CyberSecurityBoard
Sponsor Register Login

CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) released five Industrial Control Systems (ICS) advisories on March 20, 2025, providing critical information about security vulnerabilities affecting industrial control systems across multiple vendors. CVE-2025-2480 designates an out-of-bounds write vulnerability, a critical security flaw that can lead to memory corruption and potential code execution. Consequently, any system running these versions is at risk and should be updated to a patched version to prevent potential exploitation of this out-of-bounds write vulnerability. Industrial control systems often support critical infrastructure, making these vulnerabilities potential targets for threat actors seeking to disrupt essential services. Therefore, users operating any of these earlier versions are at risk and should update to the patched version as soon as possible to mitigate the potential exploitation of this vulnerability. This vulnerability has been assigned a CVSS v4 base score of 8.4, indicating a high severity. The affected versions are 14.1.2 and all prior releases. Users of older versions of Siemens Simcenter Femap are strongly advised to update to a patched version to mitigate the risk posed by this vulnerability. These vulnerabilities collectively highlight potential weaknesses in the handling of network traffic, where inadequate validation of incoming packets could lead to security breaches. This security flaw has been assigned a CVSS v4 base score of 8.5, indicating a high severity. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Organizations using the affected products should promptly evaluate their exposure, prioritize patching based on risk assessment, and implement required mitigations to prevent exploitation of these vulnerabilities. The vulnerability has been assigned a CVSS v4 base score of 6.9, indicating a significant level of concern. Earlier this month, CISA released seven ICS advisories on March 18, 2025, and thirteen advisories on March 13, 2025, highlighting the agency’s commitment to securing critical infrastructure.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Mar 2025 07:05:17 +0000


Cyber News related to CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits - The Cybersecurity and Infrastructure Security Agency (CISA) released five Industrial Control Systems (ICS) advisories on March 20, 2025, providing critical information about security vulnerabilities affecting industrial control systems across ...
3 weeks ago Cybersecuritynews.com CVE-2025-2480
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS - Additional vulnerabilities documented in the advisory include an improper limitation of pathname to a restricted directory (CVE-2024-3980), commonly known as path traversal vulnerability, along with authentication bypass (CVE-2024-3982), missing ...
2 weeks ago Cybersecuritynews.com CVE-2024-3980
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family - As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT ...
1 year ago Cisa.gov CVE-2023-44317 CVE-2023-49692
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
6 months ago Therecord.media
Ethercat Zeek Plugin - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow remote code execution. Industrial Control Systems Network Protocol Parsers - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their ...
1 year ago Cisa.gov CVE-2023-7244 CVE-2023-7243 CVE-2023-7242
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Recapping Cisco industrial IoT's journey: A year of security, simplification and innovation - In this blog, we'll take a look back at the key topics and trends that defined the industrial IoT journey in 2023. Empowering our industrial customers to digitize and secure operations at the same time has been prevalent in every conversation this ...
1 year ago Feedpress.me
Rockwell Automation FactoryTalk Activation - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system. Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the ...
1 year ago Cisa.gov CVE-2023-38545 CVE-2023-3935
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
CISA Releases Two Industrial Control Systems Advisories | CISA - CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. CISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information ...
6 months ago Cisa.gov
CISA Releases Three Industrial Control Systems Advisories | CISA - CISA released three Industrial Control Systems (ICS) advisories on October 3, 2024. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. These advisories provide timely information ...
6 months ago Cisa.gov
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities - Siemens and Schneider Electric have published their March 2024 Patch Tuesday security advisories, which cover more than 200 vulnerabilities affecting their products. Siemens has published 11 new advisories describing a total of 214 vulnerabilities. A ...
1 year ago Securityweek.com CVE-2024-21762 CVE-2023-27997 CVE-2022-41328
CVE-2024-54092 - A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 ...
1 week ago
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
GAO: CISA's OT Teams Inadequately Staffed - The Government Accountability Office recently conducted a study on operational technology products and services provided by CISA and found that some teams were staffed inadequately. CISA is the lead agency in aiding critical infrastructure ...
1 year ago Darkreading.com
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
6 months ago Cisa.gov CVE-2024-41925 CVE-2024-45367
CISA orders federal agencies to patch Looney Tunables Linux bug - Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. Dubbed 'Looney Tunables' by Qualys' Threat Research Unit and ...
1 year ago Bleepingcomputer.com CVE-2023-4911 CVE-2023-46604
Delta Electronics InfraSuite Device Master - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote code execution. Delta Electronics InfraSuite Device Master contains a deserialization of untrusted data vulnerability because it runs a version of Apache ActiveMQ which ...
11 months ago Cisa.gov CVE-2023-46604
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Critical Infrastructure At Risk: Vulnerabilities Discovered In Automatic Tank Gauging - Pedro Umbelino, Principal Research Scientist at Bitsight, says the vulnerabilities could allow malefactors to exploit ATG systems, leading to potentially catastrophic outcomes, including environmental hazards, economic disruption, and even physical ...
6 months ago Informationsecuritybuzz.com
Franklin Electric Fueling Systems Colibri - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. The discontinued FFS Colibri product allows a remote user to access files on the system including files containing ...
1 year ago Cisa.gov CVE-2023-5885

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)