Skip to main content
(844) 422-7000

Mitsubishi Electric MELSEC iQ-F Series CPU Module

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Mitsubishi Electric
  • Equipment: MELSEC iQ-F Series CPU module
  • Vulnerability: Cleartext Transmission of Sensitive Information

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the attacker may be able to stop the operations of programs.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric reports the following versions of MELSEC iQ-F Series CPU module are affected:

  • MELSEC iQ-F Series FX5U-32MT/ES: All versions
  • MELSEC iQ-F Series FX5U-32MT/DS: All versions
  • MELSEC iQ-F Series FX5U-32MT/ESS: All versions
  • MELSEC iQ-F Series FX5U-32MT/DSS: All versions
  • MELSEC iQ-F Series FX5U-64MT/ES: All versions
  • MELSEC iQ-F Series FX5U-64MT/DS: All versions
  • MELSEC iQ-F Series FX5U-64MT/ESS: All versions
  • MELSEC iQ-F Series FX5U-64MT/DSS: All versions
  • MELSEC iQ-F Series FX5U-80MT/ES: All versions
  • MELSEC iQ-F Series FX5U-80MT/DS: All versions
  • MELSEC iQ-F Series FX5U-80MT/ESS: All versions
  • MELSEC iQ-F Series FX5U-80MT/DSS: All versions
  • MELSEC iQ-F Series FX5U-32MR/ES: All versions
  • MELSEC iQ-F Series FX5U-32MR/DS: All versions
  • MELSEC iQ-F Series FX5U-64MR/ES: All versions
  • MELSEC iQ-F Series FX5U-64MR/DS: All versions
  • MELSEC iQ-F Series FX5U-80MR/ES: All versions
  • MELSEC iQ-F Series FX5U-80MR/DS: All versions
  • MELSEC iQ-F Series FX5UC-32MT/D: All versions
  • MELSEC iQ-F Series FX5UC-32MT/DSS: All versions
  • MELSEC iQ-F Series FX5UC-64MT/D: All versions
  • MELSEC iQ-F Series FX5UC-64MT/DSS: All versions
  • MELSEC iQ-F Series FX5UC-96MT/D: All versions
  • MELSEC iQ-F Series FX5UC-96MT/DSS: All versions
  • MELSEC iQ-F Series FX5UC-32MT/DS-TS: All versions
  • MELSEC iQ-F Series FX5UC-32MT/DSS-TS: All versions
  • MELSEC iQ-F Series FX5UC-32MR/DS-TS: All versions
  • MELSEC iQ-F Series FX5UJ-24MT/ES: All versions
  • MELSEC iQ-F Series FX5UJ-24MT/DS: All versions
  • MELSEC iQ-F Series FX5UJ-24MT/ESS: All versions
  • MELSEC iQ-F Series FX5UJ-24MT/DSS: All versions
  • MELSEC iQ-F Series FX5UJ-40MT/ES: All versions
  • MELSEC iQ-F Series FX5UJ-40MT/DS: All versions
  • MELSEC iQ-F Series FX5UJ-40MT/ESS: All versions
  • MELSEC iQ-F Series FX5UJ-40MT/DSS: All versions
  • MELSEC iQ-F Series FX5UJ-60MT/ES: All versions
  • MELSEC iQ-F Series FX5UJ-60MT/DS: All versions
  • MELSEC iQ-F Series FX5UJ-60MT/ESS: All versions
  • MELSEC iQ-F Series FX5UJ-60MT/DSS: All versions
  • MELSEC iQ-F Series FX5UJ-24MR/ES: All versions
  • MELSEC iQ-F Series FX5UJ-24MR/DS: All versions
  • MELSEC iQ-F Series FX5UJ-40MR/ES: All versions
  • MELSEC iQ-F Series FX5UJ-40MR/DS: All versions
  • MELSEC iQ-F Series FX5UJ-60MR/ES: All versions
  • MELSEC iQ-F Series FX5UJ-60MR/DS: All versions
  • MELSEC iQ-F Series FX5UJ-24MT/ES-A: All versions
  • MELSEC iQ-F Series FX5UJ-24MR/ES-A: All versions
  • MELSEC iQ-F Series FX5UJ-40MT/ES-A: All versions
  • MELSEC iQ-F Series FX5UJ-40MR/ES-A: All versions
  • MELSEC iQ-F Series FX5UJ-60MT/ES-A: All versions
  • MELSEC iQ-F Series FX5UJ-60MR/ES-A: All versions
  • MELSEC iQ-F Series FX5S-30MT/ES: All versions
  • MELSEC iQ-F Series FX5S-30MT/DS: All versions
  • MELSEC iQ-F Series FX5S-30MT/ESS: All versions
  • MELSEC iQ-F Series FX5S-30MT/DSS: All versions
  • MELSEC iQ-F Series FX5S-40MT/ES: All versions
  • MELSEC iQ-F Series FX5S-40MT/DS: All versions
  • MELSEC iQ-F Series FX5S-40MT/ESS: All versions
  • MELSEC iQ-F Series FX5S-40MT/DSS: All versions
  • MELSEC iQ-F Series FX5S-60MT/ES: All versions
  • MELSEC iQ-F Series FX5S-60MT/DS: All versions
  • MELSEC iQ-F Series FX5S-60MT/ESS: All versions
  • MELSEC iQ-F Series FX5S-60MT/DSS: All versions
  • MELSEC iQ-F Series FX5S-80MT/ES: All versions
  • MELSEC iQ-F Series FX5S-80MT/DS: All versions
  • MELSEC iQ-F Series FX5S-80MT/ESS: All versions
  • MELSEC iQ-F Series FX5S-80MT/DSS: All versions
  • MELSEC iQ-F Series FX5S-30MR/ES: All versions
  • MELSEC iQ-F Series FX5S-30MR/DS: All versions
  • MELSEC iQ-F Series FX5S-40MR/ES: All versions
  • MELSEC iQ-F Series FX5S-40MR/DS: All versions
  • MELSEC iQ-F Series FX5S-60MR/ES: All versions
  • MELSEC iQ-F Series FX5S-60MR/DS: All versions
  • MELSEC iQ-F Series FX5S-80MR/ES: All versions
  • MELSEC iQ-F Series FX5S-80MR/DS: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

