All news with #ics security tag

🔔 CISA published two Industrial Control Systems (ICS) Advisories: ICSA-25-364-01 for WHILL C2 Wheelchairs and ICSA-25-345-03 for AzeoTech DAQFactory (Update A). The advisories describe identified vulnerabilities and recommended mitigations. Administrators and users are encouraged to review the technical details and apply mitigations promptly to reduce exposure.

⚠️ CISA has published an updated Industrial Control Systems advisory, ICSA-25-177-01 (Update B), addressing multiple vulnerabilities affecting Mitsubishi Electric air conditioning systems and associated operational components. The advisory outlines technical findings, potential impacts to building automation and HVAC control networks, and prioritized mitigation steps. Administrators and operators should review the guidance promptly, apply vendor updates where available, and implement network segmentation and enhanced monitoring to reduce risk.

🔒 Modern water and wastewater systems face accelerating cyber threats as utilities adopt remote sensors, cloud telemetry, and integrated SCADA. Critical safeguards—multi-factor authentication, network segmentation, and unified IT/OT visibility—are often missing, increasing risk from nation-state actors and ransomware. Utilities should prioritize comprehensive asset inventories, containment architectures, anomaly detection (e.g., FortiNDR, FortiSIEM), and regularly tested recovery plans to meet rising federal expectations.

🔔 CISA released 12 Industrial Control Systems (ICS) advisories detailing vulnerabilities and mitigation guidance across multiple vendors, including Johnson Controls, Siemens, and AzeoTech. The notices call out specific products such as iSTAR, SINEMA Remote Connect Server, and DAQFactory, plus open-source and medical-imaging components. Administrators and operators are encouraged to review the technical details and apply recommended mitigations to reduce exploitation risk.

🔒 CISA reports a critical authentication bypass (CWE-306, CVE-2025-13607) affecting multiple India-deployed CCTV products, including D-Link DCS-F5614-L1. The flaw permits unauthenticated remote retrieval of device configuration and account credentials with low attack complexity and high impact. D-Link has released a software update for the DCS-F5614-L1; users should install the patch, verify firmware versions, and minimize network exposure while seeking guidance from other vendors.

🔔 CISA published three Industrial Control Systems (ICS) advisories addressing vulnerabilities in Universal Boot Loader (U-Boot) (ICSA-25-343-01), the Festo LX Appliance (ICSA-25-343-02), and several India-based CCTV camera models (ICSA-25-343-03). Each advisory provides technical details, impact assessments, and recommended mitigations. CISA urges system operators, vendors, and administrators to review the advisories promptly and apply available updates or compensating controls to reduce operational risk.

⚠️ This joint advisory from CISA, FBI, NSA, and international partners details opportunistic intrusions by pro‑Russia hacktivist groups—CARR, NoName057(16), Z‑Pentest, and Sector16—against OT/ICS environments. Actors are exploiting internet‑exposed VNC services, using open‑source scanning and brute‑force tools to access HMI devices with default or weak credentials, causing loss of view, configuration changes, and operational downtime. The advisory urges organizations to reduce public exposure, apply network segmentation, enforce strong authentication (MFA where feasible), harden device credentials, and follow secure‑by‑design guidance for OT products.

⚠️ Festo SE & Co. KG's LX Appliance contains a cross-site scripting (XSS) vulnerability tied to the video.js library (CVE-2021-23414) that can allow crafted course content to execute scripts in high-privilege user sessions. The issue affects LX Appliance versions prior to June 2023 and has a CVSS v3.1 base score of 6.1. Festo coordinated disclosure with CERT@VDE and published advisory FSA-202301. Administrators should update affected appliances and apply recommended network isolation and secure remote access controls.

🔒CISA, alongside the FBI, NSA, DOE, EPA, the Department of Defense Cyber Crime Center, and international partners, published a joint advisory describing opportunistic pro-Russia hacktivist activity targeting operational technology (OT) systems. These groups exploit minimally secured, internet-facing VNC connections to access OT control devices and have caused varying impacts, including physical damage. Named actors include Cyber Army of Russia Reborn, Z-Pentest, NoName057(16), and Sector16. The advisory recommends reducing internet exposure of OT assets, adopting mature asset-management and mapping practices, and enforcing robust authentication.

⚠️ U-Boot contains an improper access control vulnerability in volatile memory holding boot code (CVE-2025-24857) affecting all U-Boot versions prior to 2017.11 and several Qualcomm SoCs. Successful exploitation could allow arbitrary code execution; CISA reports a CVSS v4 base score of 8.6 with low attack complexity. Vendors advise upgrading to v2025.4, ensuring physical device security, and contacting Qualcomm support where appropriate.

