Posts Page - CloudCentric

Rockwell Automation AADvance-Trusted SIS Workstation

Written by Admin @CloudCentric on November 13, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: AADvance-Trusted SIS Workstation
Vulnerability: Path Traversal

2. RISK EVALUATION

Successful exploitation of this vulnerability may allow remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Rockwell Automation reports the following versions of AADvance-Trusted SIS Workstation, a software suite for developing and managing safety instrumented system (SIS) applications, are affected:

AADvance-Trusted SIS Workstation: Versions 2.00.00 to 2.00.04

3.2 VULNERABILITY OVERVIEW

3.2.1 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-22

A directory traversal vulnerability in DotNetZip v.1.16.0 and earlier may allow a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component. Exploitation requires the victim to open a malicious file.

CVE-2024-48510 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48510. A base score of 8.6 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Rockwell Automation reported this vulnerability to CISA.

4. MITIGATIONS

Rockwell Automation reports this issue is corrected in software Version 2.01.00 and later.

For more information about this issue, see the advisory on the Rockwell Automation security page.

Users of the affected software who are unable to upgrade to one of the corrected versions should follow Rockwell Automation security best practices.

If you have any questions regarding the security issue above and how to mitigate it, contact TechConnect for assistance. More information can be found at Contact Us | Rockwell Automation | US.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

November 13, 2025: Initial Republication of Rockwell Automation

Rockwell Automation FactoryTalk DataMosaix Private Cloud

Written by Admin @CloudCentric on November 13, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: FactoryTalk DataMosaix Private Cloud
Vulnerabilities: Weak Authentication, Improper Encoding or Escaping of Output

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to take over accounts, steal credentials, redirect users to a malicious website, or bypass MFA.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of FactoryTalk DataMosaix Private Cloud are affected:

FactoryTalk DataMosaix Private Cloud: Versions 7.11, 8.00, 8.01 (CVE-2025-11084)
FactoryTalk DataMosaix Private Cloud: Versions 7.11, 8.00 (CVE-2025-11085)

3.2 VULNERABILITY OVERVIEW

3.2.1 WEAK AUTHENTICATION CWE-1390

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.

CVE-2025-11084 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-11084. A base score of 7.6 has been calculated; the CVSS vector string is (AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N).

3.2.2 IMPROPER ENCODING OR ESCAPING OF OUTPUT CWE-116

A security issue exists within DataMosaix™ Private Cloud allowing for Persistent cross-site scripting. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website.

CVE-2025-11085 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-11085. A base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Rockwell Automation reported these vulnerabilities to CISA.

4. MITIGATIONS

Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible:

For CVE-2025-11084: Update FactoryTalk DataMosaix Private Cloud to Version 8.02
For CVE-2025-11085: Update FactoryTalk DataMosaix Private Cloud to Version 8.01

Users using the affected software, who are not able to upgrade to one of the corrected versions, should use Rockwell Automation’s best security practices. 

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

November 13, 2025: Initial Republication of Rockwell Automation advisory ‘FactoryTalk DataMosaix Private Cloud – Multiple Vulnerabilities’

ABB FLXeon Controllers

Written by Admin @CloudCentric on November 6, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: ABB
Equipment: FBXi, FBVi, FBTi, CBXi
Vulnerabilities: Use of Hard-coded Credentials, Improper Validation of Specified Type of Input, Use of a One-Way Hash without a Salt

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product, insert and run arbitrary code, and crash the device being accessed.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following ABB FLXeon products are affected:

FBXi-8R8-X96 (2CQG201028R1011): Versions 9.3.5 and prior
FBXi-8R8-H-X96 (2CQG201029R1011): Versions 9.3.5 and prior
FBXi-X256 (2CQG201014R1021): Versions 9.3.5 and prior
FBXi-X48 (2CQG201018R1021): Versions 9.3.5 and prior
FBXi-8R8-X96-S (2CQG201606R1011): Versions 9.3.5 and prior
FBVi-2U4-4T (2CQG201015R1021 ): Versions 9.3.5 and prior
FBVi-2U4-4T-IMP (2CQG201016R1021): Versions 9.3.5 and prior
FBVi-2U4-4T-SI: Versions 9.3.5 and prior
FBTi-7T7-1U1R (2CQG201022R1011): Versions 9.3.5 and prior
FBTi-6T1-1U1R (2CQG201022R1011): Versions 9.3.5 and prior
CBXi-8R8 (2CQG201001R1021): Versions 9.3.5 and prior
CBXi-8R8-H (2CQG201001R1021): Versions 9.3.5 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798

Credentials that are required for the functioning of the product cannot be stored in a HW supported secure storage as the product does not implement such a component.