An information disclosure vulnerability exists in MELSEC iQ-F series CPU module due to cleartext transmission of sensitive information. An attacker may obtain credential information by intercepting SLMP communication messages and using the obtained credentials to read or write the device values. Additionally, the attacker may be able to stop the operation of programs.

CVE-2025-7731 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-7731. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Thai Do, Minh Pham, Quan Le and Loc Nguyen of Unit 515, OPSWAT reported this vulnerability to Mitsubishi Electric.

4. MITIGATIONS

Mitsubishi Electric Corporation advises there are no plans to release a fixed version. Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this vulnerability:

  • Use a virtual private network (VPN) or similar to encrypt SLMP communication.
  • Restrict physical access to the LAN connected by the affected products.

Mitsubishi Electric Corporation recommends users contact their local Mitsubishi Electric representative with questions.

For more information, see Mitsubishi Electric’s security advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • August 28, 2025: Initial Republication of Mitsubishi Electric 2025-012

Delta Electronics COMMGR

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.8
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Delta Electronics
  • Equipment: COMMGR
  • Vulnerabilities: Stack-based Buffer Overflow, Code Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Delta Electronics COMMGR are affected:

  • COMMGR: Versions v2.9.0 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

Delta Electronics COMMGR versions 2.9.0 and prior are vulnerable to a Stack-based Buffer Overflow vulnerability that could allow an attacker to execute arbitrary code by crafting specially designed .isp files.

CVE-2025-53418 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).

A CVSS v4 score has also been calculated for CVE-2025-53418. A base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N).

3.2.2 IMPROPER CONTROL OF GENERATION OF CODE (‘CODE INJECTION’) CWE-94

Delta Electronics COMMGR versions 2.9.0 and prior are vulnerable to a Code Injection vulnerability that could allow an attacker to execute arbitrary code by crafting specially designed .isp files.

CVE-2025-53419 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-53419. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Delta Electronics reported CVE-2025-53418 to CISA. Mai Mostafa of ZDI reported CVE-2025-53419 to CISA.

4. MITIGATIONS

Delta Electronics recommends users to download and update to v2.10.0 or later.

Delta Electronics offers users the following general recommendations:

  • Do not click on untrusted Internet links or open unsolicited attachments in emails.
  • Avoid exposing control systems and equipment to the Internet.
  • Place control system networks and remote devices behind firewalls and isolate them from the business network.
  • When remote access is required, use a secure access method, such as a virtual private network (VPN).

For more information, see Delta Electroncis’s Advisory.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • August 28, 2025: Initial Publication

GE Vernova CIMPLICITY

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 7.0
  • ATTENTION: Low attack complexity
  • Vendor: GE Vernova
  • Equipment: CIMPLICITY
  • Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of GE Vernova’s CIMPLICITY, HMI/SCADA software, are affected:

  • CIMPLICITY: Versions 2024, 2023, 2022, 11.0

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

CIMPLICITY versions 2024, 2023, 2022, and 11.0 are vulnerable to an Uncontrolled Search Path Element exploit that could allow a low-level attacker to escalate their privileges.

CVE-2025-7719 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7719. A base score of 7 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Michael Heinzl reported this vulnerability to CISA.

4. MITIGATIONS

GE Vernova recommends users upgrade to CIMPLICITY 2024 SIM 4. The SIM is posted to the KB as article: 000071725.

Direct Link (Login Required): https://digitalsupport.ge.com/s/article/CIMPLICITY-2024-SIM-4?language=en_US.

