The Cybersecurity and Infrastructure Security Agency (CISA) issued three critical Industrial Control Systems (ICS) advisories on June 3, 2025, addressing significant security vulnerabilities affecting automation systems from major industrial vendors.
The advisories target products from Schneider Electric and Mitsubishi Electric, highlighting ongoing security challenges in operational technology environments that support critical infrastructure operations across multiple sectors.
Two of the three newly released advisories focus specifically on Schneider Electric products, indicating substantial security concerns within the company’s industrial automation portfolio.
The first advisory, ICSA-25-153-01, addresses vulnerabilities in the Schneider Electric Wiser Home Automation system, a platform designed for residential and light commercial building automation applications.
This system typically manages lighting, heating, cooling, and security functions, making any security compromises potentially significant for building occupants and operations.
The second Schneider Electric advisory, ICSA-25-153-02, covers the EcoStruxure Power Build Rapsody platform, which serves as a critical component in power distribution and electrical infrastructure management.
EcoStruxure Power Build Rapsody is commonly deployed in commercial and industrial facilities for electrical system design, configuration, and monitoring.
Vulnerabilities in such systems could potentially allow unauthorized access to power distribution controls, creating risks for electrical safety and operational continuity.
The simultaneous release of advisories affecting two distinct Schneider Electric product lines suggests either coordinated vulnerability research or systemic security issues within the vendor’s development practices.
Organizations utilizing either platform should prioritize reviewing the technical details and implementing recommended mitigations to reduce exposure to potential exploitation.
ICS Vulnerabilities
The third advisory, ICSA-25-153-03, addresses security vulnerabilities within the Mitsubishi Electric MELSEC iQ-F Series programmable logic controllers (PLCs).
The MELSEC iQ-F Series represents a widely deployed family of industrial controllers used across manufacturing, process control, and automation applications.
These devices serve as the operational backbone for numerous industrial processes, making security vulnerabilities particularly concerning from both safety and operational perspectives.
PLCs like the MELSEC iQ-F Series typically interface directly with physical processes, sensors, and actuators, meaning successful exploitation could potentially impact physical operations beyond traditional information technology systems.
The inclusion of this advisory alongside the Schneider Electric vulnerabilities demonstrates the broad scope of current ICS security challenges affecting multiple vendors and technology platforms.
Manufacturing facilities, chemical processing plants, water treatment systems, and other critical infrastructure operators utilizing MELSEC iQ-F Series controllers should immediately assess their exposure and implement appropriate protective measures outlined in the CISA advisory.
Protective Measures
CISA released these advisories reflects the agency’s ongoing commitment to providing timely security information to industrial operators and cybersecurity professionals.
The advisories typically include detailed technical information about affected software versions, attack vectors, potential impacts, and vendor-provided mitigation strategies.
Organizations operating the affected systems should immediately review the published advisories for specific technical details and recommended protective actions.
Standard defensive measures often include network segmentation, access controls, monitoring implementations, and applying vendor-provided security updates when available.
The timing of these releases underscores the critical importance of maintaining robust cybersecurity practices within industrial environments, where security vulnerabilities can potentially impact both digital systems and physical operations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
 advisories on June 3, 2025, addressing significant security vulnerabilities.){kind=link}