CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities found in widely used Industrial Control Systems (ICS).

Released on May 1, 2025, the advisories spotlight severe security risks affecting KUNBUS GmbH’s Revolution Pi devices and the MicroDicom DICOM Viewer, with some vulnerabilities scoring the highest possible rating for risk and exploitability.

1. KUNBUS Revolution Pi: Multiple Critical Flaws

KUNBUS GmbH’s Revolution Pi, an industrial PC platform used in manufacturing and automation, is at the center of advisory ICSA-25-121-01.

- Advertisement -

 CISA outlines a suite of vulnerabilities, the most severe reaching a CVSS v3.1 base score of 10.0, indicating a critical risk level.

• Missing Authentication for Critical Function (CVE-2025-24522): The Node-RED server on Revolution Pi OS Bookworm (version 01/2025 and earlier) does not require authentication by default. This misconfiguration could allow unauthenticated attackers to execute arbitrary commands on the device, potentially taking full control.
• Authentication Bypass (CVE-2025-32011): A path traversal flaw in PiCtory versions 2.5.0 through 2.11.1 allows remote attackers to bypass authentication mechanisms and gain unauthorized access.
• Improper Neutralization of Server-Side Includes (SSI) (CVE-2025-35996, CVE-2025-36558): These vulnerabilities can enable cross-site scripting (XSS) attacks, with one flaw allowing a specially crafted filename to be executed as an HTML script, posing risks for configuration theft or further exploitation.

CISA’s risk evaluation warns that successful exploitation could result in attackers bypassing login procedures, hijacking critical device functions, or injecting malicious web scripts, affecting both device integrity and operational safety.

2.MicroDicom DICOM Viewer: Risk to Medical Imaging Systems

Advisory ICSMA-25-121-01 highlights two major flaws in the MicroDicom DICOM Viewer-a tool frequently used in healthcare for viewing medical images.

• Out-of-Bounds Write (CVE-2025-35975): A vulnerability in all versions up to 2025.1 (Build 3321) could allow attackers to execute malicious code simply by convincing a user to open a specially crafted DCM image file.
• Out-of-Bounds Read (CVE-2025-36521): Similarly, this flaw could result in memory corruption, leading to information disclosure or application crashes.

Both vulnerabilities are remotely exploitable with low attack complexity, earning CVSS v4 scores of 8.6.

CISA strongly urges all users and administrators of affected products to review the latest advisories for technical details and mitigation strategies.

Timely patching and enhanced authentication configurations are crucial to protecting ICS and medical environments from these active risks.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!