The most complete method to address the vulnerability is upgrading to CIMPLICITY 2024 SIM 4. However, if users are currently unable to upgrade and/or choose not to, it is recommended they reach out to GE Vernova support for guidance to further mitigate the issue on their version(s).

Users are strongly advised to follow the Secure Deployment Guide (SDG) instructions. The complete SDG can be found at CIMPLICITY SDG (Login Required).

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

  • August 28, 2025: Initial Publication

Delta Electronics CNCSoft-G2

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.5
  • ATTENTION: Low attack complexity
  • Vendor: Delta Electronics
  • Equipment: CNCSoft-G2
  • Vulnerability: Out-of-bounds Write

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Delta Electronics CNCSoft-G2 are affected:

  • CNCSoft-G2: Version 2.1.0.20 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS WRITE CWE-787

Delta Electronics CNCSoft-G2 is vulnerable to a flaw in the parsing of DPAX files that allows attackers to execute arbitrary code. This vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file. Exploitation of this flaw can result in memory corruption and code execution within the context of the current process.

CVE-2025-47728 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-47728. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Kholoud Altookhy from Trend Micro’s Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Delta Electronics recommends users update to v2.1.0.27 or later.

Delta has published Delta-PCSA-2025-00007 in both English and Chinese on their security website to provide more details about these issues.

Delta also recommends the following general security practices:

  • Do not click on untrusted Internet links or open unsolicited attachments in emails.
  • Avoid exposing control systems and equipment to the Internet.
  • Place systems and devices behind a firewall and isolate them from the business network.
  • When remote access is required, use a secure access method, such as a virtual private network (VPN).

If you have any product-related support concerns, find a contact from Delta’s portal page for any information or materials you may require.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

  • August 28, 2025: Initial Publication

Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 6.7
  • ATTENTION: Low Attack Complexity
  • Vendor: Schneider Electric
  • Equipment: Saitel DR RTU, Saitel DP RTU
  • Vulnerability: Improper Privilege Management

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

  • Schneider Electric Saitel DR RTU: versions 11.06.29 and prior
  • Schneider Electric Saitel DP RTU: versions 11.06.34 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269

An improper privilege management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts.

CVE-2025-8453 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Communications, Critical Manufacturing, Energy, Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Robin Senn and Sebastian Krause of GAI NetConsult GmbH reported this vulnerability to Schneider Electric.

Schneider Electric reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Schneider Electric Saitel DR RTU: HUe Firmware version 11.06.30 includes a fix for this vulnerability and is available for download here.
  • Schneider Electric Saitel DR RTU: If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:
    • Limit physical or console access to trusted users only.
    • Ensure that configuration files used by privileged daemons are owned by root, not writable by non-privileged users, and set to minimum permissions when technically feasible to prevent unauthorized modification.
  • Schneider Electric Saitel DP RTU: Schneider Electric is establishing a remediation plan for the Saitel DP RTU product that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, users should immediately apply the following mitigations to reduce the risk of exploit:
    • Limit physical or console access to trusted users only.
    • Enforce password policy (strong password and update password regularly). Password updates can be applied using the EcoStruxure Cybersecurity Admin Expert tool, or device webpage.
    • Users should also consider upgrading to the latest product offering PowerLogic T500 Substation Controller

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-224-01 Saitel DR & Saitel DP Remote Terminal Unit – SEVD-2025-224-01 PDF Version, Saitel DR & Saitel DP Remote Terminal Unit – SEVD-2025-224-01 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

  • August 28, 2025: Initial Republication of Schneider Electric CPCERT SEVD-2025-224-01

Schneider Electric Modicon M340 Controller and Communication Modules

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Schneider Electric
  • Equipment: Modicon M340 and Communication Modules
  • Vulnerability: Improper Input Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

  • Modicon M340: All versions
  • BMXNOR0200H Ethernet/Serial RTU Module: All versions
  • BMXNGD0100 M580 Global Data module: All versions
  • BMXNOC0401 Modicon M340 X80 Ethernet Communication modules: All versions
  • BMXNOE0100 Modbus/TCP Ethernet Modicon M340 module: Versions prior to 3.60
  • BMXNOE0110 Modbus/TCP Ethernet Modicon M340 FactoryCast module: Versions prior to 6.80

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER INPUT VALIDATION CWE-20

Improper Input Validation vulnerability exists that could cause a Denial-of-Service when specially crafted FTP command is sent to the device.

CVE-2025-6625 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-6625. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

CyManII reported this vulnerability to Schneider Electric.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • BMXNOE0100 Modbus/TCP Ethernet Modicon M340 module: Version 3.60 of BMXNOE0100 includes a fix for this vulnerability and is available for download here. Reboot is needed to complete the firmware upgrade.
  • BMXNOE0110 Modbus/TCP Ethernet Modicon M340 FactoryCast module: Version 6.80 of BMXNOE0110 includes a fix for this vulnerability and is available for download here. Reboot is needed to complete the firmware upgrade.

