The Cybersecurity and Infrastructure Security Agency (CISA) has released nine advisories targeting security vulnerabilities in Industrial Control Systems (ICS).
These vulnerabilities pose significant risks, including denial of service (DoS), information disclosure, and even remote code execution.
Organizations using ICS technologies are urged to immediately address these vulnerabilities to avoid potential exploitation.
1. Western Telematic Inc NPS, DSM, CPM Series
CVE-2025-0630 – Western Telematic Inc’s equipment is affected by a Local File Inclusion (LFI) vulnerability stemming from external control of file names or paths (CWE-73). Authenticated users can exploit this flaw to gain privileged access to device files.
Successful exploitation could allow attackers to access sensitive files within the system, jeopardizing data confidentiality.
Affected products include Network Power Switch (NPS Series), Console Server (DSM Series), and Console Server + PDU Combo Unit (CPM Series), all running firmware version 6.62 and prior.
2. Rockwell Automation 1756-L8zS3 and 1756-L3zS3
CVE-2025-24478 – Improper handling of exceptional conditions (CWE-755) in Rockwell Automation products can lead to a denial-of-service (DoS) scenario.
Attackers can exploit this vulnerability remotely by sending malicious requests, resulting in a major system fault.
Devices affected include 1756-L8zS3 and 1756-L3zS3 controllers running specific firmware versions earlier than V33.017 to V36.011. Exploitation could cause significant downtime, disrupting operations.
3. Elber Communications Equipment
CVE-2025-0674 – An authentication bypass vulnerability (CWE-288) has been identified in several Elber products. Attackers can exploit this flaw to gain administrative access by manipulating the password management system.
Exploitation risks include complete control of affected devices, making this a critical issue. Affected products include DVB-S/S2 IRDs, Cleber/3 Broadcast platforms, ESE Satellite Receivers, and others.
4. Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC
CVE-2024-11425 – An incorrect calculation of buffer size (CWE-131) vulnerability affects Schneider Electric Modicon M580 PLCs and other devices. Unauthenticated attackers can exploit this flaw remotely by sending crafted HTTPS packets.
This vulnerability could lead to denial-of-service conditions or service outages. Affected products include Modicon M580 CPUs, BMENOR2200H, and EVLink Pro AC chargers from various versions.
5. Schneider Electric Web Designer for Modicon
CVE-2024-12476 – A flaw related to improper restriction of XML external entities (CWE-611) in Schneider Electric’s Web Designer software may allow attackers to execute remote code or disclose sensitive information.
This vulnerability affects all versions of Web Designer for Modicon products, potentially compromising workstation integrity and running malicious configurations.
6. Schneider Electric Modicon M340 and BMX Series
CVE-2024-12142 – An exposure of sensitive information to an unauthorized actor (CWE-200) has been identified in Schneider Electric’s Modicon M340 and BMX series devices. This flaw allows attackers to access restricted web pages or disrupt system operations.
The vulnerability impacts multiple Modicon processors and BMX modules, including BMXNOE and BMXNOR devices, with various firmware versions.
7. Schneider Electric Pro-face GP-Pro EX and Remote HMI
CVE-2024-12399 – The Pro-face GP-Pro EX and Remote HMI software are vulnerable to improper enforcement of message integrity (CWE-924), which could enable man-in-the-middle (MITM) attacks.
Exploitation risks include partial loss of data confidentiality and integrity. All versions of these products are affected, with no mitigations specified.
8. AutomationDirect C-more EA9 HMI
CVE-2025-0960 – AutomationDirect’s C-more EA9 HMI devices suffer from a classic buffer overflow vulnerability (CWE-120). Attackers can use this flaw to achieve either remote code execution or denial-of-service conditions.
All affected devices, including various models of C-more EA9 HMIs running firmware v6.79 and earlier, should be updated immediately.
9. Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium
Ashlar-Vellum software products are at risk due to vulnerabilities including out-of-bounds writes (CWE-787), heap-based buffer overflow (CWE-122), and out-of-bounds reads (CWE-125). Exploitation can lead to arbitrary code execution.
Affected products include Cobalt, Graphite, Xenon, Argon, Lithium, and Cobalt Share with many versions requiring immediate updates.
CISA’s advisories highlight critical vulnerabilities in a range of ICS technologies used across industries. Each advisory includes detailed technical descriptions, affected products, and associated Common Vulnerabilities and Exposures (CVE) identifiers.
Organizations are advised to act swiftly by reviewing their ICS environments, applying available patches, and implementing recommended mitigation measures.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free