Monday, May 5, 2025
HomeCVE/vulnerabilityCISA Highlights Four ICS Flaws Being Actively Exploited

CISA Highlights Four ICS Flaws Being Actively Exploited

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) released four significant Industrial Control Systems (ICS) advisories, drawing attention to potential security risks and vulnerabilities affecting various industrial control equipment.

These advisories underscore the imperative for prompt action to mitigate these threats, which are being actively exploited in the field.

ABB RMC-100 Vulnerability

  1. Vulnerability Overview:
    • CVE-2022-24999: A Prototype Pollution vulnerability affects the web UI of ABB’s RMC-100 equipment when the REST interface is enabled. This flaw can cause a denial-of-service (DoS) if exploited by sending a specially crafted message, requiring a restart of the interface.
    • Affected Versions: RMC-100 versions 2105457-036 to 2105457-044 and RMC-100 LITE versions 2106229-010 to 2106229-016.
    • Risk Evaluation: Successful exploitation would only temporarily disrupt the system but could compromise service availability and constitute a significant security incident.
  2. Mitigation Measures:
    • Update the REST interface to the latest version.
    • Monitor the system for unusual activity.
    • Implement additional access controls to limit unauthorized access.

Rockwell Automation Verve Asset Manager

  1. Vulnerability Overview:
    • CVE-2025-1449: The Verve Asset Manager is vulnerable to improper input validation, allowing administrative users to execute arbitrary commands. This impacts versions 1.39 and prior.
    • Risk Evaluation: An attacker could leverage this vulnerability to gain control over system functions, leading to unauthorized actions and data breaches.
  2. Mitigation Measures:
    • Upgrade Verve Asset Manager beyond version 1.39.
    • Limit access to administrative functions.
    • Use robust input validation mechanisms.

Rockwell Automation 440G TLS-Z

  1. Vulnerability Overview:
    • CVE-2020-27212: This device utilizes STMicroelectronics STM32L4 chips, which have a vulnerability allowing access control circumvention. An attacker can exploit this for local code execution and potentially take over the device.
    • Affected Version: Version v6.001.
    • Risk Evaluation: Successful exploitation could lead to full device control by malicious actors.
  2. Mitigation Measures:
    • Update the firmware to the latest version.
    • Implement robust physical and logical security controls.
    • Regularly review device security configurations.

Inaba Denki Sangyo CHOCO TEI WATCHER Mini

  1. Vulnerability Overview:
    • CVE-2025-24517, CVE-2025-24852, CVE-2025-25211, CVE-2025-26689:
      • The product is vulnerable to client-side authentication, password storage in recoverable formats, weak password requirements, and forced browsing issues.
      • All versions of the CHOCO TEI WATCHER mini (IB-MCT001) are affected.
      • Risk Evaluation: An attacker could exploit these vulnerabilities to obtain login credentials, access, modify, or tamper with data and settings.
  2. Mitigation Measures:
    • Implement server-side authentication mechanisms.
    • Update password policies to ensure robustness.
    • Securely store passwords using non-recoverable formats.
    • Limit access to system settings.

CISA’s advisories highlight the critical need for vigilance and proactive security measures in industrial control systems, as these vulnerabilities have the potential to significantly disrupt operations and compromise data integrity.

- Advertisement - Google News

Enterprises are urged to review and apply the recommended mitigation strategies promptly to protect against ongoing exploitation attempts.

By addressing these vulnerabilities, organizations can safeguard their infrastructure and maintain operational continuity.

Additional Recommendations:

  • Regularly update software and firmware to the latest versions.
  • Conduct thorough vulnerability scans and risk assessments.
  • Implement robust access controls, including multi-factor authentication.
  • Train personnel on recognizing and responding to security incidents.

By staying informed and taking proactive steps, industries relying on these systems can effectively mitigate the risks posed by these vulnerabilities.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...