Schneider Electric is establishing a remediation plan for all future versions of Modicon M340, BMXNOR0200H, BMXNGD0100, and BMXNOC401. Until then, users should immediately apply the following mitigations to reduce the risk of exploit:

  • FTP service is disabled by default
  • Ensure to disable FTP service when not in use
  • Setup network segmentation and implement a firewall to block all unauthorized access to ports 21/FTP
  • Use VPN (Virtual Private Networks) tunnels if remote access is required

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-224-05.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • August 26, 2025: Initial Republication of Schneider Electric SEVD-2025-224-05

INVT VT-Designer and HMITool

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.5
  • ATTENTION: Low attack complexity
  • Vendor: INVT
  • Equipment: VT-Designer and HMITool
  • Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type (‘Type Confusion’)

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of INVT VT-Designer and HMITool are affected:

  • VT-Designer: Version 2.1.13 (CVE-2025-7227, CVE-2025-7228, CVE-2025-7229, CVE-2025-7230, CVE-2025-7231)
  • HMITool: Version 7.1.011 (CVE-2025-7223, CVE-2025-7224, CVE-2025-7225, CVE-2025-7226)

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS WRITE CWE-787

HMITool is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7223 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7223. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 OUT-OF-BOUNDS WRITE CWE-787

HMITool is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7224 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7224. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 OUT-OF-BOUNDS WRITE CWE-787

HMITool is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7225 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7225. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.4 OUT-OF-BOUNDS WRITE CWE-787

HMITool is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7226 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7226. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.5 OUT-OF-BOUNDS WRITE CWE-787

VT-Designer is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7227 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7227. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.6 OUT-OF-BOUNDS WRITE CWE-787

VT-Designer is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7228 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7228. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.7 OUT-OF-BOUNDS WRITE CWE-787

VT-Designer is vulnerable to remote attackers when who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7229 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7229. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.8 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (‘TYPE CONFUSION’) CWE-843

VT-Designer is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7230 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7230. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.9 OUT-OF-BOUNDS WRITE CWE-787

VT-Designer is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2025-7231 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7231. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy, Information Technology, Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: China

3.4 RESEARCHER

Kholoud Altookhy from Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.

4. MITIGATIONS

INVT did not respond to CISA’s attempt to coordinate these vulnerabilities. Users should contact INVT for more information.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

  • August 26, 2025: Initial Publication

Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 5.3
  • ATTENTION: Exploitable remotely/Low attack complexity
  • Vendor: Mitsubishi Electric Corporation
  • Equipment: MELSEC iQ-F Series CPU module
  • Vulnerability: Improper Handling of Length Parameter Inconsistency

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of MELSEC iQ-F Series CPU module are affected:

  • MELSEC iQ-F Series CPU module FX5U-32MT/ES: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-32MT/DS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-32MT/ESS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-32MT/DSS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-32MR/ES: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-32MR/DS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-64MT/ES: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-64MT/DS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-64MT/ESS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-64MT/DSS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-64MR/ES: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-64MR/DS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-80MT/ES: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-80MT/DS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-80MT/ESS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-80MT/DSS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-80MR/ES: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5U-80MR/DS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-32MT/D: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-32MT/DSS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-64MT/D: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-64MT/DSS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-96MT/D: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-96MT/DSS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-32MT/DS-TS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-32MT/DSS-TS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UC-32MR/DS-TS: Versions 1.060 and later
  • MELSEC iQ-F Series CPU module FX5UJ-24MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MT/DS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MT/DSS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MR/ES: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MR/DS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MT/DS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MT/DSS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MR/ES: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MR/DS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MT/DS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MT/DSS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MR/ES: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MR/DS: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MT/ES-A: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-24MR/ES-A: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MT/ES-A: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-40MR/ES-A: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MT/ES-A: All versions
  • MELSEC iQ-F Series CPU module FX5UJ-60MR/ES-A: All versions
  • MELSEC iQ-F Series CPU module FX5S-30MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-30MT/DS: All versions
  • MELSEC iQ-F Series CPU module FX5S-30MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5S-30MT/DSS: All versions
  • MELSEC iQ-F Series CPU module FX5S-30MR/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-30MR/DS: All versions
  • MELSEC iQ-F Series CPU module FX5S-40MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-40MT/DS: All versions
  • MELSEC iQ-F Series CPU module FX5S-40MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5S-40MT/DSS: All versions
  • MELSEC iQ-F Series CPU module FX5S-40MR/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-40MR/DS: All versions
  • MELSEC iQ-F Series CPU module FX5S-60MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-60MT/DS: All versions
  • MELSEC iQ-F Series CPU module FX5S-60MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5S-60MT/DSS: All versions
  • MELSEC iQ-F Series CPU module FX5S-60MR/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-60MR/DS: All versions
  • MELSEC iQ-F Series CPU module FX5S-80MT/ES: All versions
  • MELSEC iQ-F Series CPU module FX5S-80MT/ESS: All versions
  • MELSEC iQ-F Series CPU module FX5S-80MR/ES: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130

A Denial-of-Service (DoS) vulnerability due to Improper Handling of Length Parameter Inconsistency exists in the Web server function of the MELSEC iQ-F Series CPU module.

