CyberSecurityBoard
Sponsor Register Login

ICS Advisory (ICSA-25-240-03) - CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory (ICSA-25-240-03) addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could allow an attacker to execute arbitrary code, cause denial of service, or gain unauthorized access to industrial control systems, potentially disrupting critical infrastructure operations. The advisory provides detailed information on the affected products, the nature of the vulnerabilities, and recommended mitigation strategies including firmware updates and network segmentation to protect against exploitation. Industrial control system operators and cybersecurity professionals are urged to review the advisory carefully and implement the recommended security measures to safeguard their environments. This advisory highlights the ongoing risks faced by operational technology environments and the importance of proactive vulnerability management in industrial cybersecurity.

This Cyber News was published on www.cisa.gov. Publication date: Thu, 28 Aug 2025 16:00:20 +0000


Cyber News related to ICS Advisory (ICSA-25-240-03) - CISA

Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
ICS Advisory (ICSA-25-238-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-238-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-240-06) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory, ICSA-25-240-06, addressing critical vulnerabilities in industrial control systems (ICS). This advisory highlights the importance of securing ICS environments ...
5 days ago Cisa.gov CVE-2025-24006
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
1 year ago Securelist.com
ICS Advisory (ICSA-25-245-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued ICS Advisory ICSA-25-245-03 to address critical vulnerabilities affecting industrial control systems (ICS). This advisory highlights the importance of timely patching and ...
20 hours ago Cisa.gov CVE-2023-3519 CVE-2023-3520 CVE-2023-3521
ICS Advisory (ICSA-25-240-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-240-02, addressing critical vulnerabilities in specific ICS products. This advisory highlights the importance of timely ...
5 days ago Cisa.gov CVE-2023-24002
ICS Advisory (ICSA-25-240-05) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-240-05, addressing critical vulnerabilities in specific industrial control system products. This advisory highlights the ...
5 days ago Cisa.gov CVE-2023-24005
ICS Advisory (ICSA-25-240-04) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) advisory, ICSA-25-240-04, addressing critical vulnerabilities in specific ICS products. This advisory highlights the importance of timely ...
5 days ago Cisa.gov CVE-2023-24004
ICS Advisory (ICSA-25-240-01) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) advisory, ICSA-25-240-01, addressing critical vulnerabilities in Schneider Electric's Modicon M340 Programmable Logic Controller (PLC). These ...
5 days ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
ICS Advisory (ICSA-25-245-01) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory, ICSA-25-245-01, addressing critical vulnerabilities in industrial control systems (ICS). This advisory highlights the importance of securing ICS environments ...
20 hours ago Cisa.gov CVE-2023-24501
ICS Advisory (ICSA-25-238-01) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-238-01, addressing critical vulnerabilities affecting specific ICS products. This advisory highlights the importance of ...
1 week ago Cisa.gov CVE-2023-3519 CVE-2023-3520
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
11 months ago Cisa.gov CVE-2024-41925 CVE-2024-45367
ICS Advisory (ICSA-25-245-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory, ICSA-25-245-02, addressing critical vulnerabilities in industrial control systems (ICS). This advisory highlights the importance of securing ICS environments ...
20 hours ago Cisa.gov CVE-2025-24502
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
2 years ago Securityweek.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
11 months ago Therecord.media
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS - Additional vulnerabilities documented in the advisory include an improper limitation of pathname to a restricted directory (CVE-2024-3980), commonly known as path traversal vulnerability, along with authentication bypass (CVE-2024-3982), missing ...
5 months ago Cybersecuritynews.com CVE-2024-3980
Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq - Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is ...
1 year ago Helpnetsecurity.com
Mitsubishi Electric FA Engineering Software Products - RISK EVALUATION. Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to open a specially crafted project file, which could result in information disclosure, tampering ...
1 year ago Cisa.gov CVE-2023-5247
Mitsubishi Electric Electrical Discharge Machines - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products. Remote code execution ...
1 year ago Cisa.gov CVE-2023-21554
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family - As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT ...
1 year ago Cisa.gov CVE-2023-44317 CVE-2023-49692
ICS Advisory (ICSA-25-240-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory (ICSA-25-240-03) addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
5 days ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
Delta Electronics DOPSoft - RISK EVALUATION. Successful exploitation of this vulnerability could lead to remote code execution. The affected product is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate ...
1 year ago Cisa.gov CVE-2023-5944
WAGO PFC200 Series - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to access sensitive files in an unintended, undocumented way. Compact Controller CC100: Versions later than FW19, up to and ...
1 year ago Cisa.gov CVE-2023-4089
Delta Electronics InfraSuite Device Master - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote code execution. Delta Electronics InfraSuite Device Master contains a deserialization of untrusted data vulnerability because it runs a version of Apache ActiveMQ which ...
1 year ago Cisa.gov CVE-2023-46604

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)