4 7.0), permitting local privilege escalation; upgrade to 2024 SIM 4 is recommended.

Mitsubishi & Hitachi Energy Flaws

Multiple FA Engineering Software Products (ICSA-24-135-04, CVSS v4 4.4) detailing Privilege, Resource Consumption, and Out-of-bounds Write flaws across over 30 software utilities (CVE-2023-51776 through CVE-2024-26314). 

Users must apply Update D (latest versions listed) and follow defense-in-depth guidelines.

ICONICS Digital Solutions and MC Works64 (ICSA-25-140-04, CVSS v4 6.8) Execution with Unnecessary Privileges (CVE-2025-0921) in AlarmWorX64 Pager services; mitigations include disabling Classic OPC Point Manager and enforcing administrator-only logins.

Finally, Hitachi Energy’s Relion 670/650 and SAM600-IO Series (ICSA-25-184-01) expose an Improper Check for Unusual Conditions (CVE-2025-1718, CVSS v4 7.1), allowing FTP-authenticated users to trigger device reboots. 

Firmware versions 2.2.6.4 and 2.2.5.8 or later mitigate risk.

CISA emphasizes performing impact analyses, isolating control networks, employing VPNs and firewalls, and adhering to recommended ICS-TIP and defense-in-depth strategies. 

Organizations should report suspected exploitation attempts and apply vendor-provided patches without delay.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

The post CISA Releases Nine ICS Advisories Surrounding Vulnerabilities, and Exploits appeared first on Cyber Security News.