CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has released thirteen critical Industrial Control Systems (ICS) advisories on July 10, 2025, highlighting significant vulnerabilities affecting major industrial automation vendors.

This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors.

The advisories reveal widespread security flaws in systems manufactured by prominent vendors including Siemens, Delta Electronics, Advantech, KUNBUS, and IDEC.

These vulnerabilities present serious risks to operational technology environments, potentially allowing unauthorized access to critical infrastructure systems.

The affected products span various industrial applications, from Siemens’ SINEC network management systems to specialized railroad communication protocols, indicating the broad scope of potential threats facing industrial operations.

CISA analysts identified these vulnerabilities through ongoing security assessments and coordination with affected vendors.

The security flaws demonstrate sophisticated attack patterns that could enable threat actors to compromise industrial control systems through multiple entry points.

These vulnerabilities particularly threaten systems managing power distribution, manufacturing processes, and transportation networks.

The most concerning aspect involves the attack vectors targeting network management interfaces and human-machine interface (HMI) systems.

Specifically, the Siemens SINEC NMS and TIA Portal vulnerabilities (ICSA-25-191-01 and ICSA-25-191-05) expose network configuration systems to potential exploitation.

These systems typically operate with elevated privileges, making successful attacks particularly dangerous as they could provide attackers with comprehensive network access and control capabilities.

The infection mechanisms primarily leverage weak authentication protocols and insufficient input validation in web-based management interfaces.

Attackers can exploit these weaknesses through crafted HTTP requests that bypass security controls, potentially executing arbitrary code on target systems.

The persistence tactics involve modifying system configurations to maintain access even after system restarts, making detection and remediation challenging for security teams.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now