CISA Releases Nine Advisories Detailing Vulnerabilities and Exploits Surrounding ICS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued nine new Industrial Control Systems (ICS) advisories, shedding light on critical vulnerabilities and exploits that could significantly impact industrial operations. 

These advisories aim to provide actionable insights for securing ICS environments, which are integral to critical infrastructure sectors like energy, manufacturing, and transportation.

The advisories cover a range of products from prominent vendors, including Rockwell Automation, Schneider Electric, and AutomationDirect.

Each advisory provides detailed technical information and recommended mitigations to address the identified vulnerabilities.

Western Telematic Inc NPS Series, DSM Series, CPM Series

A Local File Inclusion (LFI) vulnerability CVE-2025-0630 has been discovered affecting NPS, DSM, and CPM Series products up to version 6.62.  

This vulnerability carries a CVSS v4 score of 6.0 and could allow authenticated users to access sensitive files on the filesystem.  

While no public exploit is currently available, users are strongly advised to replace affected devices or implement strict access restrictions as a mitigation strategy.

Rockwell Automation 1756-L8zS3 and 1756-L3zS3

An Improper Handling of Exceptional Conditions vulnerability CVE-2025-24478 has been identified, allowing remote attackers to cause a denial-of-service (DoS) by sending malicious requests.  

This issue affects versions prior to V33.017, V34.014, V35.013, and V36.011 and has a CVSS v4 score of 7.1.  

Users are advised to update to the latest firmware versions and restrict network access to mitigate this vulnerability.

Elber Communications Equipment

Multiple vulnerabilities have been discovered in several Elber devices, including the Signum DVB-S/S2 IRD and Cleber/3.  

These vulnerabilities include Authentication Bypass Using Alternate Path or Channel CVE-2025-0674 and Hidden Functionality CVE-2025-0675, potentially leading to unauthorized administrative access and exposure of device configurations.  

With CVSS v4 scores of 9.3 and 8.7 ,respectively, these vulnerabilities pose a significant risk.  Because these devices are end-of-life, users are advised to contact Elber support for guidance on how to mitigate these issues.

Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC

An Incorrect Calculation of Buffer Size vulnerability CVE-2024-11425 has been identified, allowing denial-of-service conditions when crafted HTTPS packets are sent. 

This issue affects Modicon M580 CPUs prior to SV4.30 or SV4.21, EVLink Pro AC prior to V1.3.10, and BMENOR2200H (all versions). 

With a CVSS v4 score of 8.7, this vulnerability poses a significant risk. Users are recommended to apply firmware updates or implement network segmentation and firewalls as mitigation strategies.

Schneider Electric Web Designer for Modicon

An Improper Restriction of XML External Entity Reference vulnerability CVE-2024-12476 has been discovered in all versions of Web Designer for BMXNOR0200H, BMXNOE0110(H), BMENOC0311(C), and BMENOC0321(C). 

This vulnerability, with a CVSS v3 score of 7.8, could lead to information disclosure and potentially remote code execution through malicious XML files. 

Mitigation strategies include encrypting project files, using secure protocols, and validating file integrity before use.

Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H

An Exposure of Sensitive Information to Unauthorized Actor vulnerability CVE-2024-12142 has been identified in Modicon M340 processors (all versions) and BMXNOE0100/0110 and BMXNOR0200H prior to SV1.70IR26.  

This vulnerability, carrying a CVSS v3 score of 8.6, could lead to information disclosure, web page modification, and denial-of-service (DoS) attacks. 

Users are advised to either disable FTP/Web server services or apply the necessary firmware updates to mitigate this risk.

Schneider Electric Pro-face GP-Pro EX and Remote HMI

An Improper Enforcement of Message Integrity During Transmission vulnerability CVE-2024-12399 has been discovered in all versions of Pro-face GP-Pro EX and Remote HMI.  

This vulnerability, assigned a CVSS v4 score of 6.1, could allow man-in-the-middle attacks, potentially leading to both information disclosure and operational failures. 

Users are recommended to either utilize VPNs for secure remote access or disable Remote HMI features if they are not required.

AutomationDirect C-more EA9 HMI

A Buffer Overflow vulnerability CVE-2025-0960 has been identified in C-more EA9 HMI models up to version v6.79.  This vulnerability, which has a CVSS v4 score of 9.3, could lead to denial-of-service or remote code execution due to unchecked input bounds.  

Updating the firmware to version V6.80 or isolating the device from external networks is recommended to mitigate this risk.

Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium

This update addresses previously reported vulnerabilities tracked as CVE-2023-39427, CVE-2023-39936, CVE-2023-40222, and CVE-2023-39943 in Ashlar-Vellum software products used in design applications.

These advisories emphasize the importance of timely updates and mitigations to safeguard ICS systems from exploitation risks

These advisories underscore the critical need for vigilance in the ICS sector.

CISA strongly encourages organizations to review these advisories in detail and implement the recommended mitigations promptly to safeguard against potential cyber threats targeting critical infrastructure systems.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post CISA Releases Nine Advisories Detailing Vulnerabilities and Exploits Surrounding ICS appeared first on Cyber Security News.