Cyber Security News

CISA Highlights Four ICS Flaws Being Actively Exploited

CISA Highlights Four ICS Flaws Being Actively ExploitedCISA Highlights Four ICS Flaws Being Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) released four significant Industrial Control Systems (ICS) advisories, drawing attention to potential security risks and vulnerabilities affecting various industrial control equipment.

These advisories underscore the imperative for prompt action to mitigate these threats, which are being actively exploited in the field.

ABB RMC-100 Vulnerability

  1. Vulnerability Overview:
    • CVE-2022-24999: A Prototype Pollution vulnerability affects the web UI of ABB’s RMC-100 equipment when the REST interface is enabled. This flaw can cause a denial-of-service (DoS) if exploited by sending a specially crafted message, requiring a restart of the interface.
    • Affected Versions: RMC-100 versions 2105457-036 to 2105457-044 and RMC-100 LITE versions 2106229-010 to 2106229-016.
    • Risk Evaluation: Successful exploitation would only temporarily disrupt the system but could compromise service availability and constitute a significant security incident.
  2. Mitigation Measures:
    • Update the REST interface to the latest version.
    • Monitor the system for unusual activity.
    • Implement additional access controls to limit unauthorized access.

Rockwell Automation Verve Asset Manager

  1. Vulnerability Overview:
    • CVE-2025-1449: The Verve Asset Manager is vulnerable to improper input validation, allowing administrative users to execute arbitrary commands. This impacts versions 1.39 and prior.
    • Risk Evaluation: An attacker could leverage this vulnerability to gain control over system functions, leading to unauthorized actions and data breaches.
  2. Mitigation Measures:
    • Upgrade Verve Asset Manager beyond version 1.39.
    • Limit access to administrative functions.
    • Use robust input validation mechanisms.

Rockwell Automation 440G TLS-Z

  1. Vulnerability Overview:
    • CVE-2020-27212: This device utilizes STMicroelectronics STM32L4 chips, which have a vulnerability allowing access control circumvention. An attacker can exploit this for local code execution and potentially take over the device.
    • Affected Version: Version v6.001.
    • Risk Evaluation: Successful exploitation could lead to full device control by malicious actors.
  2. Mitigation Measures:
    • Update the firmware to the latest version.
    • Implement robust physical and logical security controls.
    • Regularly review device security configurations.

Inaba Denki Sangyo CHOCO TEI WATCHER Mini

  1. Vulnerability Overview:
    • CVE-2025-24517, CVE-2025-24852, CVE-2025-25211, CVE-2025-26689:
      • The product is vulnerable to client-side authentication, password storage in recoverable formats, weak password requirements, and forced browsing issues.
      • All versions of the CHOCO TEI WATCHER mini (IB-MCT001) are affected.
      • Risk Evaluation: An attacker could exploit these vulnerabilities to obtain login credentials, access, modify, or tamper with data and settings.
  2. Mitigation Measures:
    • Implement server-side authentication mechanisms.
    • Update password policies to ensure robustness.
    • Securely store passwords using non-recoverable formats.
    • Limit access to system settings.

CISA’s advisories highlight the critical need for vigilance and proactive security measures in industrial control systems, as these vulnerabilities have the potential to significantly disrupt operations and compromise data integrity.

Enterprises are urged to review and apply the recommended mitigation strategies promptly to protect against ongoing exploitation attempts.

By addressing these vulnerabilities, organizations can safeguard their infrastructure and maintain operational continuity.

Additional Recommendations:

  • Regularly update software and firmware to the latest versions.
  • Conduct thorough vulnerability scans and risk assessments.
  • Implement robust access controls, including multi-factor authentication.
  • Train personnel on recognizing and responding to security incidents.

By staying informed and taking proactive steps, industries relying on these systems can effectively mitigate the risks posed by these vulnerabilities.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Leave a Comment
Share
Published by
Divya
Tags: cyber securityCyber Security NewsVulnerability
4 days ago

Recent Posts

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting…

39 minutes ago

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial institutions…

44 minutes ago

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats…

22 hours ago

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages DNS…

1 day ago

New Python-Based Discord RAT Targets Users to Steal Login Credentials

A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due…

1 day ago

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in a…

1 day ago