CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB. 

These advisories, published on April 22, 2025, provide detailed information on security flaws, associated Common Vulnerabilities and Exposures (CVEs), and recommended mitigations for affected organizations.

Siemens TeleControl Server Basic SQL (ICSA-25-112-01)

This advisory identifies multiple SQL injection vulnerabilities in Siemens TeleControl Server Basic SQL, exposing systems to unauthorized database access and potential code execution. 

The vulnerabilities are present in several internal methods, including CreateTrace CVE-2025-27495  (CVSS v3.1: 9.8), VerifyUser CVE-2025-27539 (CVSS v3.1: 9.8), UpdateConnectionVariables CVE-2025-30002 (CVSS v3.1: 8.8), ImportDatabase CVE-2025-30030 (CVSS v3.1: 8.8), and LockProject CVE-2025-32822 (CVSS v3.1: 8.8). 

Each vulnerability allows attackers to bypass authorization controls and manipulate the application’s database.

Siemens TeleControl Server Basic (ICSA-25-112-02)

A separate advisory for Siemens TeleControl Server Basic highlights a vulnerability  CVE-2025-29931 (CVSS v3.1: 3.7) related to improper handling of length parameter inconsistency. 

This flaw can result in a partial denial-of-service (DoS) condition if exploited in redundant server setups where the connection between servers is disrupted.

Schneider Electric Wiser Home Controller WHC-5918A (ICSA-25-112-03)

This advisory details an information exposure vulnerability CVE-2024-6407 (CVSS v3.1: 9.8) in the Wiser Home Controller WHC-5918A. 

Exploitation could allow remote attackers to disclose sensitive credentials by sending specially crafted messages to the device.

ABB MV Drives (ICSA-25-112-04) 

ABB MV Drives are affected by a series of vulnerabilities in the CODESYS Runtime System, including improper restriction of operations within memory buffers, improper input validation, and out-of-bounds write conditions. 

These vulnerabilities could allow attackers to gain full access or cause a denial-of-service.

Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC (ICSA-25-035-04, Update A)

This advisory, updated in April, addresses an incorrect calculation of buffer size vulnerability tracked as CVE-2024-11425 (CVSS v3.1: 7.5) in Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC devices. Exploitation could result in denial-of-service via crafted HTTPS packets.

These vulnerabilities could allow attackers to slip maliciously crafted packets through unpatched firmware, potentially disrupting critical automation processes in manufacturing, energy, and transportation sectors.

Mitigation Strategies

CISA emphasizes several key recommendations for organizations utilizing affected systems:

• Implement rigorous firmware patching procedures.
• Segment control system networks from business networks.
• Minimize network exposure of control system devices.
• Keep firmware updated on all connected devices.
• Monitor systems continuously for suspicious activities.

Organizations utilizing any of the affected components should prioritize security updates according to their risk assessment protocols and implement recommended mitigations without delay.

The post CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits appeared first on Cyber Security News.