CyberSecurityBoard
Sponsor Register Login

CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits

This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors. The Cybersecurity and Infrastructure Security Agency (CISA) has released thirteen critical Industrial Control Systems (ICS) advisories on July 10, 2025, highlighting significant vulnerabilities affecting major industrial automation vendors. The security flaws demonstrate sophisticated attack patterns that could enable threat actors to compromise industrial control systems through multiple entry points. The affected products span various industrial applications, from Siemens’ SINEC network management systems to specialized railroad communication protocols, indicating the broad scope of potential threats facing industrial operations. The advisories reveal widespread security flaws in systems manufactured by prominent vendors including Siemens, Delta Electronics, Advantech, KUNBUS, and IDEC. These systems typically operate with elevated privileges, making successful attacks particularly dangerous as they could provide attackers with comprehensive network access and control capabilities. The most concerning aspect involves the attack vectors targeting network management interfaces and human-machine interface (HMI) systems. Attackers can exploit these weaknesses through crafted HTTP requests that bypass security controls, potentially executing arbitrary code on target systems. These vulnerabilities present serious risks to operational technology environments, potentially allowing unauthorized access to critical infrastructure systems. Specifically, the Siemens SINEC NMS and TIA Portal vulnerabilities (ICSA-25-191-01 and ICSA-25-191-05) expose network configuration systems to potential exploitation. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Jul 2025 17:20:13 +0000


Cyber News related to CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits - This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors. ...
5 months ago Cybersecuritynews.com
ICS Advisory (ICSA-25-238-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-238-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
Recapping Cisco industrial IoT's journey: A year of security, simplification and innovation - In this blog, we'll take a look back at the key topics and trends that defined the industrial IoT journey in 2023. Empowering our industrial customers to digitize and secure operations at the same time has been prevalent in every conversation this ...
2 years ago Feedpress.me
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Ethercat Zeek Plugin - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow remote code execution. Industrial Control Systems Network Protocol Parsers - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their ...
1 year ago Cisa.gov CVE-2023-7244 CVE-2023-7243 CVE-2023-7242
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family - As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT ...
2 years ago Cisa.gov CVE-2023-44317 CVE-2023-49692
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
Rockwell Automation FactoryTalk Activation - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system. Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the ...
1 year ago Cisa.gov CVE-2023-38545 CVE-2023-3935
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
CVE-2024-54092 - A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 ...
8 months ago
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS - Additional vulnerabilities documented in the advisory include an improper limitation of pathname to a restricted directory (CVE-2024-3980), commonly known as path traversal vulnerability, along with authentication bypass (CVE-2024-3982), missing ...
8 months ago Cybersecuritynews.com CVE-2024-3980
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
2 years ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-273-04) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to ...
2 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
2 years ago Cisa.gov
ICS Advisory (ICSA-25-296-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-296-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
2 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-261-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released ICS Advisory ICSA-25-261-02 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-252-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-252-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits - The Cybersecurity and Infrastructure Security Agency (CISA) released five Industrial Control Systems (ICS) advisories on March 20, 2025, providing critical information about security vulnerabilities affecting industrial control systems across ...
9 months ago Cybersecuritynews.com CVE-2025-2480
CISA orders federal agencies to patch Looney Tunables Linux bug - Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. Dubbed 'Looney Tunables' by Qualys' Threat Research Unit and ...
2 years ago Bleepingcomputer.com CVE-2023-4911 CVE-2023-46604
Hackers Attacking Industrial Automation Systems With 11,600+ Malware Families - Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructure in the first quarter of 2025. Securelist ...
7 months ago Cybersecuritynews.com
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
1 year ago Darkreading.com
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
1 year ago Cisa.gov CVE-2024-41925 CVE-2024-45367
Commend WS203VICM - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart. A remote, unauthenticated attacker may be able to send crafted messages to the web server of the ...
1 year ago Cisa.gov CVE-2024-22182 CVE-2024-21767 CVE-2024-23492

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)