Skip to main content
(844) 422-7000

Author: Admin @CloudCentric

Rapid Response Monitoring My Security Account App

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Rapid Response Monitoring
  • Equipment: My Security Account App
  • Vulnerability: Authorization Bypass Through User-Controlled Key

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Rapid Response Monitoring products are affected:

  • My Security Account App API: Versions prior to 7/29/24

3.2 VULNERABILITY OVERVIEW

3.2.1 Authorization Bypass Through User-Controlled Key CWE-639

Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users.

CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-0352. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Emergency Services
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

kbots reported this vulnerability to CISA.

4. MITIGATIONS

Rapid Response Monitoring reports that this issue was patched on their end and no action is required by users. For further information, contact Rapid Response Monitoring.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 20, 2025: Initial Publication

ABB FLXEON Controllers

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 10.0
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: ABB
  • Equipment: FLXEON Controllers
  • Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to send unauthorized HTTPS requests, access sensitive information from HTTPS responses, or use network access to execute remote code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

ABB reports that the following products are affected:

  • FLXEON Controllers FBXi: Version 9.3.4 and prior
  • FLXEON Controllers FBVi: Version 9.3.4 and prior
  • FLXEON Controllers FBTi: Version 9.3.4 and prior
  • FLXEON Controllers CBXi: Version 9.3.4 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND INJECTION’) CWE-77

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON version 9.3.4 and prior.

CVE-2024-48841 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48841. A base score of 10.0 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.2.2 MISSING ORIGIN VALIDATION IN WEBSOCKETS CWE-1385

Session management is not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON version 9.3.4 and prior.

CVE-2024-48849 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48849. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532

Some information may be improperly disclosed through HTTPS access. This issue affects FLXEON version 9.3.4 and prior.

CVE-2024-48852 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48852. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Gjoko Krstikj of Zero Science Lab reported these vulnerabilities through responsible disclosure.

4. MITIGATIONS

ABB recommends that users update to firmware version 9.3.5.

ABB recommends that users immediately do the following actions on any released version of FLXEON:

  • Stop and disconnect any FLXEON products that are exposed directly to the Internet, either via a direct ISP connection or via NAT port forwarding.
  • Ensure that physical controls are in place, so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
  • Ensure that all FLXEON products are upgraded to the latest firmware version (9.3.5 or above). Please find the latest version of FLXEON firmware on the respective product homepage.
  • When remote access is required, only use secure methods. If a virtual private network (VPN) is used, ensure that the chosen VPN is secure i.e. updated to the most current version available and configured for secure access.

For more information, please refer to ABB’s cybersecurity advisory 9AKK108470A5684.

ABB states that these vulnerabilities are only exploitable if attackers can access the network segment where FLXEON is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect users networks:

  • FLXEON devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding. If remote access to a FLXEON system is a user requirement, the system shall operate behind a firewall. Users accessing FLXEON remotely shall do this using a VPN gateway allowing access to the particular network segment where FLXEON is in stalled and configured.
  • It is crucial that the VPN gateway and network are set up in accordance with best industry standards and maintained in terms of security patches for all related components.
  • Change default passwords if they are still in use.
  • Ensure that all FLXEON products are upgraded to the latest firmware version. Please find the latest version of FLXEON firmware on the respective product homepage.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 20, 2025: Initial Publication

Carrier Block Load

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 7.1
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Carrier
  • Equipment: Block Load
  • Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges .

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Carrier product, which is a HVAC load calculation program, are affected:

  • Block Load: Version 4.16

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
  • COUNTRIES/AREAS DEPLOYED: United States
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

An anonymous researcher reported this vulnerability to Carrier.

