The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on July 17, 2025, addressing significant security vulnerabilities across multiple industrial platforms.
These advisories target critical infrastructure components used in energy monitoring, digital imaging, and physical access control systems, highlighting the ongoing cybersecurity challenges facing industrial operations.
Leviton Energy Monitoring Systems Face Vulnerabilities
The first advisory, ICSA-25-198-01, addresses security flaws in Leviton’s AcquiSuite and Energy Monitoring Hub systems.
These industrial-grade energy management platforms are widely deployed across commercial and industrial facilities for real-time power consumption monitoring and demand response optimization.
The vulnerabilities identified in these systems could potentially allow unauthorized access to critical energy infrastructure data, enabling malicious actors to manipulate power consumption metrics or disrupt energy management protocols.
The AcquiSuite platform utilizes Modbus TCP/IP and BACnet communication protocols for data aggregation from multiple energy meters and sensors.
Security researchers have identified potential attack vectors through improper authentication mechanisms in the web-based management interface, which could allow remote code execution with elevated privileges.
CISA recommends immediate implementation of network segmentation, access control lists (ACLs), and firmware updates to mitigate these risks.
Panoramic Corporation Digital Imaging Software
Advisory ICSMA-25-198-01 focuses on vulnerabilities within Panoramic Corporation’s Digital Imaging Software, a specialized medical device software used in radiological imaging systems.
This medical ICS advisory (ICSMA) classification indicates the software’s integration with critical healthcare infrastructure, where security breaches could compromise patient safety and HIPAA compliance.
The identified vulnerabilities include buffer overflow conditions in the DICOM (Digital Imaging and Communications in Medicine) protocol implementation, potentially allowing attackers to execute arbitrary code on imaging workstations.
Additionally, improper input validation in the software’s TCP/IP stack could facilitate denial-of-service attacks against radiology departments.
Healthcare organizations using this software should implement immediate access restrictions and monitor network traffic for suspicious DICOM communications.
Johnson Controls Security Update
The third advisory, ICSA-24-191-05, represents Update B for Johnson Controls’ Software House C●CURE 9000 physical access control system.
This update addresses previously identified vulnerabilities in the system’s SQL database backend and web services interface.
The C●CURE 9000 platform manages electronic access control for high-security facilities, making it a critical component of physical security infrastructure.
The latest update patches SQL injection vulnerabilities in the system’s reporting module and fixes authentication bypass issues in the web-based administration portal.
Organizations should prioritize this update deployment, as compromised access control systems could facilitate unauthorized physical access to sensitive areas.
CISA emphasizes that administrators should review these advisories immediately and implement recommended mitigations to protect critical infrastructure from potential cyber threats targeting industrial control systems.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=These advisories target critical infrastructure components used in energy monitoring, digital imaging, and physical access control systems){kind=link}