CISA Issues Five Advisories on Industrial Control System Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories related to vulnerabilities and exploits affecting Industrial Control Systems (ICS).

These advisories highlight significant security issues across various industrial equipment and software, underscoring users’ and administrators’ need for immediate attention and mitigation.

Overview of the Advisories

CISA’s release of these advisories emphasizes the pressing need for vigilance in the industrial control systems sector.

ICS vulnerabilities can have significant consequences, potentially disrupting critical infrastructure operations and exposing sensitive data.

Given the low attack complexity for many of these vulnerabilities, prompt action is essential to prevent exploitation.

Schneider Electric EcoStruxure

1. Alert Code: ICSA-25-079-01
2. Vulnerability: Improper Privilege Management (CVE-2025-0327)
3. CVSS v4 Score: 8.5
4. Risk Evaluation: Successful exploitation can lead to local privilege escalation, potentially causing loss of confidentiality, integrity, and availability of the engineering workstation.
5. Affected Products: EcoStruxure Process Expert versions 2020R2, 2021 & 2023 (prior to v4.8.0.5715) and EcoStruxure Process Expert for AVEVA System Platform versions 2020R2, 2021 & 2023.

Schneider Electric Enerlin’X IFE and eIFE

1. Alert Code: ICSA-25-079-02
2. Vulnerabilities: Improper Input Validation (CVE-2025-0816, CVE-2025-0815, CVE-2025-0814)
3. CVSS v4 Scores: 7.1 (for CVE-2025-0816 & CVE-2025-0815), 6.9 (for CVE-2025-0814)
4. Risk Evaluation: Exploitation could cause a denial-of-service condition requiring manual reboot.
5. Affected Products: All versions of Enerlin’X IFE interface and Enerlin’X eIFE.

Siemens Simcenter Femap Vulnerability

• Alert Code: ICSA-25-079-03
  • Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-25175)
  • CVSS v4 Score: 7.3
  • Risk Evaluation: Exploitation may allow code execution within the current process.
  • Affected Products: Simcenter Femap V2401 (versions prior to V2401.0003) and Simcenter Femap V2406 (versions prior to V2406.0002).
  • Note: For the latest updates, refer to Siemens’ ProductCERT Security Advisories.

SMA Sunny Portal Vulnerability

• Alert Code: ICSA-25-079-04
  • Vulnerability: Unrestricted Upload of File with Dangerous Type (CVE-2025-0731)
  • CVSS v4 Score: 6.9
  • Risk Evaluation: Exploitation could enable remote code execution.
  • Affected Products: SMA Sunny Portal versions before December 19, 2024.

Santesoft Sante DICOM Viewer Pro Vulnerability

• Alert Code: ICSMA-25-079-01
  • Vulnerability: Out-of-Bounds Write (CVE-2025-2480)
  • CVSS v4 Score: 8.4
  • Risk Evaluation: Exploitation could lead to memory corruption and execution of arbitrary code.
  • Affected Products: Sante DICOM Viewer Pro versions 14.1.2 and prior.

These advisories underscore the critical need for security measures in the ICS sector. To mitigate risks, organizations should:

• Review each advisory for specific technical details and recommended mitigations.
• Update affected systems to the latest secure versions.
• Implement robust security measures, such as access controls, network segmentation, and regular software updates.
• Regularly monitor systems for signs of unauthorized activity.

Organizations can safeguard their operations and protect against emerging threats by prioritizing these vulnerabilities and implementing effective mitigation strategies.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free