🚨 CISA added CVE-2021-26828 — an OpenPLC ScadaBR unrestricted file upload vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The flaw allows dangerous file types to be uploaded, a frequent attack vector that poses significant risks to federal networks. Under BOD 22-01 federal agencies must remediate cataloged CVEs by required dates; CISA also urges all organizations to prioritize remediation.

⚠️ Mirion Medical's EC2 Software NMIS BioDose versions prior to 23.0 contain multiple high-severity vulnerabilities (CVSS v4: 8.7) that are remotely exploitable and can enable code execution, data disclosure, and unauthorized access. The issues include incorrect permission assignment, client-side authentication, and hard-coded credentials affecting installed executables, the embedded SQL Server, and database accounts. Mirion recommends updating to v23.0 or later; CISA advises isolating control networks, minimizing exposure, and using secure remote access while performing impact analysis.

🛡️ CISA released five Industrial Control Systems (ICS) advisories detailing vulnerabilities, impacts, and recommended mitigations for affected products. Affected vendors include Industrial Video & Control (Longwatch), Iskra (iHUB/iHUB Lite), Mirion Medical (EC2 NMIS BioDose), and two updates for Mitsubishi Electric products. Administrators and operators are urged to review the advisories and apply recommended mitigations promptly to reduce operational and safety risks.

🔒 CISA reports a high‑severity Missing Authentication for Critical Function vulnerability (CVE-2025-13510) affecting all versions of Iskra’s iHUB and iHUB Lite smart metering gateways, where the web management interface requires no credentials. With a CVSS v4 base score of 9.3, an unauthenticated remote attacker could reconfigure devices, update firmware, and manipulate connected systems. Iskra did not respond to coordination requests; CISA recommends isolating devices from the Internet, placing them behind firewalls, and using secure remote access methods such as VPNs while recognizing their limitations.

⚠️ CISA released six Industrial Control Systems (ICS) Advisories on 20 November 2025 to inform operators and administrators about current security issues, vulnerabilities, and potential exploits affecting ICS products. The advisories cover affected products including Automated Logic WebCTRL Premium Server, ICAM365 CCTV camera models, Opto 22 GRV‑EPIC/GRV‑RIO, Festo MSE6 and Festo Didactic lines, and Emerson Appleton UPSMON‑PRO. Administrators are encouraged to review each advisory for technical details and mitigations and to apply vendor guidance promptly to reduce operational and safety risk.

⚠ A vulnerability in Shelly Pro 4PM (CVE-2025-11243) can cause device reboots and denial-of-service conditions. Due to insufficient input bounds checking in the device's JSON parser, specially crafted RPC requests can trigger memory overallocation and force a reboot. Devices running firmware prior to v1.6 are affected; CISA notes the exploit is reachable from adjacent networks with low attack complexity. Operators should update to v1.6.0 or later and limit network exposure.

🔔 CISA released six Industrial Control Systems (ICS) advisories detailing current security issues, vulnerabilities, and potential exploits affecting multiple vendors and products. The advisories cover Schneider Electric products (including EcoStruxure Machine SCADA Expert, Pro-face BLUE Open Studio, and PowerChute Serial Shutdown), Shelly Pro devices, and METZ CONNECT hardware. One advisory is an update (B) to a prior Schneider Electric notice. Users and administrators are encouraged to review the technical details and apply recommended mitigations promptly.

🔔 CISA released four Industrial Control Systems (ICS) advisories covering Advantech DeviceOn iEdge, Ubia Ubox, ABB FLXeon Controllers, and an update for Hitachi Energy Asset Suite. Each advisory provides technical details on identified vulnerabilities and recommended mitigations. Users and administrators are urged to review the advisories and apply mitigations promptly.

⚠ ABB FLXeon devices are affected by multiple high-severity vulnerabilities, including hard-coded credentials, MD5 password hashing without proper salt, and improper input validation that can enable remote code execution. Combined CVSS v4 scores reach up to 8.7 and successful exploitation could allow remote control, arbitrary code execution, or device crashes. ABB and CISA advise disconnecting Internet-exposed units, applying the latest firmware, enforcing physical access controls, and using secure remote-access methods such as properly configured VPNs.

🔍 Falcon for XIoT introduces zero-touch asset discovery, native segmentation visibility, and a unified OT/XIoT view to reduce blind spots across industrial networks. The solution leverages DHCP data and the existing Falcon sensor to build continuous, agentless inventories and to monitor inter-device traffic without manual scan configuration. These enhancements aim to accelerate detection, simplify operations, and provide richer context for faster security decisions across IT, OT, and XIoT environments.