CISA Releases Seven ICS Advisories to Strengthen Cybersecurity Posture

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued seven Industrial Control Systems (ICS) advisories, highlighting critical vulnerabilities in systems vital to industrial and operational processes.

These advisories aim to enhance awareness and encourage mitigation strategies to maintain the security and integrity of ICS environments. Below, we delve into the details of each advisory and its associated vulnerabilities.

CISA Releases Seven ICS Advisories

1. B&R Automation Runtime (ICSA-25-028-01)

• CVE: CVE-2024-8603
• Vulnerability: Use of a Broken or Risky Cryptographic Algorithm

Remote exploitation of this vulnerability could allow attackers to impersonate legitimate services on impacted devices.  

The vulnerability results from the use of unsafe cryptographic algorithms in the SSL/TLS component. If exploited, attackers could potentially intercept or manipulate communications between devices.

2. Schneider Electric Power Logic (ICSA-25-028-02)

• CVEs: CVE-2024-10497, CVE-2024-10498
• Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploitation of these vulnerabilities could lead to unauthorized data modifications or denial of service (DoS) affecting device web interfaces.

 The flawed implementation of user-controlled keys (CVE-2024-10497) could allow attackers to manipulate configurations outside defined privileges.

Additionally, memory buffer issues (CVE-2024-10498) enable attackers to send malformed requests, potentially causing system malfunctions.

3. Rockwell Automation FactoryTalk (ICSA-25-028-03)

• CVEs: CVE-2025-24479, CVE-2025-24480
• Vulnerabilities: Incorrect Authorization, OS Command Injection

Attackers exploiting these flaws could execute commands with elevated privileges, severely impacting system integrity.

 Improper authorization configurations (CVE-2025-24479) and failure to sanitize inputs (CVE-2025-24480) allow attackers to inject malicious OS commands, leading to code execution and system compromise.

4. Rockwell Automation FactoryTalk View Site Edition (ICSA-25-028-04)

• CVEs: CVE-2025-24481, CVE-2025-24482
• Vulnerabilities: Incorrect Permission Assignment for Critical Resources, Code Injection

Exploitation could result in unauthorized access to configuration files and the execution of malicious code.  

Unauthorized permissions (CVE-2025-24481) and vulnerabilities enabling DLL injection (CVE-2025-24482) pose significant risks to system configuration and security.

5. Rockwell Automation DataMosaix Private Cloud (ICSA-25-028-05)

• CVEs: CVE-2020-11656, CVE-2024-11932
• Vulnerabilities: Exposure of Sensitive Information, Third-Party Dependency Issues

Sensitive data exposure and vulnerabilities in third-party components could allow attackers to overwrite files and execute malicious actions.  

A path traversal vulnerability (CVE-2024-11932) and outdated SQLite implementation (CVE-2020-11656) create opportunities for attackers to compromise reports and user projects.

6. Schneider Electric RemoteConnect and SCADAPack x70 Utilities (ICSA-25-028-06)

• CVE: CVE-2024-12703
• Vulnerability: Deserialization of Untrusted Data

Malicious project files opened by users could compromise system confidentiality, integrity, or even lead to remote code execution.

Improper deserialization processes allow attackers to embed malicious code in project files, compromising workstation security.

7. BD Diagnostic Solutions Products (ICSMA-24-352-01)

• CVE: CVE-2024-10476
• Vulnerability: Use of Default Credentials

Default credentials used in BD products could allow unauthorized access, modification, or deletion of sensitive data, potentially shutting down systems.  

Default credentials (CWE-1392) pose a significant risk, enabling attackers to infiltrate systems and access protected health and personally identifiable information (PHI/PII).

CISA’s release of these advisories underscores the urgent need for industrial organizations to address vulnerabilities in ICS environments.

Organizations are encouraged to follow CISA’s mitigation recommendations, including implementing patches, enforcing secure configurations, and regularly updating software.

By proactively addressing these vulnerabilities, organizations can bolster their cybersecurity posture and protect critical infrastructure from malicious threats.

Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request