On June 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released three critical advisories addressing severe vulnerabilities in Industrial Control Systems (ICS) from Schneider Electric and Mitsubishi Electric. These vulnerabilities pose significant risks to sectors such as energy, commercial facilities, and critical manufacturing, potentially enabling remote code execution, authentication bypass, and denial-of-service attacks.
Schneider Electric Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket Vulnerability
The most severe of these vulnerabilities, identified as CVE-2023-4041 with a CVSS v4 score of 9.3, affects Schneider Electric’s Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket products across all versions. This classic buffer overflow vulnerability (CWE-120) arises from improper input size validation in the Silicon Labs Gecko Bootloader firmware update parser modules. Exploitation could allow attackers to inject malicious code or bypass authentication mechanisms through low-complexity network-based attacks.
As these products have reached end-of-life status, Schneider Electric cannot provide firmware updates. Organizations are advised to disable firmware updates in the Zigbee Trust Center or remove the affected devices from service to mitigate potential risks.
Schneider Electric EcoStruxure Power Build Rapsody Software Vulnerability
Another significant vulnerability, CVE-2025-3916, is a stack-based buffer overflow (CWE-121) affecting Schneider Electric’s EcoStruxure Power Build Rapsody software, version 2.7.12 FR and earlier. Local attackers can exploit this flaw by crafting malicious SSD project files that, when opened, trigger arbitrary code execution. Although the CVSS v4 score is 4.6, indicating lower severity, the attack vector still presents substantial risks to energy sector organizations.
Schneider Electric has released version 2.8.1 FR to address this issue. Users are urged to update their systems promptly and perform system reboots to apply the remediation effectively.
Mitsubishi Electric MELSEC iQ-F Series PLC Vulnerability
The third advisory pertains to CVE-2025-3755, affecting Mitsubishi Electric’s MELSEC iQ-F Series programmable logic controllers (PLCs), with a CVSS v3.1 score of 9.1. This improper validation vulnerability (CWE-1285) allows remote attackers to read confidential information, induce denial-of-service conditions, or halt CPU module operations by sending specially crafted packets to affected systems.
Impacted products include FX5U, FX5UC, FX5UJ, and FX5S series controllers across all firmware versions. Mitsubishi Electric recommends implementing comprehensive network segmentation strategies, such as deploying firewalls, using VPNs for internet access, applying IP filtering to block untrusted hosts, and restricting physical access to affected devices and connected networks.
Mitigation Strategies
CISA emphasizes the importance of proactive measures to safeguard ICS environments:
– Patch Management: Apply vendor-released patches and firmware updates promptly to address known vulnerabilities.
– Network Segmentation: Isolate ICS devices from business networks and the public internet using firewalls and secure network architectures.
– Access Controls: Restrict access to trusted parties, enforce strong authentication mechanisms, and disable unnecessary services to minimize potential attack vectors.
– Monitoring and Logging: Implement real-time monitoring for anomalous activity and maintain secure logs to detect and respond to potential threats swiftly.
– Secure Remote Access: Utilize up-to-date VPNs for remote access, recognizing and mitigating their vulnerabilities to ensure secure connections.
These advisories highlight the persistent and evolving threats to industrial environments. Organizations are urged to review the CISA advisories, prioritize risk assessments, and implement layered defense-in-depth strategies to protect critical infrastructure from exploitation.
