The Cybersecurity and Infrastructure Security Agency (CISA) released four significant Industrial Control Systems (ICS) advisories, drawing attention to potential security risks and vulnerabilities affecting various industrial control equipment.
These advisories underscore the imperative for prompt action to mitigate these threats, which are being actively exploited in the field.
ABB RMC-100 Vulnerability
- Vulnerability Overview:
- CVE-2022-24999: A Prototype Pollution vulnerability affects the web UI of ABB’s RMC-100 equipment when the REST interface is enabled. This flaw can cause a denial-of-service (DoS) if exploited by sending a specially crafted message, requiring a restart of the interface.
- Affected Versions: RMC-100 versions 2105457-036 to 2105457-044 and RMC-100 LITE versions 2106229-010 to 2106229-016.
- Risk Evaluation: Successful exploitation would only temporarily disrupt the system but could compromise service availability and constitute a significant security incident.
- Mitigation Measures:
- Update the REST interface to the latest version.
- Monitor the system for unusual activity.
- Implement additional access controls to limit unauthorized access.
Rockwell Automation Verve Asset Manager
- Vulnerability Overview:
- CVE-2025-1449: The Verve Asset Manager is vulnerable to improper input validation, allowing administrative users to execute arbitrary commands. This impacts versions 1.39 and prior.
- Risk Evaluation: An attacker could leverage this vulnerability to gain control over system functions, leading to unauthorized actions and data breaches.
- Mitigation Measures:
- Upgrade Verve Asset Manager beyond version 1.39.
- Limit access to administrative functions.
- Use robust input validation mechanisms.
Rockwell Automation 440G TLS-Z
- Vulnerability Overview:
- CVE-2020-27212: This device utilizes STMicroelectronics STM32L4 chips, which have a vulnerability allowing access control circumvention. An attacker can exploit this for local code execution and potentially take over the device.
- Affected Version: Version v6.001.
- Risk Evaluation: Successful exploitation could lead to full device control by malicious actors.
- Mitigation Measures:
- Update the firmware to the latest version.
- Implement robust physical and logical security controls.
- Regularly review device security configurations.
Inaba Denki Sangyo CHOCO TEI WATCHER Mini
- Vulnerability Overview:
- CVE-2025-24517, CVE-2025-24852, CVE-2025-25211, CVE-2025-26689:
- The product is vulnerable to client-side authentication, password storage in recoverable formats, weak password requirements, and forced browsing issues.
- All versions of the CHOCO TEI WATCHER mini (IB-MCT001) are affected.
- Risk Evaluation: An attacker could exploit these vulnerabilities to obtain login credentials, access, modify, or tamper with data and settings.
- CVE-2025-24517, CVE-2025-24852, CVE-2025-25211, CVE-2025-26689:
- Mitigation Measures:
- Implement server-side authentication mechanisms.
- Update password policies to ensure robustness.
- Securely store passwords using non-recoverable formats.
- Limit access to system settings.
CISA’s advisories highlight the critical need for vigilance and proactive security measures in industrial control systems, as these vulnerabilities have the potential to significantly disrupt operations and compromise data integrity.
.png
)
Enterprises are urged to review and apply the recommended mitigation strategies promptly to protect against ongoing exploitation attempts.
By addressing these vulnerabilities, organizations can safeguard their infrastructure and maintain operational continuity.
Additional Recommendations:
- Regularly update software and firmware to the latest versions.
- Conduct thorough vulnerability scans and risk assessments.
- Implement robust access controls, including multi-factor authentication.
- Train personnel on recognizing and responding to security incidents.
By staying informed and taking proactive steps, industries relying on these systems can effectively mitigate the risks posed by these vulnerabilities.
Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.
 advisories, drawing attention to potential security risks and vulnerabilities.){kind=link}