CISA Releases Nine ICS Advisories Surrounding Vulnerabilities, and Exploits

Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) published nine Industrial Control Systems (ICS) advisories on Thu, Aug 28, 2025, addressing vulnerabilities in products from leading vendors.

Key Vulnerabilities

The advisories identify several critical issues, including:

• Remote-exploitable flaws
• Privilege-escalation weaknesses
• Memory corruption bugs
• Insecure configurations

CISA and the involved vendors provide detailed guidance to protect ICS environments from these threats.

Key Takeaways

• Nine ICS advisories describe critical vulnerabilities, such as authentication bypass, credential leaks, buffer overflows, and privilege escalations.
• Recommendations include applying vendor patches and isolating control networks with VPNs and firewalls.
• Organizations should conduct impact assessments and follow defense-in-depth strategies as per ICS-TIP guidance.

Mitsubishi Electric MELSEC iQ-F Series Vulnerabilities

The advisories ICSA-25-240-01 and ICSA-25-240-02 report vulnerabilities in MELSEC iQ-F Series CPU modules.

• Missing Authentication for Critical Function (CVE-2025-7405): Allows unauthorized access to read/write device values or halt program execution.
• Cleartext Transmission of Sensitive Information (CVE-2025-7731): Exposes SLMP credentials over the network.

Affected models include FX5U, FX5UC, FX5UJ, and FX5S series. Vendors recommend implementing LAN isolation, VPNs, IP filtering, and physical access controls.

Schneider, Delta, GE Vernova Vulnerabilities

Schneider Electric’s Saitel DR/DP RTUs (ICSA-25-240-03) reveal an Improper Privilege Management issue (CVE-2025-8453). The issue is addressed in patch HUe v11.06.30.

Delta Electronics advisories include:

• CNCSoft-G2 Out-of-bounds Write (CVE-2025-47728): Allows arbitrary code execution through malformed DPAX files. Update to version 2.1.0.27 or later.
• COMMGR Buffer Overflow & Code Injection (CVE-2025-53418, CVE-2025-53419): Requires patching to version 2.10.0.

GE Vernova’s CIMPLICITY HMI/SCADA suite (ICSA-25-240-06) suffers from an Uncontrolled Search Path Element (CVE-2025-7719). An upgrade to 2024 SIM 4 is recommended.

Mitsubishi & Hitachi Energy Vulnerabilities

Multiple FA Engineering Software Products (ICSA-24-135-04) identify Privilege, Resource Consumption, and Out-of-bounds Write flaws. Users are advised to apply Update D.

For ICONICS Digital Solutions and MC Works64 (ICSA-25-140-04), Execution with Unnecessary Privileges (CVE-2025-0921) is mitigated by disabling Classic OPC Point Manager and enforcing administrator-only logins.

Hitachi Energy’s Relion 670/650 and SAM600-IO Series (ICSA-25-184-01) expose an Improper Check for Unusual Conditions (CVE-2025-1718). Firmware versions 2.2.6.4 and 2.2.5.8 or later mitigate the risk.

CISA emphasizes conducting impact analyses, isolating control networks, using VPNs and firewalls, and adhering to ICS-TIP guidelines. Organizations should report exploitation attempts and apply vendor patches promptly.