CVE-2025-5514 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Thai Do, Minh Pham, Quan Le, and Loc Nguyen of OPSWAT Unit515 reported this vulnerability to Mitsubishi Electric Corporation. Mitsubishi Electric Corporation reported this vulnerability to CISA.

4. MITIGATIONS

Mitsubishi Electric Corporation advises that there are no plans to release a fixed version. Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this vulnerability:

  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.
  • Use IP filter function to block access from untrusted hosts. For details on the IP filter function, please refer to the manual for each product: “13.1 IP Filter Function” in the MELSEC iQ-F FX5 User’s Manual (Communication).
  • Restrict physical access to the affected products and the LAN connected by them.

Mitsubishi Electric Corporation recommends users contact their local Mitsubishi Electric representative with questions.

For more information, see Mitsubishi Electric’s security advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • August 21, 2025: Initial Publication

Siemens SIPROTEC 4 and SIPROTEC 4 Compact

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SIPROTEC 4 and SIPROTEC 4 Compact
  • Vulnerability: Improper Check for Unusual or Exceptional Conditions

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • SIPROTEC 4 6MD61: All versions
  • SIPROTEC 4 7SJ62: All versions
  • SIPROTEC 4 7SJ63: All versions
  • SIPROTEC 4 7SJ64: All versions
  • SIPROTEC 4 7SJ66: All versions
  • SIPROTEC 4 7SS52: All versions
  • SIPROTEC 4 7ST6: All versions
  • SIPROTEC 4 7UM61: All versions
  • SIPROTEC 4 7UM62: All versions
  • SIPROTEC 4 7UT63: All versions
  • SIPROTEC 4 7UT612: All versions
  • SIPROTEC 4 6MD63: All versions
  • SIPROTEC 4 7UT613: All versions
  • SIPROTEC 4 7VE6: All versions
  • SIPROTEC 4 7VK61: All versions
  • SIPROTEC 4 7VU683: All versions
  • SIPROTEC 4 Compact 7RW80: All versions
  • SIPROTEC 4 Compact 7SD80: All versions
  • SIPROTEC 4 Compact 7SJ80: All versions
  • SIPROTEC 4 Compact 7SJ81: All versions
  • SIPROTEC 4 Compact 7SK80: All versions
  • SIPROTEC 4 Compact 7SK81: All versions
  • SIPROTEC 4 6MD66: All versions
  • SIPROTEC 4 6MD665: All versions
  • SIPROTEC 4 7SA6: Versions prior to V4.78
  • SIPROTEC 4 7SA522: All versions
  • SIPROTEC 4 7SD5: Versions prior to V4.78
  • SIPROTEC 4 7SD610: Versions prior to V4.78
  • SIPROTEC 4 7SJ61: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754

Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial-of-service-condition. To restore normal operations, the devices need to be restarted.

CVE-2024-52504 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2024-52504. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SIPROTEC 4 6MD61, SIPROTEC 4 6MD63, SIPROTEC 4 6MD66, SIPROTEC 4 6MD665, SIPROTEC 4 7SA522, SIPROTEC 4 7SJ61, SIPROTEC 4 7SJ62, SIPROTEC 4 7SJ63, SIPROTEC 4 7SJ64, SIPROTEC 4 7SS52, SIPROTEC 4 7ST6, SIPROTEC 4 7UM61, SIPROTEC 4 7UM62, SIPROTEC 4 7UT63, SIPROTEC 4 7UT612, SIPROTEC 4 7UT613, SIPROTEC 4 7VE6, SIPROTEC 4 7VK61, SIPROTEC 4 7VU683, SIPROTEC 4 Compact 7RW80, SIPROTEC 4 Compact 7SD80, SIPROTEC 4 Compact 7SJ80, SIPROTEC 4 Compact 7SJ81, SIPROTEC 4 Compact 7SK80, SIPROTEC 4 Compact 7SK81: Currently no fix is planned
  • SIPROTEC 4 7SJ66: Currently no fix is available
  • SIPROTEC 4 7SA6: Update to V4.78 or later version
  • SIPROTEC 4 7SD5: Update to V4.78 or later version
  • SIPROTEC 4 7SD610: Update to V4.78 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-400089 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • August 14, 2025: Initial Republication of Siemens ProductCERT SSA-400089

