Saturday, February 8, 2025
HomeCVE/vulnerabilityCISA Releases Nine Security Advisories on ICS Vulnerabilities and Exploits

CISA Releases Nine Security Advisories on ICS Vulnerabilities and Exploits

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has released nine advisories targeting security vulnerabilities in Industrial Control Systems (ICS).

These vulnerabilities pose significant risks, including denial of service (DoS), information disclosure, and even remote code execution.

Organizations using ICS technologies are urged to immediately address these vulnerabilities to avoid potential exploitation.

1. Western Telematic Inc NPS, DSM, CPM Series

CVE-2025-0630 – Western Telematic Inc’s equipment is affected by a Local File Inclusion (LFI) vulnerability stemming from external control of file names or paths (CWE-73). Authenticated users can exploit this flaw to gain privileged access to device files.

Successful exploitation could allow attackers to access sensitive files within the system, jeopardizing data confidentiality.

Affected products include Network Power Switch (NPS Series), Console Server (DSM Series), and Console Server + PDU Combo Unit (CPM Series), all running firmware version 6.62 and prior.

2. Rockwell Automation 1756-L8zS3 and 1756-L3zS3

CVE-2025-24478 – Improper handling of exceptional conditions (CWE-755) in Rockwell Automation products can lead to a denial-of-service (DoS) scenario.

Attackers can exploit this vulnerability remotely by sending malicious requests, resulting in a major system fault.

Devices affected include 1756-L8zS3 and 1756-L3zS3 controllers running specific firmware versions earlier than V33.017 to V36.011. Exploitation could cause significant downtime, disrupting operations.

3. Elber Communications Equipment

CVE-2025-0674 – An authentication bypass vulnerability (CWE-288) has been identified in several Elber products. Attackers can exploit this flaw to gain administrative access by manipulating the password management system.

Exploitation risks include complete control of affected devices, making this a critical issue. Affected products include DVB-S/S2 IRDs, Cleber/3 Broadcast platforms, ESE Satellite Receivers, and others.

4. Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC

CVE-2024-11425 – An incorrect calculation of buffer size (CWE-131) vulnerability affects Schneider Electric Modicon M580 PLCs and other devices. Unauthenticated attackers can exploit this flaw remotely by sending crafted HTTPS packets.

This vulnerability could lead to denial-of-service conditions or service outages. Affected products include Modicon M580 CPUs, BMENOR2200H, and EVLink Pro AC chargers from various versions.

5. Schneider Electric Web Designer for Modicon

CVE-2024-12476 – A flaw related to improper restriction of XML external entities (CWE-611) in Schneider Electric’s Web Designer software may allow attackers to execute remote code or disclose sensitive information.

This vulnerability affects all versions of Web Designer for Modicon products, potentially compromising workstation integrity and running malicious configurations.

6. Schneider Electric Modicon M340 and BMX Series

CVE-2024-12142 – An exposure of sensitive information to an unauthorized actor (CWE-200) has been identified in Schneider Electric’s Modicon M340 and BMX series devices. This flaw allows attackers to access restricted web pages or disrupt system operations.

The vulnerability impacts multiple Modicon processors and BMX modules, including BMXNOE and BMXNOR devices, with various firmware versions.

7. Schneider Electric Pro-face GP-Pro EX and Remote HMI

CVE-2024-12399 – The Pro-face GP-Pro EX and Remote HMI software are vulnerable to improper enforcement of message integrity (CWE-924), which could enable man-in-the-middle (MITM) attacks.

Exploitation risks include partial loss of data confidentiality and integrity. All versions of these products are affected, with no mitigations specified.

8. AutomationDirect C-more EA9 HMI

CVE-2025-0960 – AutomationDirect’s C-more EA9 HMI devices suffer from a classic buffer overflow vulnerability (CWE-120). Attackers can use this flaw to achieve either remote code execution or denial-of-service conditions.

All affected devices, including various models of C-more EA9 HMIs running firmware v6.79 and earlier, should be updated immediately.

9. Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium

Ashlar-Vellum software products are at risk due to vulnerabilities including out-of-bounds writes (CWE-787), heap-based buffer overflow (CWE-122), and out-of-bounds reads (CWE-125). Exploitation can lead to arbitrary code execution.

Affected products include Cobalt, Graphite, Xenon, Argon, Lithium, and Cobalt Share with many versions requiring immediate updates.

CISA’s advisories highlight critical vulnerabilities in a range of ICS technologies used across industries. Each advisory includes detailed technical descriptions, affected products, and associated Common Vulnerabilities and Exposures (CVE) identifiers.

Organizations are advised to act swiftly by reviewing their ICS environments, applying available patches, and implementing recommended mitigation measures.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...