4. MITIGATIONS

Carrier recommends users to upgrade the product to v4.2 or later. If any issues arise, users are encouraged to contact Carrier directly. For more information refer to Carrier’s security advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 20, 2025: Initial Publication

Elseta Vinci Protocol Analyzer

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.4
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Elseta
  • Equipment: Vinci Protocol Analyzer
  • Vulnerability: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Elseta products are affected:

Vinci Protocol Analyzer: Versions prior to 3.2.3.19

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (‘OS COMMAND INJECTION’) CWE-78

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system.

CVE-2025-1265 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-1265. A base score of 9.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Communications
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Lithuania

3.4 RESEARCHER

Nguyen Huu Thien Duc reported this vulnerability to CISA.

4. MITIGATIONS

Elseta recommends affected users update to version 3.2.3.19 or later. Contact Elseta for more information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 20, 2025: Initial Publication

Dingtian DT-R0 Series

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Dingtian
  • Equipment: DT-R0 Series
  • Vulnerability: Authentication Bypass Using an Alternate Path or Channel

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Dingtian DT-R0 Series are affected:

  • DT-R002: Version V3.1.3044A
  • DT-R008: Version V3.1.1759A
  • DT-R016: Version V3.1.2776A
  • DT-R032: Version V3.1.3826A

3.2 Vulnerability Overview

3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288

The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.

CVE-2025-1283 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-1283. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: China

3.4 RESEARCHER

Cumhur Kizilari (Zeus) reported this vulnerability to CISA.

4. MITIGATIONS

Dingtian has not responded to requests to work with CISA to mitigate this vulnerability, thus no mitigation is available at this time. Users of affected versions of Dingtian DT-R002 are invited to contact Dingtian customer support for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 13, 2025: Initial Publication

Siemens SIMATIC PCS neo and TIA Administrator

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SIMATIC PCS neo and TIA Administrator
  • Vulnerability: Insufficient Session Expiration

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user’s session even after logout.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • SIMOCODE ES V19: Versions prior to V19 Update 1
  • TIA Administrator: Versions 3.0.4 and prior
  • SIMATIC PCS neo V4.1: Versions prior to V4.1 Update 2
  • SIMATIC PCS neo V4.0: All versions
  • SIRIUS Safety ES V19 (TIA Portal): Versions prior to V19 Update 1
  • SIRIUS Soft Starter ES V19 (TIA Portal): Versions prior to V19 Update 1
  • SIMATIC PCS neo V5.0: Versions prior to V5.0 Update 1

3.2 VULNERABILITY OVERVIEW

3.2.1 INSUFFICIENT SESSION EXPIRATION CWE-613

Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user’s session even after logout.

CVE-2024-45386 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-45386. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Close browser and client after logout and remove all locally stored session tokens
  • SIMATIC PCS neo V4.0: Currently no fix is planned
  • SIMOCODE ES V19: Update to V19 Update 1 or later version
  • SIRIUS Soft Starter ES V19 (TIA Portal): Update to V19 Update 1 or later version
  • SIRIUS Safety ES V19 (TIA Portal): Update to V19 Update 1 or later version
  • TIA Administrator: Update to V3.0.4 or later version
  • SIMATIC PCS neo V4.1: Update to V4.1 Update 2 or later version
  • SIMATIC PCS neo V5.0: Update to V5.0 Update 1 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-342348 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 13, 2025: Initial Publication

Outback Power Mojave Inverter

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Outback Power
  • Equipment: Mojave Inverter
  • Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Outback Power Mojave Inverter, a system for managing power in a residential grid-connected battery backup system, are affected:

  • Outback Power Mojave Inverter: All versions

3.2 VU;NERABILITY OVERVIEW

3.2.1 Use of GET Request Method With Sensitive Query Strings CWE-598

The Mojave Inverter uses the GET method for sensitive information.

CVE-2025-26473 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated forCVE-2025-26473. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.2 Exposure of Sensitive Information to an Unauthorized Actor CWE-200

An attacker may modify the URL to discover sensitive information about the target network.