Siemens Web Installer

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.5
  • ATTENTION: Low attack complexity
  • Vendor: Siemens
  • Equipment: Web Installer
  • Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Automation License Manager V6.0: All versions
  • OpenPCS 7 V9.1: All versions
  • SIMATIC WinCC Runtime Professional: All versions
  • SIMATIC WinCC Runtime Professional V20: All versions
  • SIMATIC WinCC TeleControl: All versions
  • SIMATIC WinCC Unified Line Coordination: All versions
  • SIMATIC WinCC Unified PC Runtime V18: All versions
  • SIMATIC WinCC Unified PC Runtime V19: All versions
  • SIMATIC WinCC Unified PC Runtime V20: All versions
  • SIMATIC WinCC Unified Sequence: All versions
  • SIMATIC WinCC V7.5: All versions
  • SIMATIC WinCC V8.0: All versions
  • OpenPCS 7 V10.0: All versions
  • SIMATIC WinCC V8.1: Versions prior to V8.1 Update 3
  • SIMATIC WinCC Visualization Architect (SiVArc) V17: All versions
  • SIMATIC WinCC Visualization Architect (SiVArc) V18: All versions
  • SIMATIC WinCC Visualization Architect (SiVArc) V19: All versions
  • SIMATIC WinCC Visualization Architect (SiVArc) V20: All versions
  • SIMATIC D7-SYS: All versions
  • SIMIATIC Rapid Tester: All versions
  • SIMIATIC Simulation Platform: All versions
  • SINAMICS Startdrive V17: All versions
  • SINAMICS Startdrive V18: All versions
  • Siemens Network Planner (SINETPLAN): All versions
  • SINAMICS Startdrive V19: All versions
  • SINAMICS Startdrive V20: All versions
  • SINEC NMS: Versions prior to 4.0
  • SINEMA Remote Connect Client: All versions
  • SITRANS: All versions
  • Standard PID CTRL Tool: All versions
  • TeleControl Server Basic V3.1: Versions prior to 3.1.2.2
  • TIA Administrator: Versions prior to 3.0.6
  • TIA Portal Cloud Connector: All versions
  • TIA Portal Test Suite V17: All versions
  • SIMATIC Automation Tool: All versions
  • TIA Portal Test Suite V18: All versions
  • TIA Portal Test Suite V19: All versions
  • TIA Portal Test Suite V20: All versions
  • TIA Project-Server: All versions
  • TIA Project-Server V17: All versions
  • WinCC Panel Image Setup: All versions
  • SIMATIC Automation Tool SDK Windows: All versions
  • SIMATIC BATCH V9.1: All versions
  • SIMATIC BATCH V10.0: All versions
  • SIMATIC Control Function Library (CFL) V1.0.0: All versions
  • SIMATIC Control Function Library (CFL) V2.0: All versions
  • SIMATIC Control Function Library (CFL) V3.0: All versions
  • Automation License Manager V6.2: Versions prior to V6.2 Upd3
  • SIMATIC Control Function Library (CFL) V4.0: All versions
  • SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8): All versions
  • SIMATIC eaSie Document Skills: All versions
  • SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8): All versions
  • SIMATIC eaSie Workflow Skills: All versions
  • SIMATIC Energy Suite V17: All versions
  • SIMATIC Energy Suite V18: All versions
  • SIMATIC Energy Suite V19: All versions
  • SIMATIC Logon V1.6: All versions
  • SIMATIC Logon V2.0: All versions
  • CEMAT V10.0: All versions
  • SIMATIC Management Agent: All versions
  • SIMATIC Management Console: All versions
  • SIMATIC MTP CREATOR V3.x: All versions
  • SIMATIC MTP CREATOR V4.x: All versions
  • SIMATIC MTP CREATOR V2.x: All versions
  • SIMATIC MTP CREATOR V5.x: All versions
  • SIMATIC MTP Integrator V1.x: All versions
  • SIMATIC MTP Integrator V2.x: All versions
  • SIMATIC NET PC Software V16: All versions
  • SIMATIC NET PC Software V17: All versions
  • CP PtP Param configuring interface: All versions
  • SIMATIC NET PC Software V18: All versions
  • SIMATIC NET PC Software V19: All versions
  • SIMATIC NET PC Software V20: Versions prior to V20.0 Update 1
  • SIMATIC ODK 1500S: All versions
  • SIMATIC PCS 7 Advanced Process Faceplates V9.1: All versions
  • SIMATIC PCS 7 Advanced Process Functions V2.1: All versions
  • SIMATIC PCS 7 Advanced Process Functions V2.2: All versions
