On April 15, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released nine urgent advisories highlighting critical vulnerabilities across a range of Industrial Control Systems (ICS) products from leading manufacturers, including Siemens, Delta Electronics, ABB, Mitsubishi Electric, and others.
These advisories underscore the growing cyber risk to operational technology (OT) environments and provide technical details, CVE codes, and mitigation strategies for system administrators and security professionals.
Key Vulnerabilities and Impacted Products
The advisories, cataloged under codes ICSA-25-105-01 through ICSA-25-105-09, address a spectrum of threats, from authentication bypass to remote code execution, affecting both hardware and software integral to industrial operations.
| Advisory Code | Product/Vendor | Main Vulnerability | CVSS v4 Score | Potential Impact |
|---|---|---|---|---|
| ICSA-25-105-01 | Siemens Mendix Runtime | Observable Response Discrepancy (CWE-204), CVE-2025-30280 | 6.9 | Entity enumeration, data exposure |
| ICSA-25-105-02 | Siemens Industrial Edge Device Kit | Weak Authentication, CVE pending | 9.3 | Authentication bypass, impersonation |
| ICSA-25-105-03 | Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX | Uncontrolled Resource Consumption, CVE pending | 6.9 | Denial of service |
| ICSA-25-105-04 | Growatt Cloud Applications | XSS, Auth Bypass, External Control, CVE pending | 9.3 | Data compromise, code execution |
| ICSA-25-105-05 | Lantronix Xport | Missing Authentication (CWE-306), CVE-2025-2567 | 9.3 | Unauthorized config changes, disruption |
| ICSA-25-105-06 | National Instruments LabVIEW | Out-of-bounds Write (CWE-787), CVE-2025-2631/2632 | 7.1 | Remote code execution |
| ICSA-25-105-07 | Delta Electronics COMMGR | Weak PRNG (CWE-338), CVE-2025-3495 | 9.3 | Session hijack, code execution |
| ICSA-25-105-08 | ABB M2M Gateway | Multiple (overflow, path traversal, etc.), CVE pending | 8.8 | Remote control, denial of service |
| ICSA-25-105-09 | Mitsubishi Electric Europe B.V. smartRTU | Missing Auth, OS Command Injection, CVE-2025-3232/3128 | 9.3 | Data breach, DoS, remote command exec |
Technical Highlights
- Siemens Mendix Runtime: Vulnerable to entity enumeration due to distinguishable server responses. CVE-2025-30280 is assigned, with a CVSS v4 base score of 6.9. Update to version 10.21.0 or later is recommended.
- Siemens Industrial Edge Device Kit: Weak authentication enables remote attackers to impersonate users. Versions prior to 1.20.2-1 (arm64/x86-64) are affected. Update to the latest firmware is advised.
- Growatt Cloud Applications: Multiple vulnerabilities, including Cross-Site Scripting (XSS) and authorization bypass, have been patched by the vendor; no user action is currently required.
- Lantronix Xport: Missing authentication for critical functions allows attackers to disrupt fuel monitoring and supply chain operations. CVE-2025-2567 carries a CVSS v4 score of 9.3. Users are urged to upgrade to Xport Edge.
- Delta Electronics COMMGR: Use of a cryptographically weak pseudo-random number generator (PRNG) could allow brute-forcing of session IDs and arbitrary code execution. CVE-2025-3495, CVSS v4 9.3. Version 2 will receive a fix; Version 1 is end-of-life.
- ABB M2M Gateway: A broad set of vulnerabilities, including integer overflow, HTTP request smuggling, and buffer overflows, could allow attackers to halt operations or gain remote control. CVSS v4 8.8. Immediate firmware updates and network segmentation are recommended.
- Mitsubishi Electric smartRTU: Missing authentication and OS command injection vulnerabilities (CVE-2025-3232, CVE-2025-3128) could enable remote code execution and data tampering. Affected versions: 3.37 and prior.
Mitigation Strategies
CISA and vendors recommend the following best practices:
- Patch and Update: Apply vendor-released patches and firmware updates without delay.
- Network Segmentation: Isolate ICS devices from business networks and the public internet using firewalls.
- Access Controls: Restrict access to trusted parties, enforce strong authentication, and disable unnecessary services.
- Monitoring and Logging: Implement real-time monitoring for anomalous activity and maintain secure logs.
- VPN and Secure Remote Access: Use up-to-date VPNs for remote access, recognizing their vulnerabilities.
The breadth and severity of these vulnerabilities highlight the persistent and evolving threat to industrial environments.
Organizations are urged to review the CISA advisories, prioritize risk assessments, and implement layered defense-in-depth strategies to protect critical infrastructure from exploitation.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,850&ssl=1&description=These advisories underscore the growing cyber risk to operational technology (OT) environments and provide technical detail.){kind=link}