Wednesday, May 7, 2025
HomeCVE/vulnerabilityCISA Releases Nine Security Advisories on ICS Vulnerabilities and Exploits

CISA Releases Nine Security Advisories on ICS Vulnerabilities and Exploits

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has released nine advisories targeting security vulnerabilities in Industrial Control Systems (ICS).

These vulnerabilities pose significant risks, including denial of service (DoS), information disclosure, and even remote code execution.

Organizations using ICS technologies are urged to immediately address these vulnerabilities to avoid potential exploitation.

- Advertisement - Google News

1. Western Telematic Inc NPS, DSM, CPM Series

CVE-2025-0630 – Western Telematic Inc’s equipment is affected by a Local File Inclusion (LFI) vulnerability stemming from external control of file names or paths (CWE-73). Authenticated users can exploit this flaw to gain privileged access to device files.

Successful exploitation could allow attackers to access sensitive files within the system, jeopardizing data confidentiality.

Affected products include Network Power Switch (NPS Series), Console Server (DSM Series), and Console Server + PDU Combo Unit (CPM Series), all running firmware version 6.62 and prior.

2. Rockwell Automation 1756-L8zS3 and 1756-L3zS3

CVE-2025-24478 – Improper handling of exceptional conditions (CWE-755) in Rockwell Automation products can lead to a denial-of-service (DoS) scenario.

Attackers can exploit this vulnerability remotely by sending malicious requests, resulting in a major system fault.

Devices affected include 1756-L8zS3 and 1756-L3zS3 controllers running specific firmware versions earlier than V33.017 to V36.011. Exploitation could cause significant downtime, disrupting operations.

3. Elber Communications Equipment

CVE-2025-0674 – An authentication bypass vulnerability (CWE-288) has been identified in several Elber products. Attackers can exploit this flaw to gain administrative access by manipulating the password management system.

Exploitation risks include complete control of affected devices, making this a critical issue. Affected products include DVB-S/S2 IRDs, Cleber/3 Broadcast platforms, ESE Satellite Receivers, and others.

4. Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC

CVE-2024-11425 – An incorrect calculation of buffer size (CWE-131) vulnerability affects Schneider Electric Modicon M580 PLCs and other devices. Unauthenticated attackers can exploit this flaw remotely by sending crafted HTTPS packets.

This vulnerability could lead to denial-of-service conditions or service outages. Affected products include Modicon M580 CPUs, BMENOR2200H, and EVLink Pro AC chargers from various versions.

5. Schneider Electric Web Designer for Modicon

CVE-2024-12476 – A flaw related to improper restriction of XML external entities (CWE-611) in Schneider Electric’s Web Designer software may allow attackers to execute remote code or disclose sensitive information.

This vulnerability affects all versions of Web Designer for Modicon products, potentially compromising workstation integrity and running malicious configurations.

6. Schneider Electric Modicon M340 and BMX Series

CVE-2024-12142 – An exposure of sensitive information to an unauthorized actor (CWE-200) has been identified in Schneider Electric’s Modicon M340 and BMX series devices. This flaw allows attackers to access restricted web pages or disrupt system operations.

The vulnerability impacts multiple Modicon processors and BMX modules, including BMXNOE and BMXNOR devices, with various firmware versions.

7. Schneider Electric Pro-face GP-Pro EX and Remote HMI

CVE-2024-12399 – The Pro-face GP-Pro EX and Remote HMI software are vulnerable to improper enforcement of message integrity (CWE-924), which could enable man-in-the-middle (MITM) attacks.

Exploitation risks include partial loss of data confidentiality and integrity. All versions of these products are affected, with no mitigations specified.

8. AutomationDirect C-more EA9 HMI

CVE-2025-0960 – AutomationDirect’s C-more EA9 HMI devices suffer from a classic buffer overflow vulnerability (CWE-120). Attackers can use this flaw to achieve either remote code execution or denial-of-service conditions.

All affected devices, including various models of C-more EA9 HMIs running firmware v6.79 and earlier, should be updated immediately.

9. Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium

Ashlar-Vellum software products are at risk due to vulnerabilities including out-of-bounds writes (CWE-787), heap-based buffer overflow (CWE-122), and out-of-bounds reads (CWE-125). Exploitation can lead to arbitrary code execution.

Affected products include Cobalt, Graphite, Xenon, Argon, Lithium, and Cobalt Share with many versions requiring immediate updates.

CISA’s advisories highlight critical vulnerabilities in a range of ICS technologies used across industries. Each advisory includes detailed technical descriptions, affected products, and associated Common Vulnerabilities and Exposures (CVE) identifiers.

Organizations are advised to act swiftly by reviewing their ICS environments, applying available patches, and implementing recommended mitigation measures.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...