  • SIMATIC PCS 7 Advanced Process Graphics V9.1: All versions
  • SIMATIC PCS 7 Advanced Process Graphics V10.0: All versions
  • SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0: All versions
  • Create MyConfig (CMC): All versions
  • SIMATIC PCS 7 Advanced Process Library V9.1: All versions
  • SIMATIC PCS 7 Basis Faceplates V9.1: All versions
  • SIMATIC PCS 7 Basis Library V9.1: All versions
  • SIMATIC PCS 7 Basis Library V10.0: All versions
  • SIMATIC PCS 7 Industry Library V9.0: All versions
  • SIMATIC PCS 7 Industry Library V9.1: All versions
  • SIMATIC PCS 7 Industry Library V10.0: All versions
  • SIMATIC PCS 7 Logic Matrix V9.1: All versions
  • SIMATIC PCS 7 Logic Matrix V10.0: All versions
  • SIMATIC PCS 7 MPC Configurator: All versions
  • Energy Support Library (EnSL): All versions
  • SIMATIC PCS 7 PowerControl: All versions
  • SIMATIC PCS 7 Standard Chemical Library V9.1: All versions
  • SIMATIC PCS 7 Standard Chemical Library V10.0: All versions
  • SIMATIC PCS 7 TeleControl: All versions
  • SIMATIC PCS 7 V9.1: All versions
  • SIMATIC PCS 7 V10.0: All versions
  • SIMATIC PCS 7/OPEN OS V9.1: All versions
  • SIMATIC PCS neo V5.0: All versions
  • SIMATIC PCS neo V6.0: Versions prior to V6.0 SP1
  • SIMATIC PDM Maintenance Station V5.0: All versions
  • FM Configuration Package: All versions
  • SIMATIC PDM V9.2: All versions
  • SIMATIC PDM V9.3: All versions
  • SIMATIC Process Function Library (PFL) V4.0: All versions
  • SIMATIC Process Historian 2020: All versions
  • SIMATIC Process Historian 2022: All versions
  • SIMATIC Process Historian 2024: All versions
  • SIMATIC ProSave V17: All versions
  • SIMATIC ProSave V18: All versions
  • SIMATIC ProSave V19: Versions prior to V19 Update 4
  • SIMATIC ProSave V20: All versions
  • Modular PID CTRL Tool: All versions
  • SIMATIC Route Control V9.1: All versions
  • SIMATIC Route Control V10.0: All versions
  • SIMATIC S7 F Systems V6.3: All versions
  • SIMATIC S7 F Systems V6.4: All versions
  • SIMATIC S7-1500 Software Controller V2: All versions
  • SIMATIC S7-1500 Software Controller V3: All versions
  • SIMATIC S7-Fail-safe Configuration Tool (S7-FCT): Versions prior to 4.0.1
  • SIMATIC S7-PCT: All versions
  • SIMATIC S7-PLCSIM Advanced: Versions prior to V7.0 Update 1
  • SIMATIC S7-PLCSIM V17: All versions
  • MultiFieldbus Configuration Tool (MFCT): All versions
  • SIMATIC S7-PLCSIM V18: All versions
  • SIMATIC S7-PLCSIM V19: All versions
  • SIMATIC S7-PLCSIM V20: Versions prior to V20 Update 1
  • SIMATIC Safety Matrix: All versions
  • SIMATIC STEP 7 CFC V19: All versions
  • SIMATIC STEP 7 CFC V20: All versions
  • SIMATIC STEP 7 V5.7: All versions
  • SIMATIC Target: All versions
  • SIMATIC WinCC flexible ES: All versions
  • SIMATIC WinCC Runtime Advanced: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CVE-2025-30033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-30033. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Harden the application host to prevent local access by untrusted personnel
  • Install applications only from an empty directory, thereby minimizing the likelihood of malicious DLLs being present
  • Automation License Manager V6.0, CEMAT V10.0, Energy Support Library (EnSL), SIMATIC BATCH V9.1, SIMATIC Logon V1.6, SIMATIC MTP CREATOR V3.x, SIMATIC MTP CREATOR V2.x, SIMATIC PCS 7 Industry Library V9.0, SIMATIC PCS neo V5.0, SIMATIC Process Function Library (PFL) V4.0, SIMATIC Process Historian 2020, SIMATIC ProSave V18, SIMATIC S7 F Systems V6.3, SIMATIC STEP 7 CFC V19, SIMATIC STEP 7 CFC V20: Currently no fix is planned
