CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS

The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo. 

These vulnerabilities, with CVSS v4 scores ranging from 5.1 to 9.3, could allow attackers to cause denial of service, execute arbitrary commands, take over devices, or gain unauthorized access. 

The affected systems are deployed in critical infrastructure sectors, including oil and gas, manufacturing, and commercial facilities worldwide, making these vulnerabilities particularly concerning.

ABB RMC-100 (ICSA-25-084-01)

CISA’s first advisory concerns the ABB RMC-100 flow computer used in oil and gas measurement systems. 

The vulnerability (CVE-2022-24999) involves prototype pollution in the web UI (REST interface) with a CVSS v4 score of 8.7. 

Affecting versions 2105457-036 to 2105457-044 of RMC-100 and versions 2106229-010 to 2106229-016 of RMC-100 LITE, an attacker could send specially crafted messages causing a denial of service that requires restarting the interface.

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks

ABB recommends updating to newer versions (RMC-100 Customer Package 2105452-048 or RMC-100 LITE Customer Package 2106260-017) and disabling the REST interface when not configuring MQTT functionality.

Rockwell Automation Verve Asset Manager (ICSA-25-084-02)

The second advisory addresses Rockwell Automation’s Verve Asset Manager, versions 1.39 and prior. 

The vulnerability (CVE-2025-1449, CWE-1287) stems from insufficient variable sanitizing in the administrative web interface for the Legacy Active Directory Interface. 

With a CVSS v4 score of 8.9, an attacker with administrative access could run arbitrary commands in the container running the service. The Legacy ADI capability has been deprecated since version 1.36.

Rockwell Automation has released version 1.40 to address the vulnerability and recommends users implement security best practices, including network isolation and using secure remote access methods.

Rockwell Automation 440G TLS-Z (ICSA-25-084-03)

The third advisory concerns Rockwell Automation’s 440G TLS-Z safety device, version v6.001. The vulnerability (CVE-2020-27212, CWE-74) exists in the STMicroelectronics STM32L4 component, which has incorrect access controls. 

With a CVSS v4 score of 7.3, an attacker with physical access and high technical capability could reverse protections controlling the JTAG interface, potentially leading to a complete device takeover. 

Unlike the other vulnerabilities, this is not remotely exploitable and requires physical access. Rockwell Automation recommends limiting physical access to authorized personnel only and implementing security best practices outlined in their System Security Design Guidelines

Inaba Denki Sangyo CHOCO TEI WATCHER Mini (ICSA-25-084-04)

The fourth advisory reveals multiple vulnerabilities in all versions of the Inaba Denki Sangyo CHOCO TEI WATCHER mini (IB-MCT001), a device used in manufacturing environments. 

The vulnerabilities include client-side authentication (CVE-2025-24517, CVSS v4: 8.7), storing passwords in recoverable format (CVE-2025-24852, CVSS v4: 5.1), weak password requirements (CVE-2025-25211, CVSS v4: 9.3), and forced browsing (CVE-2025-26689, CVSS v4: 9.3). 

These vulnerabilities could allow attackers to obtain passwords, gain unauthorized access, and modify data or settings. 

No patches are available; Inaba Denki Sangyo recommends using the product within a secure LAN, implementing firewalls/VPNs, and restricting physical access to authorized users.

These advisories highlight the ongoing challenges in securing industrial control systems as IT and OT environments converge. 

Mitigation

CISA recommends several common mitigation strategies: promptly applying patches where available (ABB and Rockwell Automation products), implementing network segmentation to isolate critical systems, using secure methods for remote access, and limiting physical access to devices (particularly for the Rockwell 440G TLS-Z). 

For unpatched systems like the CHOCO TEI WATCHER mini, network isolation becomes even more critical. 

Organizations should conduct thorough risk assessments before implementing defensive measures and report any suspected malicious activity to CISA. No public exploitation of these vulnerabilities has been reported at this time.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS appeared first on Cyber Security News.