The Cybersecurity and Infrastructure Security Agency (CISA) has released thirteen new security advisories addressing vulnerabilities in a range of Industrial Control Systems (ICS) products.
Overview of the Advisories
The newly published advisories highlight security issues affecting products from major vendors, including Siemens, Delta Electronics, Advantech, Kunbus, and IDEC, among others. The vulnerabilities identified could potentially be exploited by cyber attackers to disrupt operations, access sensitive information, or compromise the integrity of industrial systems.
A summary of the affected products and corresponding advisories is as follows:
| Advisory ID | Product/Vendor |
|---|---|
| ICSA-25-191-01 | Siemens SINEC NMS |
| ICSA-25-191-02 | Siemens Solid Edge |
| ICSA-25-191-03 | Siemens TIA Administrator |
| ICSA-25-191-04 | Siemens SIMATIC CN 4100 |
| ICSA-25-191-05 | Siemens TIA Project-Server and TIA Portal |
| ICSA-25-191-06 | Siemens SIPROTEC 5 |
| ICSA-25-191-07 | Delta Electronics DTM Soft |
| ICSA-25-191-08 | Advantech iView |
| ICSA-25-191-09 | KUNBUS RevPi Webstatus |
| ICSA-25-191-10 | End-of-Train and Head-of-Train Remote Linking Protocol |
| ICSA-25-121-01 (Update A) | KUNBUS GmbH Revolution Pi |
| ICSA-25-135-19 (Update A) | ECOVACS DEEBOT Vacuum and Base Station |
| ICSA-24-263-02 (Update A) | IDEC Products |
Recommended Actions
CISA strongly urges all organizations utilizing these products to:
- Review the full advisories for technical details, including affected versions, vulnerability descriptions, and potential impacts.
- Implement recommended mitigations such as applying software updates, installing patches, or adopting temporary workarounds as outlined by CISA and the respective vendors.
- Monitor for further updates and advisories to ensure ongoing protection against emerging threats.
Additional Information
For detailed technical information and guidance, organizations are encouraged to consult the official advisories available on the CISA ICS Advisories page. Staying informed and responding promptly to such advisories is a key component of effective cybersecurity risk management for industrial environments.
