CISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products.

These advisories, published on April 15, 2025, urge immediate action from operators and administrators overseeing critical infrastructure. Below are the key highlights from each advisory:

Nine Industrial Control Systems Advisories

1.Siemens Mendix Runtime (CVE-2025-30280): 

The first advisory concerns Siemens Mendix Runtime, which suffers from an observable response discrepancy (CWE-204) vulnerability.

This flaw, assigned CVE-2025-30280 and a CVSS v4 score of 6.9, allows unauthenticated remote attackers to enumerate valid entities and attribute names in Mendix Runtime-based applications.

All versions of Mendix Runtime V8, V9, and specific V10 versions are affected, and users are urged to apply any available updates.

2. Siemens Industrial Edge Device Kit (CVE-2024-54092): 

The second advisory highlights a critical weak authentication issue (CWE-1390) in Siemens Industrial Edge Device Kit.

 Identified as CVE-2024-54092, and scoring 9.3 on the CVSS v4 scale, this vulnerability enables unauthenticated remote actors to impersonate legitimate users if identity federation is in use.

Multiple arm64 and x86-64 versions are vulnerable; organizations should verify and update to secure versions as soon as possible.

3. Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX (CVE-2024-23814): 

The third advisory describes an uncontrolled resource consumption flaw (CWE-400) that can be exploited by sending crafted ICMP messages to Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, and SIWAREX devices.

This issue, tracked as CVE-2024-23814 with a CVSS v4 score of 6.9, could lead to denial-of-service conditions until affected devices are reset.

4. Growatt Cloud Applications (CVE-2025-30511, CVE-2025-31933, CVE-2025-31949, CVE-2025-31357): 

The fourth advisory covers multiple vulnerabilities in Growatt Cloud Applications, including a stored cross-site scripting flaw (CVE-2025-30511) and several authorization bypass issues (CVE-2025-31933, CVE-2025-31949, CVE-2025-31357).

Potential consequences include code execution and unauthorized disclosure of user and plant data, with CVSS v4 scores ranging from 6.9 to 8.7. All users running versions 3.6.0 and prior of the Growatt cloud portal are strongly encouraged to update.

5. Lantronix Xport (CVE-2025-2567): T

he fifth advisory warns about a critical missing authentication for a critical function (CWE-306) in Lantronix Xport, identified as CVE-2025-2567 with a CVSS v4 score of 9.3.

Exploitation could result in unauthorized modification of device configuration, disrupting monitoring and operational continuity in environments such as fuel storage and supply chains.

6. National Instruments LabVIEW (CVE-2025-2631, CVE-2025-2632): 

The sixth advisory details two out-of-bounds write vulnerabilities (CWE-787) in National Instruments LabVIEW, referenced as CVE-2025-2631 and CVE-2025-2632, with CVSS v4 scores of 7.1 each.

Attackers exploiting these flaws could execute arbitrary code on affected systems or cause memory corruption. All versions up to LabVIEW 2025 Q1 are susceptible.

7. Delta Electronics COMMGR (CVE-2025-3495): 

The seventh advisory addresses a serious flaw in Delta Electronics COMMGR, where use of a cryptographically weak pseudo-random number generator (CWE-338) makes it possible for attackers to brute-force session IDs.

Known as CVE-2025-3495 with a CVSS v4 score of 9.3, this issue makes remote code execution plausible, so immediate software updates are recommended.

8. ABB M2M Gateway (CVE-2022-23521, CVE-2022-41903, CVE-2023-25690): 

The eighth advisory highlights multiple vulnerabilities—such as integer overflows (CWE-190), classic buffer overflows, and HTTP request smuggling (CWE-444)—affecting ABB M2M Gateway.

These could allow attackers to execute arbitrary code, make devices inaccessible, or take remote control.

These flaws are tracked under CVE-2022-23521, CVE-2022-41903, and CVE-2023-25690, with a highest CVSS v4 score of 8.8 across versions 4.1.2 to 5.0.3 of ARM600 and 5.0.1 to 5.0.3 of M2M Gateway SW.

9. Mitsubishi Electric Europe B.V. smartRTU (CVE-2025-3232, CVE-2025-3128): 

The ninth advisory concerns Mitsubishi Electric Europe B.V. smartRTU, which is vulnerable to missing authentication for critical functions (CWE-306) and OS command injection (CWE-78).

Tracked as CVE-2025-3232 and CVE-2025-3128, these issues have CVSS v4 scores of up to 9.3 and could allow remote attackers to execute arbitrary OS commands, disclose data, or cause denial-of-service. Versions 3.37 and prior are affected.

These advisories underscore the ongoing and serious threats to ICS environments.

CISA urges organizations to review all advisories, apply available patches and mitigations immediately, and follow best security practices to ensure the integrity and availability of critical infrastructure systems.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!