Monday, May 12, 2025
HomeCVE/vulnerabilityCISA Issues Two New ICS Advisories Addressing Exploits and Vulnerabilities

CISA Issues Two New ICS Advisories Addressing Exploits and Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated its cybersecurity alerts on February 18, 2025, releasing two critical Industrial Control Systems (ICS) advisories targeting vulnerabilities in Delta Electronics’ CNCSoft-G2 and Rockwell Automation’s GuardLogix controllers.

These advisories flagged under ICSA-24-191-01 (Update A) and ICSA-25-035-02 (Update A), address high-severity flaws that could enable remote code execution and denial-of-service attacks across industrial environments.

Delta Electronics CNCSoft-G2 Vulnerabilities Expose Systems to Remote Exploitation

CISA’s ICSA-24-191-01 advisory highlights six critical vulnerabilities in Delta Electronics’ CNCSoft-G2, a human-machine interface (HMI) software widely used in manufacturing and CNC machining systems.

- Advertisement - Google News

The flaws, rated with a CVSS v4 score of 8.4, affect versions 2.0.0.5 through 2.1.0.16 and stem from memory corruption weaknesses:

  1. CVE-2024-39880: A stack-based buffer overflow allows attackers to execute arbitrary code by tricking users into opening malicious files or visiting compromised web pages.
  2. CVE-2024-39881: An out-of-bounds write vulnerability permits memory corruption under similar attack vectors.
  3. CVE-2024-39882: An out-of-bounds read flaw enables attackers to leak sensitive data or crash processes.
  4. CVE-2024-39883: A heap-based buffer overflow in version 2.0.0.5 allows code execution.
  5. CVE-2024-12858: Affecting versions up to 2.1.0.16, this heap overflow could grant full system control.
  6. CVE-2025-22880: Versions 2.1.0.10 and prior are vulnerable to heap-based overflows via malicious files.

CISA emphasized that all vulnerabilities require minimal attack complexity, with no privileges needed for exploitation.

Successful attacks could disrupt manufacturing processes, compromise intellectual property, or enable lateral movement within operational technology (OT) networks.

Rockwell Automation GuardLogix Controllers at Risk of Denial-of-Service Attacks

The second advisory, ICSA-25-035-02, focuses on Rockwell Automation’s GuardLogix 5380 and 5580 controllers, critical components in industrial safety systems.

The vulnerability CVE-2025-24478 (CVSS v4: 7.1) stems from improper exception handling, allowing unprivileged remote attackers to trigger major faults and denial-of-service conditions. Affected firmware includes:

  • GuardLogix 5580 (SIL 3) versions before V33.017, V34.014, V35.013, and V36.011
  • Compact GuardLogix 5380 SIL 3 versions pre-dating the same updates

Exploitation could halt safety-critical processes in sectors like energy, pharmaceuticals, and automotive manufacturing, risking operational shutdowns and safety incidents.

CISA urges organizations using Delta Electronics CNCSoft-G2 to upgrade to patched versions immediately.

For Rockwell Automation systems, firmware updates to GuardLogix 5380/5580 controllers beyond the affected versions are critical. Temporary mitigations include:

  • Segmenting OT networks from corporate IT environments
  • Restricting file execution and web access on HMIs
  • Monitoring for anomalous traffic to PLCs and safety controllers

Delta Electronics and Rockwell Automation have released patches and workarounds through their security portals.

CISA’s advisories underscore the growing risks to ICS environments, where outdated software and interconnected systems amplify attack surfaces.

With industrial infrastructure increasingly targeted by nation-states and cybercriminal groups, these advisories serve as a stark reminder of the urgent need for proactive vulnerability management.

Organizations must prioritize patch deployment, network segmentation, and continuous monitoring to safeguard critical operations.

Review CISA’s advisories ICSA-24-191-01 and ICSA-25-035-02 on the official CISA.gov repository for full technical details.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...