  • CP PtP Param configuring interface, Create MyConfig (CMC), FM Configuration Package, Modular PID CTRL Tool, MultiFieldbus Configuration Tool (MFCT), OpenPCS 7 V9.1, OpenPCS 7 V10.0, Siemens Network Planner (SINETPLAN), SIMATIC Automation Tool, SIMATIC Automation Tool SDK Windows, SIMATIC BATCH V10.0, SIMATIC Control Function Library (CFL) V1.0.0, SIMATIC Control Function Library (CFL) V2.0, SIMATIC Control Function Library (CFL) V3.0, SIMATIC Control Function Library (CFL) V4.0, SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8), SIMATIC eaSie Document Skills, SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8), SIMATIC eaSie Workflow Skills, SIMATIC Energy Suite V17, SIMATIC Energy Suite V18, SIMATIC Energy Suite V19, SIMATIC Logon V2.0, SIMATIC Management Agent, SIMATIC Management Console, SIMATIC MTP CREATOR V4.x, SIMATIC MTP CREATOR V5.x, SIMATIC MTP Integrator V1.x, SIMATIC MTP Integrator V2.x, SIMATIC NET PC Software V16, SIMATIC NET PC Software V17, SIMATIC NET PC Software V18, SIMATIC NET PC Software V19, SIMATIC ODK 1500S, SIMATIC PCS 7 Advanced Process Faceplates V9.1, SIMATIC PCS 7 Advanced Process Functions V2.1, SIMATIC PCS 7 Advanced Process Functions V2.2, SIMATIC PCS 7 Advanced Process Graphics V9.1, SIMATIC PCS 7 Advanced Process Graphics V10.0, SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0, SIMATIC PCS 7 Advanced Process Library V9.1, SIMATIC PCS 7 Basis Faceplates V9.1, SIMATIC PCS 7 Basis Library V9.1, SIMATIC PCS 7 Basis Library V10.0, SIMATIC PCS 7 Industry Library V9.1, SIMATIC PCS 7 Industry Library V10.0, SIMATIC PCS 7 Logic Matrix V9.1, SIMATIC PCS 7 Logic Matrix V10.0, SIMATIC PCS 7 MPC Configurator, SIMATIC PCS 7 PowerControl, SIMATIC PCS 7 Standard Chemical Library V9.1, SIMATIC PCS 7 Standard Chemical Library V10.0, SIMATIC PCS 7 TeleControl, SIMATIC PCS 7 V9.1, SIMATIC PCS 7 V10.0, SIMATIC PCS 7/OPEN OS V9.1, SIMATIC PDM Maintenance Station V5.0, SIMATIC PDM V9.2, SIMATIC PDM V9.3, SIMATIC Process Historian 2022, SIMATIC Process Historian 2024, SIMATIC ProSave V17, SIMATIC ProSave V20, SIMATIC Route Control V9.1, SIMATIC Route Control V10.0, SIMATIC S7 F Systems V6.4, SIMATIC S7-1500 Software Controller V2, SIMATIC S7-1500 Software Controller V3, SIMATIC S7-PCT, SIMATIC S7-PLCSIM V17, SIMATIC S7-PLCSIM V18, SIMATIC S7-PLCSIM V19, SIMATIC Safety Matrix, SIMATIC STEP 7 V5.7, SIMATIC Target, SIMATIC WinCC flexible ES, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC Runtime Professional V20, SIMATIC WinCC TeleControl, SIMATIC WinCC Unified Line Coordination, SIMATIC WinCC Unified PC Runtime V18, SIMATIC WinCC Unified PC Runtime V19, SIMATIC WinCC Unified PC Runtime V20, SIMATIC WinCC Unified Sequence, SIMATIC WinCC V7.5, SIMATIC WinCC V8.0, SIMATIC WinCC Visualization Architect (SiVArc) V17, SIMATIC WinCC Visualization Architect (SiVArc) V18, SIMATIC WinCC Visualization Architect (SiVArc) V19, SIMATIC WinCC Visualization Architect (SiVArc) V20, SIMATIC D7-SYS, SIMIT Rapid Tester, SIMIT Simulation Platform, SINAMICS Startdrive V17, SINAMICS Startdrive V18, SINAMICS Startdrive V19, SINAMICS Startdrive V20, SINEMA Remote Connect Client, SITRANS, Standard PID CTRL Tool, TIA Portal Cloud Connector, TIA Portal Test Suite V17, TIA Portal Test Suite V18, TIA Portal Test Suite V19, TIA Portal Test Suite V20, TIA Project-Server, TIA Project-Server V17, WinCC Panel Image Setup: Currently no fix is available
  • SIMATIC ProSave V19: Update to V19 Update 4 or later version
  • SIMATIC S7-PLCSIM V20: Update to V20 Update 1 or later version
  • SIMATIC NET PC Software V20: Update to V20.0 Update 1 or later version
  • TIA Administrator: Update to V3.0.6 or later version
  • TeleControl Server Basic V3.1: Update to V3.1.2.2 or later version
  • SINEC NMS: Update to V4.0 or later version
  • SIMATIC S7-Fail-safe Configuration Tool (S7-FCT): Update to V4.0.1 or later version
  • SIMATIC PCS neo V6.0: Update to V6.0 SP1 or later version
  • Automation License Manager V6.2: Update to V6.2 Upd3 or later version
  • SIMATIC S7-PLCSIM Advanced: Update to V7.0 Update 1 or later version
  • SIMATIC WinCC V8.1: Update to V8.1 Update 3 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-282044 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

  • August 14, 2025: Initial Republication of Siemens SSA-282044