All news with #ics security tag

⚠️ Mitsubishi Electric's MELSEC iQ-F Series CPU modules are affected by a Missing Authentication for Critical Function vulnerability (CVE-2025-7405) in Modbus/TCP that can allow remote attackers to read and write device values and potentially halt program execution. CISA assigns a CVSS v4 base score of 6.9 and notes the issue is remotely exploitable with low attack complexity. Mitsubishi reports many FX5U/FX5UC/FX5UJ/FX5S variants affected and currently has no fixed version planned. Recommended mitigations include network segmentation, VPNs or firewalls, IP filtering, and restricting physical access.

⚠️ Delta Electronics has identified two critical vulnerabilities in COMMGR (v2.9.0 and earlier) — a stack-based buffer overflow (CVE-2025-53418) and a code injection flaw (CVE-2025-53419) — that can enable arbitrary code execution via crafted .isp files. Delta and CISA rate the combined risk as high (CISA lists CVSS v4 8.8) and recommend upgrading to v2.10.0 or later. Additional mitigations include network segmentation, limiting Internet exposure, and using secure remote access methods. CISA reports no known public exploitation at this time.

🛡️ CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting vulnerabilities and potential exploits that could affect operational technology environments. The advisories—ICSA-25-231-01 (Siemens Desigo CC Product Family and SENTRON Powermanager), ICSA-25-231-02 (Siemens Mendix SAML Module), ICSA-25-217-02 (Tigo Energy Cloud Connect Advanced, Update A), and ICSA-25-219-07 (EG4 Electronics EG4 Inverters, Update A)—include technical details and recommended mitigations. Users and administrators are urged to review the advisories and apply vendor guidance and mitigations promptly to reduce exposure.