CVE-2025-25281 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated forCVE-2025-25281. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.3 Improper Neutralization of Special Elements used in a Command CWE-77

An attacker may inject commands via specially-crafted post requests.

CVE-2025-24861 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated forCVE-2025-24861. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Energy
  • COUNTRIES/AREAS DEPLOYED: United States
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Jon Hurtado of Sandia National Laboratory reported these vulnerabilities to CISA.

4. MITIGATIONS

The Mojave Inverter was a product of Enersys. When Outback Power was split off from Enersys recently, Mojave Inverter was moved to Outback Power, but without the resources to maintain the product. Outback Power may discontinue this product and has not yet addressed these vulnerabilities. CISA recommends disabling the networking features of this product until a replacement product can be acquired.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Disable un-used functions.
  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 13, 2025: Initial Publication

Siemens SIMATIC

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 6.9
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SIMATIC
  • Vulnerability: Observable Discrepancy

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to identify valid usernames.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports the following SIMATIC products are affected:

  • Siemens SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): vers:all/>=V30.1.0
  • Siemens SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-PLCSIM Advanced: vers:all/>=V6.0|<V7.0
  • Siemens SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0): vers:all/<V4.7
  • Siemens SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0): vers:all/<V4.7
  • Siemens SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0): vers:all/>=V3.1.0|<V3.1.2
  • Siemens SIMATIC S7-1500 Software Controller: vers:all/>=V30.1.0

3.2 VULNERABILITY OVERVIEW

3.2.1 OBSERVABLE DISCREPANCY CWE-203

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.

CVE-2023-37482 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2023-37482. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

David Henrique Estevam de Andrade reported this vulnerability to Siemens.
Siemens then reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0), SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0), SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0): Disable HTTP (Port 80/tcp) and provide web service access through HTTPS (Port 443/tcp) only; the vulnerability is considered as only exploitable via HTTP.
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1500 Software Controller: Currently no fix is available.
  • SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0), SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0), SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0): Update to V3.1.2 or a later version.
  • SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): Update to V3.1.2 or later version.
  • SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0): Update to V4.7 or a later version.
  • SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0): Update to V4.7 or a later version.
  • SIMATIC S7-PLCSIM Advanced: Update to V7.0 or a later version.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-195895 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 13, 2025: Initial Publication

ORing IAP-420

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.6
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: ORing
  • Equipment: IAP-20
  • Vulnerabilities: Cross-site Scripting, Command Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following ORing products are affected:

  • IAP-420: Versions 2.01e and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

A stored cross-site scripting can be triggered by placing JavaScript code into the SSID input field of the web interface. An attacker could exploit this vulnerability by luring an authenticated user to visit a malicious website.

CVE-2024-5410 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2024-5410. A base score of 8.2 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H).

3.2.2 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND INJECTION’) CWE-77

The filename parameter of a configuration file upload is prone to a command injection vulnerability. This vulnerability can only be exploited if a user is authenticated to the web interface. An attacker could invoke commands and gain full control over the device.

CVE-2024-5411 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-5411. A base score of 8.6 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

CISA discovered public proof of concept (PoC) as authored by Thomas Weber of CyberDanube and reported it to ORing.

4. MITIGATIONS

ORing is aware of the vulnerabilities and is working to produce a fix. For more information, contact ORing directly.

CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 13, 2025: Initial Publication

Siemens Teamcenter

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 7.4
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: Teamcenter
  • Vulnerability: URL Redirection to Untrusted Site (‘Open Redirect’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to redirect the legitimate user to an attacker-controlled URL to steal valid session data.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens Teamcenter: All versions prior to V14.3.0.0

3.2 VULNERABILITY OVERVIEW

3.2.1 URL REDIRECTION TO UNTRUSTED SITE (‘OPEN REDIRECT’) CWE-601

The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-controlled URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

CVE-2025-23363 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Nicolo Vinci reported this vulnerability to Siemens.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-656895 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • February 13, 2025: Initial Publication