Cybersecurity and Infrastructure Security Agency (CISA) issued six new advisories concerning Industrial Control Systems (ICS).

Cybersecurity and Infrastructure Security Agency (CISA) issued six new advisories concerning Industrial Control Systems (ICS). These advisories address critical vulnerabilities and offer mitigation guidance for affected vendors and systems. Below is an overview of the advisories and their key points:

List of Advisories

Advisory Code	Vendor	Product(s)	Focus / Issue
ICSA-25-196-01	Hitachi Energy	Asset Suite	Cross-Site Scripting & Mobile App Flaws
ICSA-25-196-02	ABB	RMC-100	ICS Vulnerability
ICSA-25-196-03	LITEON	IC48A & IC80A EV Chargers	Firmware Vulnerabilities
ICSA-25-037-02 (Update B)	Schneider Electric	EcoStruxure	Update B on prior vulnerability
ICSA-25-140-08 (Update A)	Schneider Electric	Modicon Controllers	Update A on prior vulnerability
ICSA-25-070-01 (Update A)	Schneider Electric	Uni-Telway Driver	Update A on prior vulnerability

Key Highlights

• Hitachi Energy Asset Suite: The advisory addresses cross-site scripting vulnerabilities and mobile application security concerns. CISA recommends defensive measures and performing risk assessments before deploying any patches or mitigation strategies.
• ABB RMC-100: This advisory focuses on vulnerabilities in ABB’s RMC-100 product. Users are urged to apply proper defensive measures and follow cyber defense best practices.
• LITEON IC48A & IC80A EV Chargers: Newly released firmware mitigates identified vulnerabilities in these EV charging products. Minimal network exposure and regular updates are strongly advised.
• Schneider Electric EcoStruxure, Modicon Controllers, Uni-Telway Driver (Updates): These updates address evolving vulnerabilities within Schneider Electric’s portfolio. The advisories provide new details and mitigation steps for these products.