Tuesday, May 6, 2025
HomeCVE/vulnerabilityCISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities

CISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products.

These advisories, published on April 15, 2025, urge immediate action from operators and administrators overseeing critical infrastructure. Below are the key highlights from each advisory:

Nine Industrial Control Systems Advisories

1.Siemens Mendix Runtime (CVE-2025-30280): 

- Advertisement - Google News

The first advisory concerns Siemens Mendix Runtime, which suffers from an observable response discrepancy (CWE-204) vulnerability.

This flaw, assigned CVE-2025-30280 and a CVSS v4 score of 6.9, allows unauthenticated remote attackers to enumerate valid entities and attribute names in Mendix Runtime-based applications.

All versions of Mendix Runtime V8, V9, and specific V10 versions are affected, and users are urged to apply any available updates.

2. Siemens Industrial Edge Device Kit (CVE-2024-54092): 

The second advisory highlights a critical weak authentication issue (CWE-1390) in Siemens Industrial Edge Device Kit.

 Identified as CVE-2024-54092, and scoring 9.3 on the CVSS v4 scale, this vulnerability enables unauthenticated remote actors to impersonate legitimate users if identity federation is in use.

Multiple arm64 and x86-64 versions are vulnerable; organizations should verify and update to secure versions as soon as possible.

3. Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX (CVE-2024-23814): 

The third advisory describes an uncontrolled resource consumption flaw (CWE-400) that can be exploited by sending crafted ICMP messages to Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, and SIWAREX devices.

This issue, tracked as CVE-2024-23814 with a CVSS v4 score of 6.9, could lead to denial-of-service conditions until affected devices are reset.

4. Growatt Cloud Applications (CVE-2025-30511, CVE-2025-31933, CVE-2025-31949, CVE-2025-31357): 

The fourth advisory covers multiple vulnerabilities in Growatt Cloud Applications, including a stored cross-site scripting flaw (CVE-2025-30511) and several authorization bypass issues (CVE-2025-31933, CVE-2025-31949, CVE-2025-31357).

Potential consequences include code execution and unauthorized disclosure of user and plant data, with CVSS v4 scores ranging from 6.9 to 8.7. All users running versions 3.6.0 and prior of the Growatt cloud portal are strongly encouraged to update.

5. Lantronix Xport (CVE-2025-2567): T

he fifth advisory warns about a critical missing authentication for a critical function (CWE-306) in Lantronix Xport, identified as CVE-2025-2567 with a CVSS v4 score of 9.3.

Exploitation could result in unauthorized modification of device configuration, disrupting monitoring and operational continuity in environments such as fuel storage and supply chains.

6. National Instruments LabVIEW (CVE-2025-2631, CVE-2025-2632): 

The sixth advisory details two out-of-bounds write vulnerabilities (CWE-787) in National Instruments LabVIEW, referenced as CVE-2025-2631 and CVE-2025-2632, with CVSS v4 scores of 7.1 each.

Attackers exploiting these flaws could execute arbitrary code on affected systems or cause memory corruption. All versions up to LabVIEW 2025 Q1 are susceptible.

7. Delta Electronics COMMGR (CVE-2025-3495): 

The seventh advisory addresses a serious flaw in Delta Electronics COMMGR, where use of a cryptographically weak pseudo-random number generator (CWE-338) makes it possible for attackers to brute-force session IDs.

Known as CVE-2025-3495 with a CVSS v4 score of 9.3, this issue makes remote code execution plausible, so immediate software updates are recommended.

8. ABB M2M Gateway (CVE-2022-23521, CVE-2022-41903, CVE-2023-25690): 

The eighth advisory highlights multiple vulnerabilities—such as integer overflows (CWE-190), classic buffer overflows, and HTTP request smuggling (CWE-444)—affecting ABB M2M Gateway.

These could allow attackers to execute arbitrary code, make devices inaccessible, or take remote control.

These flaws are tracked under CVE-2022-23521, CVE-2022-41903, and CVE-2023-25690, with a highest CVSS v4 score of 8.8 across versions 4.1.2 to 5.0.3 of ARM600 and 5.0.1 to 5.0.3 of M2M Gateway SW.

9. Mitsubishi Electric Europe B.V. smartRTU (CVE-2025-3232, CVE-2025-3128): 

The ninth advisory concerns Mitsubishi Electric Europe B.V. smartRTU, which is vulnerable to missing authentication for critical functions (CWE-306) and OS command injection (CWE-78).

Tracked as CVE-2025-3232 and CVE-2025-3128, these issues have CVSS v4 scores of up to 9.3 and could allow remote attackers to execute arbitrary OS commands, disclose data, or cause denial-of-service. Versions 3.37 and prior are affected.

These advisories underscore the ongoing and serious threats to ICS environments.

CISA urges organizations to review all advisories, apply available patches and mitigations immediately, and follow best security practices to ensure the integrity and availability of critical infrastructure systems.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users

Hackers are leveraging a sophisticated social engineering technique dubbed "ClickFix" to trick Windows users...

New ClickFix Attack Imitates Ministry of Defence Website to Target Windows & Linux Systems

A newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India's Ministry...

Threat Actor Evades SentinelOne EDR to Deploy Babuk Ransomware

Aon’s Stroz Friedberg Incident Response Services has uncovered a method used by a threat...

Samsung MagicINFO 9 Server Vulnerability Actively Exploited in the Wild

A critical security vulnerability in the Samsung MagicINFO 9 Server has come under active...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users

Hackers are leveraging a sophisticated social engineering technique dubbed "ClickFix" to trick Windows users...

New ClickFix Attack Imitates Ministry of Defence Website to Target Windows & Linux Systems

A newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India's Ministry...

Threat Actor Evades SentinelOne EDR to Deploy Babuk Ransomware

Aon’s Stroz Friedberg Incident Response Services has uncovered a method used by a threat...