The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released seven Industrial Control Systems (ICS) advisories on February 20, 2025, addressing critical vulnerabilities in products from ABB, Siemens, Mitsubishi Electric, and other industrial technology providers.
These advisories underscore escalating risks to operational technology (OT) environments, where flaws in safety controllers, human-machine interfaces (HMIs), and protocol analyzers could enable remote code execution, denial-of-service (DoS) attacks, and unauthorized access to critical infrastructure.
The ICSA-25-051-01 and ICSA-25-051-02 advisories detail vulnerabilities in ABB’s ASPECT-Enterprise, NEXUS, MATRIX, and FLXEON controller series.
The most severe flaw, CVE-2025-3101 (CVSS v4: 9.8), allows unauthenticated attackers to execute arbitrary code on ASPECT-Enterprise servers due to improper input validation in the data parsing module.
Similarly, FLXEON safety controllers (versions < 3.08.02) are susceptible to authentication bypass via CVE-2025-3120, enabling threat actors to manipulate safety-critical processes in manufacturing and energy sectors.
Siemens’ SiPass Integrated system, used in physical access control, is flagged in ICSA-25-051-04 for cleartext credential storage (CVE-2025-3204) and insecure default configurations.
Attackers with network access could extract administrative credentials, potentially compromising facility security.
Siemens recommends upgrading to version 3.8.2 and enforcing TLS 1.3 for communications.
ICSA-24-291-03 (Update A) highlights four memory corruption vulnerabilities in Mitsubishi Electric’s CNC Series, including a heap overflow (CVE-2024-39883) allowing remote code execution via malicious G-code files.
Affected versions (M800/M80 to E80 Series) require firmware updates to mitigate risks of production line sabotage.
The ICSA-25-051-05 advisory identifies an improper authentication flaw in Rapid Response Monitoring’s My Security Account App (CVE-2025-3301), enabling attackers to disable alarms or spoof sensor data.
Meanwhile, Elseta’s Vinci Protocol Analyzer (ICSA-25-051-06) is vulnerable to buffer overflows (CVE-2025-3350) when parsing Modbus packets, risking OT network breaches.
ICSMA-25-051-01 addresses a critical vulnerability in Medixant’s RadiAnt DICOM Viewer (CVE-2025-3405), where malformed medical imaging files could execute code on healthcare systems.
With a CVSS v4 score of 8.6, this flaw poses significant risks to patient data confidentiality and medical device integrity.
CISA urges organizations to apply vendor-provided patches immediately.
For systems requiring delayed updates, mitigations include network segmentation, disabling unnecessary services, and enforcing application allowlists.
ABB and Siemens have released firmware updates, while Mitsubishi Electric advises restricting G-code file sources to trusted providers.
These advisories highlight the persistent risks posed by memory corruption, authentication bypass, and insecure protocols in industrial environments.
As cyber-physical attacks escalate, proactive vulnerability management remains critical to safeguarding global infrastructure.
Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here
In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow…
A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers…
Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack…
The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens, has…
A security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated…
Ubiquiti Networks has issued an urgent security advisory (Bulletin 046) warning of multiple critical vulnerabilities…