CyberSecurityBoard
Sponsor Register Login

CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits

This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors. The Cybersecurity and Infrastructure Security Agency (CISA) has released thirteen critical Industrial Control Systems (ICS) advisories on July 10, 2025, highlighting significant vulnerabilities affecting major industrial automation vendors. The security flaws demonstrate sophisticated attack patterns that could enable threat actors to compromise industrial control systems through multiple entry points. The affected products span various industrial applications, from Siemens’ SINEC network management systems to specialized railroad communication protocols, indicating the broad scope of potential threats facing industrial operations. The advisories reveal widespread security flaws in systems manufactured by prominent vendors including Siemens, Delta Electronics, Advantech, KUNBUS, and IDEC. These systems typically operate with elevated privileges, making successful attacks particularly dangerous as they could provide attackers with comprehensive network access and control capabilities. The most concerning aspect involves the attack vectors targeting network management interfaces and human-machine interface (HMI) systems. Attackers can exploit these weaknesses through crafted HTTP requests that bypass security controls, potentially executing arbitrary code on target systems. These vulnerabilities present serious risks to operational technology environments, potentially allowing unauthorized access to critical infrastructure systems. Specifically, the Siemens SINEC NMS and TIA Portal vulnerabilities (ICSA-25-191-01 and ICSA-25-191-05) expose network configuration systems to potential exploitation. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Jul 2025 17:20:13 +0000


Cyber News related to CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits - This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors. ...
3 days ago Cybersecuritynews.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
9 months ago Therecord.media
Ethercat Zeek Plugin - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow remote code execution. Industrial Control Systems Network Protocol Parsers - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their ...
1 year ago Cisa.gov CVE-2023-7244 CVE-2023-7243 CVE-2023-7242
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family - As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT ...
1 year ago Cisa.gov CVE-2023-44317 CVE-2023-49692
Recapping Cisco industrial IoT's journey: A year of security, simplification and innovation - In this blog, we'll take a look back at the key topics and trends that defined the industrial IoT journey in 2023. Empowering our industrial customers to digitize and secure operations at the same time has been prevalent in every conversation this ...
1 year ago Feedpress.me
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
Rockwell Automation FactoryTalk Activation - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system. Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the ...
1 year ago Cisa.gov CVE-2023-38545 CVE-2023-3935
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS - Additional vulnerabilities documented in the advisory include an improper limitation of pathname to a restricted directory (CVE-2024-3980), commonly known as path traversal vulnerability, along with authentication bypass (CVE-2024-3982), missing ...
3 months ago Cybersecuritynews.com CVE-2024-3980
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
CVE-2024-54092 - A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 ...
3 months ago
CISA orders federal agencies to patch Looney Tunables Linux bug - Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. Dubbed 'Looney Tunables' by Qualys' Threat Research Unit and ...
1 year ago Bleepingcomputer.com CVE-2023-4911 CVE-2023-46604
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
9 months ago Cisa.gov CVE-2024-41925 CVE-2024-45367
Commend WS203VICM - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart. A remote, unauthenticated attacker may be able to send crafted messages to the web server of the ...
1 year ago Cisa.gov CVE-2024-22182 CVE-2024-21767 CVE-2024-23492
alpitronic Hypercharger EV Charger - RISK EVALUATION. Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data. If misconfigured, the charging devices can expose a web interface protected by ...
1 year ago Cisa.gov
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
1 year ago Darkreading.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Delta Electronics InfraSuite Device Master - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote code execution. Delta Electronics InfraSuite Device Master contains a deserialization of untrusted data vulnerability because it runs a version of Apache ActiveMQ which ...
1 year ago Cisa.gov CVE-2023-46604
CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits - The Cybersecurity and Infrastructure Security Agency (CISA) released five Industrial Control Systems (ICS) advisories on March 20, 2025, providing critical information about security vulnerabilities affecting industrial control systems across ...
3 months ago Cybersecuritynews.com CVE-2025-2480
Franklin Electric Fueling Systems Colibri - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. The discontinued FFS Colibri product allows a remote user to access files on the system including files containing ...
1 year ago Cisa.gov CVE-2023-5885
Mitsubishi Electric FA Engineering Software Products - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow a malicious attacker to disclose information in the affected products. For the correspondence table of the affected products and each vulnerability, refer to Mitsubishi ...
1 year ago Cisa.gov CVE-2022-21151 CVE-2021-33149
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)