Cyber Security News

CISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products.

These advisories, published on April 15, 2025, urge immediate action from operators and administrators overseeing critical infrastructure. Below are the key highlights from each advisory:

Nine Industrial Control Systems Advisories

1.Siemens Mendix Runtime (CVE-2025-30280): 

The first advisory concerns Siemens Mendix Runtime, which suffers from an observable response discrepancy (CWE-204) vulnerability.

This flaw, assigned CVE-2025-30280 and a CVSS v4 score of 6.9, allows unauthenticated remote attackers to enumerate valid entities and attribute names in Mendix Runtime-based applications.

All versions of Mendix Runtime V8, V9, and specific V10 versions are affected, and users are urged to apply any available updates.

2. Siemens Industrial Edge Device Kit (CVE-2024-54092): 

The second advisory highlights a critical weak authentication issue (CWE-1390) in Siemens Industrial Edge Device Kit.

 Identified as CVE-2024-54092, and scoring 9.3 on the CVSS v4 scale, this vulnerability enables unauthenticated remote actors to impersonate legitimate users if identity federation is in use.

Multiple arm64 and x86-64 versions are vulnerable; organizations should verify and update to secure versions as soon as possible.

3. Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX (CVE-2024-23814): 

The third advisory describes an uncontrolled resource consumption flaw (CWE-400) that can be exploited by sending crafted ICMP messages to Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, and SIWAREX devices.

This issue, tracked as CVE-2024-23814 with a CVSS v4 score of 6.9, could lead to denial-of-service conditions until affected devices are reset.

4. Growatt Cloud Applications (CVE-2025-30511, CVE-2025-31933, CVE-2025-31949, CVE-2025-31357): 

The fourth advisory covers multiple vulnerabilities in Growatt Cloud Applications, including a stored cross-site scripting flaw (CVE-2025-30511) and several authorization bypass issues (CVE-2025-31933, CVE-2025-31949, CVE-2025-31357).

Potential consequences include code execution and unauthorized disclosure of user and plant data, with CVSS v4 scores ranging from 6.9 to 8.7. All users running versions 3.6.0 and prior of the Growatt cloud portal are strongly encouraged to update.

5. Lantronix Xport (CVE-2025-2567): T

he fifth advisory warns about a critical missing authentication for a critical function (CWE-306) in Lantronix Xport, identified as CVE-2025-2567 with a CVSS v4 score of 9.3.

Exploitation could result in unauthorized modification of device configuration, disrupting monitoring and operational continuity in environments such as fuel storage and supply chains.

6. National Instruments LabVIEW (CVE-2025-2631, CVE-2025-2632): 

The sixth advisory details two out-of-bounds write vulnerabilities (CWE-787) in National Instruments LabVIEW, referenced as CVE-2025-2631 and CVE-2025-2632, with CVSS v4 scores of 7.1 each.

Attackers exploiting these flaws could execute arbitrary code on affected systems or cause memory corruption. All versions up to LabVIEW 2025 Q1 are susceptible.

7. Delta Electronics COMMGR (CVE-2025-3495): 

The seventh advisory addresses a serious flaw in Delta Electronics COMMGR, where use of a cryptographically weak pseudo-random number generator (CWE-338) makes it possible for attackers to brute-force session IDs.

Known as CVE-2025-3495 with a CVSS v4 score of 9.3, this issue makes remote code execution plausible, so immediate software updates are recommended.

8. ABB M2M Gateway (CVE-2022-23521, CVE-2022-41903, CVE-2023-25690): 

The eighth advisory highlights multiple vulnerabilities—such as integer overflows (CWE-190), classic buffer overflows, and HTTP request smuggling (CWE-444)—affecting ABB M2M Gateway.

These could allow attackers to execute arbitrary code, make devices inaccessible, or take remote control.

These flaws are tracked under CVE-2022-23521, CVE-2022-41903, and CVE-2023-25690, with a highest CVSS v4 score of 8.8 across versions 4.1.2 to 5.0.3 of ARM600 and 5.0.1 to 5.0.3 of M2M Gateway SW.

9. Mitsubishi Electric Europe B.V. smartRTU (CVE-2025-3232, CVE-2025-3128): 

The ninth advisory concerns Mitsubishi Electric Europe B.V. smartRTU, which is vulnerable to missing authentication for critical functions (CWE-306) and OS command injection (CWE-78).

Tracked as CVE-2025-3232 and CVE-2025-3128, these issues have CVSS v4 scores of up to 9.3 and could allow remote attackers to execute arbitrary OS commands, disclose data, or cause denial-of-service. Versions 3.37 and prior are affected.

These advisories underscore the ongoing and serious threats to ICS environments.

CISA urges organizations to review all advisories, apply available patches and mitigations immediately, and follow best security practices to ensure the integrity and availability of critical infrastructure systems.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

23 hours ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

23 hours ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

23 hours ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

23 hours ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

1 day ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

1 day ago