CVE-2024-48842 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48842. A base score of 7.3 has been calculated; the CVSS vector string is (AV:P/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.2.2 IMPROPER VALIDATION OF SPECIFIED TYPE OF INPUT CWE-1287

A remote code execution is possible due to an improper input validation.

CVE-2024-48851 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48851. A base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 USE OF A ONE-WAY HASH WITHOUT A SALT CWE-759

Password hashes are stored using a vulnerable MD5 algorithm with low entropy on salt, stored in plain text on unencrypted partitions.

CVE-2025-10205 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-10205. A base score of 8.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.4 IMPROPER VALIDATION OF SPECIFIED TYPE OF INPUT CWE-1287

Users can push files with full pathnames allowing file operations in off limits directories.

CVE-2025-10207 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-10207. A base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Gjoko Krstikj of Zero Science Lab reported these vulnerabilities to ABB.

4. MITIGATIONS

ABB recommends users do the following actions on any released SW version of FLXeon:

Stop and disconnect any FLXeon products that are exposed directly to the Internet, either via a direct ISP connection or via NAT port forwarding.
Ensure that physical controls are in place, so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
Ensure that all FLXeon products are upgraded to the latest firmware version. The latest version of FLXeon firmware can be found on the respective product homepage.
When remote access is required, only use secure methods. If a Virtual Private Network (VPN) is used, ensure that the chosen VPN is secure i.e. updated to the most current version available and configured for secure access.

For more information refer to ABB’s Cybersecurity Advisory 9AKK108471A7121. The ABB advisory includes a detailed mapping of applicable mitigations for each listed vulnerability.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

November 6, 2025: Initial Publication

Ubia Ubox

Written by Admin @CloudCentric on November 6, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 7.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Ubia
Equipment: Ubox
Vulnerability: Insufficiently Protected Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following product version is reported to be affected:

Ubox: v1.1.124

3.2 VULNERABILITY OVERVIEW

3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

CVE-2025-12636 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-12636. A base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: China

3.4 RESEARCHER

Milos C. reported this vulnerability to CISA.

4. MITIGATIONS

Ubia did not respond to CISA’s attempts to coordinate. Users of Ubia Cameras are encouraged to reach out out to Ubia for more information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

November 06, 2025: Initial Publication

Advantech DeviceOn/iEdge

Written by Admin @CloudCentric on November 6, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.7
ATTENTION: Exploitable remotely/Low attack complexity
Vendor: Advantech
Equipment: DeviceOn/iEdge
Vulnerabilities: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could result in a denial-of-service condition, remote code execution, or an attacker reading arbitrary files.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of DeviceOn/iEdge, an IoT management platform, is affected:

DeviceOn/iEdge: Version 2.0.2 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.

CVE-2025-64302 has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-64302. A base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L).

3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.

CVE-2025-62630 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-62630. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

A vulnerability in a device dependency allows an unauthenticated attacker to read arbitrary files or bypass authentication.

CVE-2025-59171 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-59171. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.4 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account.

CVE-2025-58423 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-58423. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Information Technology
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Alex Williams of Pellera Technologies reported this vulnerability to CISA.

4. MITIGATIONS

Advantech has stated that the listed products are end-of-life, and recommends all users upgrade their devices to DeviceOn, which is not vulnerable to these vulnerabilities. For further questions or upgrade assistance, users should contact Advantech.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

November 6, 2025: Initial Publication

IDIS ICM Viewer

Written by Admin @CloudCentric on November 4, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: IDIS
Equipment: ICM Viewer
Vulnerability: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in an attacker executing arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of ICM Viewer is affected:

ICM Viewer: Version v1.6.0.10

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF ARGUMENT DELIMITERS IN A COMMAND (‘ARGUMENT INJECTION’) CWE-88

An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.

