The Cybersecurity and Infrastructure Security Agency (CISA) released two critical advisories addressing significant vulnerabilities in Industrial Control Systems (ICS) that impact vital sectors, including manufacturing, energy, transportation, and healthcare.
The advisories highlight security flaws in KUNBUS GmbH’s Revolution Pi industrial PC and MicroDicom’s DICOM Viewer software, urging immediate action to mitigate risks associated with these vulnerabilities.
KUNBUS GmbH Revolution Pi Vulnerabilities
The Revolution Pi, an open-source industrial PC based on the Raspberry Pi platform, is widely used for industrial automation due to its modularity and cost-effectiveness.
CISA’s advisory ICSA-25-121-01 identifies three critical vulnerabilities with high severity scores affecting the Revolution Pi OS Bookworm (01/2025) and PiCtory software versions 2.5.0 through 2.11.1.
- Missing Authentication for Critical Function (CWE-306)
The Node-RED server included in the Revolution Pi OS lacks default authentication, allowing unauthenticated remote attackers to gain full control over the server and execute arbitrary commands on the underlying operating system. - This flaw is tracked as CVE-2025-24522 with a maximum CVSS v3.1 base score of 10.0, indicating critical severity.
- Authentication Bypass by Primary Weakness (CWE-305)
PiCtory versions 2.5.0 to 2.11.1 suffer from an authentication bypass vulnerability through path traversal, enabling attackers to access critical functions without authorization (CVE-2025-24523, CVSS 9.8). - Improper Neutralization of Server-Side Includes (SSI) (CWE-97)
PiCtory is also vulnerable to SSI injection attacks, allowing attackers to execute malicious server-side includes within web pages (CVE-2025-24524, CVSS 9.8).
These vulnerabilities pose a severe threat to critical infrastructure sectors by potentially allowing attackers to disrupt operations, manipulate safety systems, or cause operational downtime.
While no confirmed exploitation has been reported yet, the urgency for patching and securing affected systems is paramount.
MicroDicom DICOM Viewer Vulnerability
The second advisory (ICSMA-25-121-01) concerns MicroDicom’s DICOM Viewer, a tool widely used in healthcare for medical imaging.
The vulnerability involves improper certificate validation (CWE-295), which could enable attackers positioned in a privileged network role to perform man-in-the-middle (MITM) attacks. This flaw allows modification of network traffic and delivery of malicious updates to users.
The vulnerability is identified as CVE-2025-1002 with a CVSS score of 5.7, indicating moderate severity. MicroDicom recommends updating to version 2025.2 or later to mitigate this risk.
Mitigation Recommendations
CISA advises organizations to adopt multiple defensive measures to reduce exposure and risk:
- Immediately update affected software to the latest versions.
- Enable authentication on all exposed interfaces, especially Node-RED servers.
- Isolate control system networks from business networks using firewalls.
- Avoid direct internet exposure of ICS devices.
- Use secure remote access methods such as up-to-date VPNs, acknowledging their limitations.
- Conduct regular risk assessments and impact analyses before deploying mitigations.
- Educate personnel to recognize and avoid social engineering and phishing attacks.
Organizations should also monitor for suspicious activity and report incidents to CISA for a coordinated response.
Risk Factor Table for CISA May 2025 ICS Advisories
| Vulnerability | Affected Product(s) | CVE ID | CVSS v3.1 Score | Attack Complexity | Impact | Mitigation |
|---|---|---|---|---|---|---|
| Missing Authentication for Critical Function | Revolution Pi OS Bookworm 01/2025 | CVE-2025-24522 | 10.0 | Low | Full remote control, arbitrary command execution | Enable authentication, patch OS |
| Authentication Bypass by Primary Weakness | PiCtory 2.5.0 – 2.11.1 | CVE-2025-24523 | 9.8 | Low | Unauthorized access to critical functions | Update PiCtory to 2.12, enable auth |
| Improper Neutralization of Server-Side Includes | PiCtory 2.11.1 and earlier | CVE-2025-24524 | 9.8 | Low | Execution of malicious server-side includes | Apply patches, restrict access |
| Improper Certificate Validation | MicroDicom DICOM Viewer 2024.03 | CVE-2025-1002 | 5.7 | Low | MITM attack, malicious update delivery | Update to version 2025.2 or later |
The recent advisories underscore the critical need for robust cybersecurity practices in industrial and healthcare control systems.
As these systems increasingly integrate with IT networks and the internet, ensuring secure configurations, timely patching, and vigilant monitoring is essential to safeguard critical infrastructure and patient safety.
The KUNBUS Revolution Pi and MicroDicom vulnerabilities serve as a stark reminder that openness and innovation in industrial IoT must be balanced with stringent security measures to prevent potentially devastating cyberattacks.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The advisories highlight security flaws in KUNBUS GmbH’s Revolution Pi industrial PC and MicroDicom’s DICOM Viewer software){kind=link}