CISA Issues Seven ICS Advisories Highlighting Critical Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released seven Industrial Control Systems (ICS) advisories on February 20, 2025, addressing critical vulnerabilities in products from ABB, Siemens, Mitsubishi Electric, and other industrial technology providers.

These advisories underscore escalating risks to operational technology (OT) environments, where flaws in safety controllers, human-machine interfaces (HMIs), and protocol analyzers could enable remote code execution, denial-of-service (DoS) attacks, and unauthorized access to critical infrastructure.

ABB ASPECT-Enterprise and FLXEON Controllers Exposed to Remote Exploitation

The ICSA-25-051-01 and ICSA-25-051-02 advisories detail vulnerabilities in ABB’s ASPECT-Enterprise, NEXUS, MATRIX, and FLXEON controller series.

The most severe flaw, CVE-2025-3101 (CVSS v4: 9.8), allows unauthenticated attackers to execute arbitrary code on ASPECT-Enterprise servers due to improper input validation in the data parsing module.

Similarly, FLXEON safety controllers (versions < 3.08.02) are susceptible to authentication bypass via CVE-2025-3120, enabling threat actors to manipulate safety-critical processes in manufacturing and energy sectors.

Siemens SiPass Integrated Access Control Vulnerabilities

Siemens’ SiPass Integrated system, used in physical access control, is flagged in ICSA-25-051-04 for cleartext credential storage (CVE-2025-3204) and insecure default configurations.

Attackers with network access could extract administrative credentials, potentially compromising facility security.

Siemens recommends upgrading to version 3.8.2 and enforcing TLS 1.3 for communications.

Mitsubishi Electric CNC Series Memory Corruption Flaws

ICSA-24-291-03 (Update A) highlights four memory corruption vulnerabilities in Mitsubishi Electric’s CNC Series, including a heap overflow (CVE-2024-39883) allowing remote code execution via malicious G-code files.

Affected versions (M800/M80 to E80 Series) require firmware updates to mitigate risks of production line sabotage.

Rapid Response Monitoring and Elseta Vulnerabilities

The ICSA-25-051-05 advisory identifies an improper authentication flaw in Rapid Response Monitoring’s My Security Account App (CVE-2025-3301), enabling attackers to disable alarms or spoof sensor data.

Meanwhile, Elseta’s Vinci Protocol Analyzer (ICSA-25-051-06) is vulnerable to buffer overflows (CVE-2025-3350) when parsing Modbus packets, risking OT network breaches.

Medixant RadiAnt DICOM Viewer Risks Patient Data

ICSMA-25-051-01 addresses a critical vulnerability in Medixant’s RadiAnt DICOM Viewer (CVE-2025-3405), where malformed medical imaging files could execute code on healthcare systems.
With a CVSS v4 score of 8.6, this flaw poses significant risks to patient data confidentiality and medical device integrity.

Mitigation Strategies and Industry Response

CISA urges organizations to apply vendor-provided patches immediately.

For systems requiring delayed updates, mitigations include network segmentation, disabling unnecessary services, and enforcing application allowlists.

ABB and Siemens have released firmware updates, while Mitsubishi Electric advises restricting G-code file sources to trusted providers.

These advisories highlight the persistent risks posed by memory corruption, authentication bypass, and insecure protocols in industrial environments.

As cyber-physical attacks escalate, proactive vulnerability management remains critical to safeguarding global infrastructure.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here