CVE-2025-12556 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-12556. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Communications
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: South Korea

3.4 RESEARCHER

Vera Mens and Noam Moshe of Claroty Team82 reported this vulnerability to CISA.

4. MITIGATIONS

IDIS recommends users to follow these guidelines:

For users who continue to use the ICM Viewer:
- You must access https://icm.idisglobal.com and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.
For users who do not use the ICM Viewer:
- You must immediately uninstall the program from your system.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

November 04, 2025: Initial Publication

Fuji Electric Monitouch V-SFT-6

Written by Admin @CloudCentric on November 4, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.4
ATTENTION: Low attack complexity
Vendor: Fuji Electric
Equipment: Monitouch V-SFT-6
Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Fuji Electric Monitouch V-SFT-6 human-machine interface (HMI) configuration software are affected:

Fuji Electric Monitouch V-SFT-6: Version 6.2.7.0

3.2 VULNERABILITY OVERVIEW

3.2.1 Heap-based Buffer Overflow CWE-122

A maliciously crafted project file may cause a heap-based buffer overflow, which may allow the attacker to execute arbitrary code.

CVE-2025-54496 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-54496. A base score of 8.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 Stack-based Buffer Overflow CWE-121

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.

CVE-2025-54526 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-54526. A base score of 8.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.

4. MITIGATIONS

Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users update to V6.2.9.0 or newer.

CISA recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

November 4, 2025: Initial Publication

Survision License Plate Recognition Camera

Written by Admin @CloudCentric on November 4, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Survision
Equipment: License Plate Recognition (LPR) Camera
Vulnerability: Missing Authentication for Critical Function

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Survision LPR Camera are affected:

License Plate Recognition LPR Camera: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.

CVE-2025-12108 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-12108. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Souvik Kandar of Microsec (microsec.io) reported this vulnerability to CISA.

4. MITIGATIONS

Survision has released the following versions for users to update to:

License Plate Recognition LPR Camera: Firmware version v3.5

Survision recommends users to enable the configuration password authentication by defining users and roles with minimal rights in the user management system and, where possible, enforce client certificate authentication.

For future deployments, plan for integration of the new login/password mechanism and update your installation procedures accordingly.

On previous versions (inferior to 3.5)

Survision recommends activating the “lock” password in the security parameters and, where possible, enforce client certificate authentication.

For more information, contact Survision.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

November 04, 2025: Initial Publication

Delta Electronics CNCSoft-G2

Written by Admin @CloudCentric on November 4, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-G2
Vulnerability: Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code in the context of the current process.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Delta Electronics CNCSoft-G2 are affected:

CNCSoft-G2: Version 2.1.0.27 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-58317 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-58317. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Natnael Samson working with Trend Micro’s Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Delta Electronics recommends CNCSoft-G2 users to download and update to Version 2.1.0.34 or later.

General Recommendations:

Do not click on untrusted Internet links or open unsolicited attachments in emails.
Avoid exposing control systems and equipment to the Internet.
Place systems and devices behind a firewall and isolate them from the business network.
When remote access is required, use a secure access method, such as a virtual private network (VPN).

Users should contact Delta Electronics with any additional product-related support concerns.

For more information, refer to Delta Electronic’s product cybersecurity advisory PCSA-2025-00017.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

November 4, 2025: Initial Publication

Radiometrics VizAir

Written by Admin @CloudCentric on November 4, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Radiometrics
Equipment: VizAir
Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow attackers to manipulate critical weather parameters and runway settings, mislead air traffic control and pilots, extract sensitive meteorological data, and cause significant disruption to airport operations, leading to hazardous flight conditions.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Radiometrics VizAir are affected:

VizAir: Versions prior to 08/2025

3.2 VULNERABILITY OVERVIEW

3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.

CVE-2025-61945 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-61945. A base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.2.2 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

Radiometrics VizAir is vulnerable to exposure of the system’s REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.

CVE-2025-54863 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-54863. A base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.2.3 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.

CVE-2025-61956 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-61956. A base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Transportation Systems
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Souvik Kandar reported these vulnerabilities to CISA.

4. MITIGATIONS

Radiometrics performed updates on all affected systems and resolved these vulnerabilities. No further action is needed on the user’s end.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

November 4, 2025: Initial Publication