CISA issued four comprehensive Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting serious vulnerabilities affecting critical infrastructure sectors including energy and manufacturing.
These advisories detail exploitable vulnerabilities with CVSS scores ranging from 5.8 to 9.8, requiring immediate attention from system administrators and security professionals.
Key Takeaways
1. CISA issued four ICS advisories for Siemens, Tigo Energy, and EG4 systems affecting critical infrastructure.
2. Critical vulnerabilities (CVSS up to 9.8) enable remote attacks and system compromise.
3. Update immediately - Apply vendor patches and implement network segmentation.
Critical Siemens Vulnerabilities
Two significant Siemens advisories were released addressing distinct attack vectors. Advisory ICSA-25-231-01 covers the Desigo CC Product Family and SENTRON Powermanager, identifying a least privilege violation (CWE-272) vulnerability tracked as CVE-2025-47809 with a CVSS v3.1 score of 8.2.
This vulnerability affects Wibu CodeMeter components across multiple product versions (V5.0 through V8), enabling privilege escalation through the CodeMeter Control Center component immediately after installation.
The second Siemens advisory, ICSA-25-231-02, addresses the Mendix SAML Module with a more severe improper verification of cryptographic signature (CWE-347) vulnerability.
CVE-2025-40758 carries a CVSS v3.1 score of 8.7 and enables unauthenticated remote attackers to hijack accounts in specific Single Sign-On (SSO) configurations.
The vulnerability affects multiple Mendix versions, with patches available requiring updates to V3.6.21, V4.0.3, or V4.1.2 depending on the deployment.
Tigo and EG4 Infrastructure Vulnerabilities
The energy sector faces particularly severe threats with two advisories targeting solar energy infrastructure.
ICSA-25-217-02 addresses Tigo Energy’s Cloud Connect Advanced devices with three critical vulnerabilities: hard-coded credentials (CWE-798), command injection (CWE-77), and predictable PRNG seeds (CWE-337).
CVE-2025-7768 received the highest CVSS v4 score of 9.3, while CVE-2025-7769 and CVE-2025-7770 both scored 8.7.
EG4 Electronics inverters, covered in advisory ICSA-25-219-07, present four distinct vulnerabilities including cleartext transmission (CWE-319), firmware integrity issues (CWE-494), observable discrepancies (CWE-203), and authentication bypass (CWE-307).
The most critical, CVE-2025-46414, achieved a CVSS v4 score of 9.2, though EG4 deployed server-side fixes for some vulnerabilities in April 2025.
Mitigations
Siemens requires CodeMeter updates to version 8.30a and enables UseEncryption configurations for SAML modules.
Tigo Energy is developing comprehensive fixes, while EG4 has implemented server-side patches and plans new hardware releases by October 15, 2025.
CISA emphasizes implementing defense-in-depth strategies, including network segmentation, VPN-secured remote access, and firewall isolation.
Organizations should prioritize impact analysis and risk assessment before deploying defensive measures, while monitoring for suspicious activity and reporting incidents to CISA for correlation analysis.
No public exploitation has been reported for these specific vulnerabilities, providing a critical window for remediation efforts.
Safely detonate suspicious files to uncover threats, enrich your investigations, and cut incident response time. Start with an ANYRUN sandbox trial →
Source link
