The Cybersecurity and Infrastructure Security Agency released five critical Industrial Control Systems advisories on December 2, 2025, addressing significant security threats across industrial environments.
These advisories cover vulnerabilities and active exploits affecting systems used in manufacturing, power generation, and medical device operations worldwide.
The timing of this release highlights growing concerns about the targeted nature of industrial control system attacks and their potential to disrupt essential infrastructure.
Industrial control systems operate the backbone of critical infrastructure, managing everything from power plants to water treatment facilities and medical equipment.
When vulnerabilities emerge in these systems, they create pathways for attackers to access sensitive operational technology networks. The five advisories released by CISA target vendors including Mitsubishi Electric, Iskra, and Mirion Technologies, affecting a broad spectrum of industrial equipment deployed globally.
Organizations using these systems face the challenge of deploying security updates while maintaining continuous operations, a delicate balance that makes these warnings particularly urgent.
CISA security analysts identified multiple exploitation attempts targeting some of the affected systems, indicating that attackers are actively leveraging these vulnerabilities in real-world scenarios.
The advisories include coverage of Industrial Video & Control Longwatch systems, Iskra iHUB platforms, and Mirion Medical EC2 software used in radiation dose tracking applications.
Additionally, updates were provided for previously disclosed vulnerabilities in Mitsubishi Electric’s CNC Series and MELSEC iQ-R Series products, suggesting ongoing evolution in attack tactics.
Vulnerability Exploitation and Attack Surface
The vulnerabilities identified span authentication bypasses, remote code execution flaws, and improper input validation issues.
Attackers exploit these weaknesses by sending specially crafted requests to targeted systems, potentially gaining unauthorized access to critical operational functions.
For organizations operating these systems, understanding the attack surface is essential.
Network segmentation becomes crucial, ensuring that vulnerable systems remain isolated from external internet connectivity whenever possible.
CISA encourages administrators to implement the recommended mitigations immediately, including applying security patches, enforcing strong authentication mechanisms, and deploying network monitoring solutions to detect suspicious activities.
| Advisory ID | Vendor | Product | CVE | Vulnerability Type | CVSS v3.1 | CVSS v4 | Affected Versions | Risk Description | Exploitation |
|---|---|---|---|---|---|---|---|---|---|
| ICSA-25-336-01 | Industrial Video & Control | Longwatch | CVE-2025-13658 | Improper Control of Generation of Code (Code Injection) | 9.8 | 9.3 | 6.309 to 6.334 | Remote code execution with SYSTEM-level privileges | Remotely exploitable with low attack complexity |
| ICSA-25-336-02 | Iskra | iHUB and iHUB Lite | CVE-2025-13510 | Missing Authentication for Critical Function | 9.1 | 9.3 | All Versions | Device reconfiguration, firmware updates, system manipulation without credentials | Remotely exploitable with low attack complexity |
| ICSMA-25-336-01 | Mirion Medical | EC2 Software NMIS BioDose | CVE-2025-64642 | Incorrect Permission Assignment for Critical Resource | 8.0 | 7.1 | Prior to 23.0 | Modification of program executables and libraries | Locally exploitable with low attack complexity |
| ICSMA-25-336-01 | Mirion Medical | EC2 Software NMIS BioDose | CVE-2025-64298 | Incorrect Permission Assignment for Critical Resource | 8.4 | 8.6 | Prior to 23.0 | Unauthorized access to SQL Server database and configuration files | Locally exploitable with low attack complexity |
| ICSMA-25-336-01 | Mirion Medical | EC2 Software NMIS BioDose | CVE-2025-61940 | Use of Client-Side Authentication | 8.3 | 8.7 | Prior to 23.0 | Unauthorized database access and data modification | Network exploitable requiring low privilege |
| ICSMA-25-336-01 | Mirion Medical | EC2 Software NMIS BioDose | CVE-2025-64778 | Use of Hard-coded Credentials | 7.3 | 8.4 | Prior to 23.0 | Unauthorized application and database access | Locally exploitable by low privilege user |
| ICSMA-25-336-01 | Mirion Medical | EC2 Software NMIS BioDose | CVE-2025-62575 | Incorrect Permission Assignment for Critical Resource | 8.3 | 8.7 | Prior to 23.0 | Remote code execution through database stored procedures | Network exploitable requiring low privilege |
| ICSA-25-201-01 | Mitsubishi Electric | CNC Series | CVE-2016-2542 | Uncontrolled Search Path Element | 7.0 | N/A | Multiple versions | Malicious code execution via DLL hijacking | Locally exploitable with user interaction required |
| ICSA-23-157-02 | Mitsubishi Electric | MELSEC iQ-R/iQ-F Series | CVE-2023-2060 | Weak Password Requirements | 7.5 | 8.7 | RJ71EIP91, FX5-ENET/IP all versions | FTP authentication bypass via dictionary attack | Remotely exploitable with low attack complexity |
| ICSA-23-157-02 | Mitsubishi Electric | MELSEC iQ-R/iQ-F Series | CVE-2023-2061 | Use of Hard-coded Credentials | 6.2 | 6.9 | RJ71EIP91, FX5-ENET/IP all versions | FTP authentication bypass with hard-coded password | Locally exploitable with low attack complexity |
| ICSA-23-157-02 | Mitsubishi Electric | MELSEC iQ-R/iQ-F Series | CVE-2023-2062 | Missing Password Field Masking | 6.2 | 6.9 | SW1DNN-EIPCT-BD, SW1DNN-EIPCTFX5-BD v1.01B and prior | Authentication bypass through password disclosure | Locally exploitable with low attack complexity |
| ICSA-23-157-02 | Mitsubishi Electric | MELSEC iQ-R/iQ-F Series | CVE-2023-2063 | Unrestricted Upload of File with Dangerous Type | 6.3 | 5.3 | RJ71EIP91, FX5-ENET/IP all versions | Information disclosure and data tampering via FTP | Network exploitable requiring low privilege |
Organizations should prioritize patching systems identified in the advisories, particularly those connected to production environments where operational disruption could affect public safety and economic stability.
The release demonstrates CISA’s commitment to protecting industrial infrastructure through timely disclosure and actionable guidance.
These advisories serve as blueprints for defensive measures, helping organizations strengthen their security posture against determined threat actors targeting industrial systems.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
