The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5).
Multiple flaws in Schneider Electric Modicon M340 controllers (CVSS v4 scores up to 9.1), and several issues in Danfoss AK-SM 8xxA Series drives (CVSS v3.1 scores up to 9.0). Immediate mitigations are urged to prevent remote code execution and unauthorized access.
INVT VT-Designer and HMITool Vulnerabilities
The first advisory (ICSA-25-238-01) covers nine memory-corruption and type-confusion flaws in INVT’s VT-Designer 2.1.13 and HMITool 7.1.011. Exploitation requires user interaction but can yield arbitrary code execution at high privileges:
- CVE-2025-7223 through CVE-2025-7226: Out-of-bounds write in HMITool (CVSS v3.1 7.8; CVSS v4 8.5)
- CVE-2025-7227 through CVE-2025-7229, CVE-2025-7231: Out-of-bounds write in VT-Designer (CVSS v3.1 7.8; CVSS v4 8.5)
- CVE-2025-7230: Type-confusion in VT-Designer (CVSS v3.1 7.8; CVSS v4 8.5)
These vulnerabilities impact critical infrastructure sectors worldwide, including Energy, IT, Transportation, and Manufacturing.
CISA urges network segmentation, firewall isolation, VPN hardening, and strict access controls to mitigate risk.
Schneider Electric Modicon M340 Controller Flaws
The second advisory (ICSA-25-238-03) identifies remote-accessible buffer overflows and improper access control in Schneider Electric Modicon M340 controllers and communication modules. Key CVEs include:
- CVE-2025-7241, CVE-2025-7242: Stack-based buffer overflow in Ethernet port handler (CVSS v3.1 8.3; CVSS v4 9.1)
- CVE-2025-7243: Heap-based overflow via malformed Modbus packets (CVSS v3.1 8.6; CVSS v4 9.0)
- CVE-2025-7244: Improper authentication bypass on web management interface (CVSS v3.1 7.5; CVSS v4 8.2)
Successful exploitation can allow unauthorized code execution or configuration changes, posing significant operational risks.
Vendors have released firmware updates; users must validate firmware versions ≥ 2.3.5-B for M340 CPU and modules.
Danfoss AK-SM 8xxA Series Drive Vulnerabilities
The third advisory (ICSA-25-140-03 Update A) covers multiple vulnerabilities in Danfoss AK-SM 8xxA Series variable-frequency drives. Notable CVEs are:
- CVE-2025-7310: Out-of-bounds read in Modbus/TCP parser (CVSS v3.1 7.2)
- CVE-2025-7311: Improper input validation in serial interface (CVSS v3.1 6.8)
- CVE-2025-7312: Authentication bypass in FTP management module (CVSS v3.1 7.9)
These could enable remote monitoring or alteration of drive parameters, affecting industrial operations. Danfoss released firmware patch 1.12.0 addressing all issues; immediate updates are recommended.
CISA strongly advises asset owners to apply vendor patches, isolate ICS networks, enforce least-privilege access, and monitor for exploit attempts. Detailed mitigations and best practices are available on the CISA ICS webpage.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
