Wednesday, May 7, 2025
HomeCVE/vulnerabilityThree New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations

Three New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories.

These advisories provide critical insights into vulnerabilities impacting Traffic Alert and Collision Avoidance Systems (TCAS) II, Siemens SIMATIC S7-1200 CPUs, and ZF Roll Stability Support Plus (RSSPlus).

Each advisory includes detailed technical descriptions of the vulnerabilities, associated CVEs, and recommended mitigation measures to safeguard affected systems.

- Advertisement - Google News

1. Traffic Alert and Collision Avoidance System (TCAS) II: Serious Safety Risks Identified

The TCAS II, widely used in aviation for collision avoidance, has been found to have two significant vulnerabilities: reliance on untrusted inputs in security decisions (CVE-2024-9310) and external control of system settings (CVE-2024-11166).

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

These flaws are exploitable from adjacent networks and could compromise the safety of air traffic management systems.CVE-2024-9310 involves the use of spoofed radio frequency (RF) signals to create fake aircraft on displays.

This could lead to incorrect Resolution Advisories (RAs), which are critical for avoiding mid-air collisions.

The vulnerability has a CVSS v4 score of 6.0.CVE-2024-11166 allows attackers to impersonate a ground station and alter the Sensitivity Level Control (SLC), disabling RAs and causing a denial-of-service (DoS) condition. This vulnerability is more severe, with a CVSS v4 score of 7.1.

Exploiting these vulnerabilities could enable attackers to manipulate safety systems, potentially endangering aircraft operations. Such compromises can lead to the disabling of key functions, jeopardizing both safety and reliability.

2. Siemens SIMATIC S7-1200 CPUs: Cross-Site Request Forgery Vulnerability

Siemens’ SIMATIC S7-1200 CPUs, used in industrial automation, are vulnerable to Cross-Site Request Forgery (CSRF) attacks (CVE-2024-47100).

Exploited remotely with low attack complexity, this vulnerability allows unauthenticated attackers to manipulate a CPU’s operational mode by deceiving a legitimate and authenticated user into clicking on a malicious link. With a CVSS v4 score of 7.2, this flaw is rated as high severity.

Successful exploitation targets the web interface of these devices, impacting the integrity and availability of industrial automation systems. This could disrupt critical operations in industrial environments.

3.ZF Roll Stability Support Plus (RSSPlus): Authentication Bypass Vulnerability

The ZF RSSPlus, an advanced stability system designed for heavy vehicles, is exposed to an Authentication Bypass by Primary Weakness (CVE-2024-12054).

This vulnerability enables an attacker to call diagnostic functions remotely using deterministic SecurityAccess service seeds. The flaw has a CVSS v4 score of 5.9, making it moderate in severity but still concerning.

Exploitation could allow adversaries to affect diagnostic functions, degrade performance, or erase essential software. While the vehicle remains in a safe state, disruptions to system reliability and operational continuity are possible, particularly in high-risk environments.

Operators are advised to update RSSPlus firmware as per vendor guidelines.

CISA also recommends employing robust physical and network security measures to restrict access to telematics and RF equipment. Regular diagnostics and secure firmware provisioning are key preventive measures.

The vulnerabilities uncovered in these three ICS products underscore the growing cybersecurity risks in critical infrastructure sectors.

Exploitation of these flaws could disrupt safety-critical systems in aviation, industrial automation, and automotive stability. To counter such threats effectively, stakeholders should take the following steps:

  1. Patch Management: Apply available updates and patches immediately to close identified security gaps.
  2. Network Segmentation: Isolate vulnerable systems from internet-accessible networks to limit exposure.
  3. Access Control: Limit access to mission-critical systems to authorized personnel only.
  4. Continuous Monitoring: Implement robust intrusion detection systems to identify and respond to potential attacks in real-time.
  5. Incident Response Planning: Prepare contingency plans to minimize downtime and operational impact in case of an attack.

CISA’s advisories offer actionable recommendations, but effective implementation of these measures depends on proactive cooperation between vendors, operators, and security teams.

By addressing these vulnerabilities promptly, organizations can enhance the resilience of critical systems.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...