CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) released five Industrial Control Systems (ICS) advisories on March 20, 2025, providing critical information about security vulnerabilities affecting industrial control systems across multiple vendors. 

These advisories offer essential guidance on mitigations for vulnerabilities that could potentially impact critical infrastructure sectors worldwide.

Overview of the Advisories

ICSA-25-079-01: Schneider Electric EcoStruxure™

CVE-2025-0327 describes an improper privilege management vulnerability found within Schneider Electric’s EcoStruxure™ Process Expert software. 

This security flaw has been assigned a CVSS v4 base score of 8.5, indicating a high severity.

The vulnerability affects multiple versions of the software, specifically 2020R2, 2021, and 2023, and remains present in versions prior to v4.8.0.5715. 

Therefore, users operating any of these earlier versions are at risk and should update to the patched version as soon as possible to mitigate the potential exploitation of this vulnerability.

ICSA-25-079-02: Schneider Electric Enerlin’X IFE and eIFE

The advisory includes three distinct vulnerabilities, CVE-2025-0816, CVE-2025-0815, and CVE-2025-0814, which have been identified, all stemming from improper input validation. 

CVE-2025-0816 relates to improper input validation within IPv6 packets, and has been assigned a CVSS v4 base score of 7.1, indicating a high severity. 

Similarly, CVE-2025-0815 also carries a CVSS v4 base score of 7.1 and pertains to improper input validation within ICMPv6 packets. 

Finally, CVE-2025-0814 involves improper input validation of IEC61850-MMS packets, with a CVSS v4 base score of 6.9, which is also considered high.

These vulnerabilities collectively highlight potential weaknesses in the handling of network traffic, where inadequate validation of incoming packets could lead to security breaches.

ICSA-25-079-03: Siemens Simcenter Femap

ICSA-25-079-03 details a security vulnerability within Siemens Simcenter Femap. Specifically, CVE-2025-25175 identifies an “improper restriction of operations within the bounds of a memory buffer.” 

This flaw can potentially lead to memory corruption or other unintended behaviors. The vulnerability has been assigned a CVSS v4 base score of 7.3, indicating a high severity. 

The affected versions are those prior to V2401.0003 and V2406.0002. 

Users of older versions of Siemens Simcenter Femap are strongly advised to update to a patched version to mitigate the risk posed by this vulnerability.

ICSA-25-079-04: SMA Sunny Portal

CVE-2025-0731 describes a security vulnerability characterized by the “unrestricted upload of file with dangerous type.” 

This flaw allows users to upload files of potentially harmful types, which could lead to various security risks, such as remote code execution or other malicious activities. 

The vulnerability has been assigned a CVSS v4 base score of 6.9, indicating a significant level of concern. Critically, this vulnerability affects all versions of the software released before December 19, 2024. 

Therefore, any system running a version prior to this date is susceptible to exploitation and requires immediate patching or updating to a secure version.

ICSMA-25-079-01: Santesoft Sante DICOM Viewer Pro

CVE-2025-2480 designates an out-of-bounds write vulnerability, a critical security flaw that can lead to memory corruption and potential code execution.

This vulnerability has been assigned a CVSS v4 base score of 8.4, indicating a high severity. The affected versions are 14.1.2 and all prior releases.

Consequently, any system running these versions is at risk and should be updated to a patched version to prevent potential exploitation of this out-of-bounds write vulnerability.

These advisories continue CISA’s ongoing efforts to address vulnerabilities in industrial control systems.

Earlier this month, CISA released seven ICS advisories on March 18, 2025, and thirteen advisories on March 13, 2025, highlighting the agency’s commitment to securing critical infrastructure.

CISA strongly encourages users and administrators to review these advisories for technical details and implement recommended mitigations promptly. 

Industrial control systems often support critical infrastructure, making these vulnerabilities potential targets for threat actors seeking to disrupt essential services.

Organizations using the affected products should promptly evaluate their exposure, prioritize patching based on risk assessment, and implement required mitigations to prevent exploitation of these vulnerabilities.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free