CISA Releases Two Advisories Covering Vulnerabilities, and Exploits Surrounding ICS

CISA released two urgent Industrial Control Systems (ICS) advisories on August 5, 2025, addressing significant security vulnerabilities in critical manufacturing and energy sector systems. 

These advisories detail exploitable flaws that could compromise industrial operations and potentially disrupt essential services across multiple sectors.

Key Takeaways
1. CISA warns of security flaws in Mitsubishi Electric and Tigo Energy ICS products.
2. Tigo Energy vulnerabilities allow remote exploits; Mitsubishi risk enables information tampering.
3. Urgent action is needed.

Mitsubishi Electric Systems 

CISA advisory ICSA-25-217-01 identifies a Windows Shortcut Following vulnerability (CWE-64) affecting multiple Mitsubishi Electric Iconics Digital Solutions products, including GENESIS64 (all versions), GENESIS (version 11.00), and Mitsubishi Electric MC Works64 (all versions). 

The vulnerability, assigned CVE-2025-7376 with a CVSS v3.1 base score of 5.9, enables information tampering through symbolic link manipulation.

The vulnerability allows attackers with low-privileged code execution capabilities to create symbolic links that cause elevated processes to perform unauthorized writes to arbitrary file system locations. 

This exploitation method can result in denial-of-service (DoS) conditions if critical system files are modified. The attack vector requires local access with low attack complexity, making it particularly concerning for systems with multiple user access points.

Mitsubishi Electric has released GENESIS Version 11.01 as a remediation measure, and administrators are strongly encouraged to implement strict access controls, including administrator-only login configurations and firewall restrictions.

Tigo Energy Cloud Systems 

The second advisory, ICSA-25-217-02, reveals three severe vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) device affecting versions 4.0.1 and prior. 

These vulnerabilities present a significantly higher risk profile, with the most critical receiving a CVSS v4 score of 9.3.

CVE-2025-7768 exposes hard-coded credentials (CWE-798) that provide unauthorized administrative access, enabling complete device compromise. 

CVE-2025-7769 identifies a command injection vulnerability (CWE-77) in the /cgi-bin/mobile_api endpoint’s DEVICE_PING command, allowing remote code execution. 

CVE-2025-7770 reveals predictable session ID generation (CWE-337) using timestamp-based methods, facilitating unauthorized access to sensitive device functions.

These vulnerabilities collectively enable attackers to gain full system control, modify solar energy production settings, disrupt safety mechanisms, and expose sensitive operational data. 

The remote exploitability of these flaws makes them particularly dangerous for energy sector infrastructure.

Mitigations

CISA emphasizes implementing defense-in-depth strategies, including network isolation, firewall deployment, and VPN-secured remote access. 

Organizations are advised to conduct thorough impact assessments before implementing defensive measures and maintain updated security patches.

Both vendors are actively addressing these vulnerabilities, with Mitsubishi Electric providing immediate patches and Tigo Energy developing comprehensive fixes. 

CISA reports no known public exploitations targeting these specific vulnerabilities at this time, but recommends immediate action given the critical nature of affected systems.

Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial