The Cybersecurity and Infrastructure Security Agency (CISA) has released nine Industrial Control Systems (ICS) advisories on April 15, 2025, addressing significant security vulnerabilities in products from major industrial manufacturers including Siemens, Delta Electronics, ABB, and Mitsubishi Electric. Successful exploitation of these vulnerabilities could allow an attacker to stop the product, make it inaccessible, take remote control of it, or insert and run arbitrary code. Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices. The advisory covers the Siemens Mendix Runtime and highlights CVE-2025-30280, a vulnerability that could allow unauthenticated, remote attackers to enumerate all valid entities and attribute names due to distinguishable responses in certain client actions. The advisory includes missing authentication for critical function CVE-2025-2567, that could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. The advisory highlights multiple vulnerabilities in Growatt Cloud Applications such as cross-site scripting, Authorization bypass through user-controlled key, insufficient type distinction, external control of system or configuration setting. The advisory discusses the multiple ABB M2M Gateway vulnerabilities including Integer Overflow, Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write and much more. CVE VulnerabilitiesEach advisory includes specific Common Vulnerabilities and Exposures (CVE) identifiers, providing technical details crucial for system administrators and cybersecurity professionals.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 11:05:11 +0000