Wednesday, May 7, 2025
HomeCyber Security NewsCISA Releases Eight New ICS Advisories to Defend Cyber Attacks

CISA Releases Eight New ICS Advisories to Defend Cyber Attacks

Published on

SIEM as a Service

Follow Us on Google News

 The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting Industrial Control Systems (ICS).

These vulnerabilities impact critical software and hardware across various industries, posing risks of service disruption, unauthorized access, and malicious code execution.

The following are the key vulnerabilities, their associated Common Vulnerabilities and Exposures (CVEs), and mitigation recommendations.

- Advertisement - Google News

1. Hitachi Energy SDM600: Privilege Escalation and Information Disclosure

The Hitachi Energy SDM600 platform is vulnerable to two significant flaws: Origin Validation Error and Incorrect Authorization.

The Origin Validation Error, identified as CVE-2024-2377, arises from an overly permissive HTTP response header configuration. This configuration could allow attackers to execute privileged actions and access sensitive data.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Incorrect Authorization, tracked as CVE-2024-2378, is caused by weaknesses in the authentication system, enabling privilege escalation.

These vulnerabilities have CVSS scores of 7.6 and 8.0, respectively, emphasizing their critical nature. Upgrading to version 1.3.4 or later is required to address these risks.

2. Hitachi Energy RTU500 Series CMU: Buffer Overflow Vulnerability

Hitachi Energy’s RTU500 series CMU firmware is affected by a Buffer Overflow vulnerability, identified as CVE-2023-6711.

Improper input data validation in SCI and HCI IEC 60870-5-104 components leads to a possible denial-of-service condition by allowing attackers to send maliciously crafted messages.

The vulnerability has a CVSS v3 score of 5.9. Users are advised to update their firmware to the latest versions to mitigate this potential attack vector.

3. Delta Electronics DTM Soft: Arbitrary Code Execution

Delta Electronics’ DTM Soft, versions 1.30 and earlier, is vulnerable to a Deserialization of Untrusted Data flaw identified as CVE-2024-12677.

This vulnerability allows attackers to execute arbitrary code by exploiting the software’s deserialization function.

It carries a CVSS v3 score of 7.8 and a CVSS v4 score of 8.5, highlighting its high risk and low exploitation complexity. Users must upgrade to the latest version of DTM Soft to protect their systems.

4. Siemens User Management Component: Remote Code Execution

Siemens products, including SIMATIC PCS neo and TIA Portal, are vulnerable to a Heap-Based Buffer Overflow, identified as CVE-2024-49775.

This flaw allows unauthenticated attackers to execute arbitrary code remotely, posing severe risks to critical infrastructure.

With a CVSS v3 score of 9.8 and a CVSS v4 score of 9.3, this is among the most severe vulnerabilities identified in this advisory. Siemens has advised all users to implement the latest patches available through Siemens ProductCERT.

5. Tibbo AggreGate Network Manager: File Upload Exploitation

Tibbo’s AggreGate Network Manager is impacted by an Unrestricted File Upload vulnerability, tracked as CVE-2024-12700.

An attacker with low privileges can upload and execute malicious files, such as JSP shells, with the same level of permissions as the web server. This flaw has a CVSS v3 score of 8.8 and a CVSS v4 score of 8.7.

Organizations using AggreGate should update to version 6.34.03 or later as soon as possible.

6. Schneider Electric Accutech Manager: System Crash Vulnerability

Schneider Electric’s Accutech Manager, a telemetry system used in industrial environments, is vulnerable to a Classic Buffer Overflow, identified as CVE-2024-6918.

This vulnerability can be exploited remotely through port 2536/TCP, causing the application to crash and disrupting operations.

With a CVSS v3 score of 7.5, this high-severity issue requires immediate updates from the vendor and network access restrictions to mitigate risks.

7. Schneider Electric Modicon Controllers: Cross-Site Scripting

The Modicon Controllers used in industrial automation are vulnerable to Cross-Site Scripting (XSS), tracked as CVE-2024-6528.

This vulnerability enables attackers to inject malicious JavaScript into web pages, leading to unauthorized browser actions.

The CVSS score for this vulnerability is 5.4, indicating moderate severity but significant potential for exploitation in certain environments. Users must update to the latest versions of Modicon Controller firmware to remediate the issue.

8. Ossur Mobile Logic Application: Multiple Vulnerabilities

Ossur’s Mobile Logic Application is affected by three critical vulnerabilities: Exposure of Sensitive System Information (CVE-2024-53683), Command Injection (CVE-2024-54681), and Use of Hard-Coded Credentials (CVE-2024-45832).

These flaws could allow attackers to gain unauthorized access, inject malicious commands, and compromise data integrity. While the CVSS scores for these vulnerabilities vary from 2.0 to 5.6, collectively they pose significant risks.

Ossur recommends upgrading to version 1.5.5 or later to resolve these vulnerabilities effectively.

The new advisories from CISA serve as an urgent reminder of the vulnerabilities facing Industrial Control Systems.

Exploits targeting ICS can lead to severe consequences, including operational disruption, financial losses, and safety hazards.

Organizations operating affected systems should prioritize applying vendor-released updates, strengthen network segmentation, and employ vigilant system monitoring to detect potential attacks.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...