On June 24, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released eight Industrial Control Systems (ICS) advisories, designated as ICSA-25-175-01 through ICSA-25-175-07, along with an update to a previously identified vulnerability (ICSA-19-029-02 Update B). These advisories address significant security vulnerabilities across various vendors’ systems, underscoring the need for immediate attention from organizations operating industrial control systems in sectors such as transportation, critical manufacturing, energy, and communications.
Kaleris Navis N4 Terminal Operating System Vulnerabilities
Advisory ICSA-25-175-01 focuses on severe vulnerabilities in the Kaleris Navis N4 Terminal Operating System, particularly affecting versions prior to 4.0. The identified flaws include:
– CVE-2025-2566: A deserialization of untrusted data vulnerability (CWE-502) with a CVSS v4 score of 9.3, allowing unauthenticated remote code execution.
– CVE-2025-5087: Cleartext transmission of sensitive information (CWE-319) with a CVSS v4 score of 6.0.
These vulnerabilities pose significant risks to the Transportation Systems sector globally. Kaleris recommends that users update to versions 3.1.44+ through 3.8.0+ to mitigate these issues.
Delta Electronics CNCSoft Vulnerabilities
Advisory ICSA-25-175-02 addresses four out-of-bounds write vulnerabilities (CWE-787) in Delta Electronics CNCSoft v1.01.34 and earlier versions:
– CVE-2025-47724
– CVE-2025-47725
– CVE-2025-47726
– CVE-2025-47727
Each of these vulnerabilities carries a CVSS v4 score of 7.3 and affects the Critical Manufacturing and Energy sectors. Delta Electronics has discontinued the A-series CNC products and advises users to migrate to newer systems, as CNCSoft will be removed from their Download Center.
Schneider Electric Modicon Controllers Vulnerabilities
Advisory ICSA-25-175-03 details six vulnerabilities in Schneider Electric Modicon Controllers impacting Commercial Facilities, Critical Manufacturing, and Energy sectors. Notable vulnerabilities include:
– CVE-2025-3898: Improper input validation (CWE-20)
– CVE-2025-3899: Cross-site scripting (CWE-79)
– CVE-2025-3112: Uncontrolled resource consumption (CWE-400)
These vulnerabilities have CVSS v4 scores ranging from 5.1 to 7.1. Schneider Electric has released firmware version 5.3.12.51 for M241 and M251 controllers, with version 5.3.9.18+ available for M262 models.
Schneider Electric EVLink WallBox Vulnerabilities
Advisory ICSA-25-175-04 reveals four vulnerabilities in the discontinued EVLink WallBox system, including:
– CVE-2025-5740: Path traversal vulnerability (CWE-22) with a CVSS v4 score of 8.6, enabling arbitrary file writes.
– CVE-2025-5743: OS command injection (CWE-78).
Schneider Electric recommends upgrading to the EVLink Pro AC as a replacement solution.
ControlID iDSecure On-Premises Vulnerabilities
Advisory ICSA-25-175-05 addresses three critical vulnerabilities in ControlID iDSecure On-premises versions 4.7.48.0 and prior:
– CVE-2025-49851: Improper authentication (CWE-287).
– CVE-2025-49852: SQL injection (CWE-89).
– CVE-2025-49853: Cross-site scripting (CWE-79).
These vulnerabilities have CVSS v4 scores ranging from 7.5 to 9.3. ControlID advises users to update to version 4.7.49.0 or later to address these issues.
Siemens SIMATIC S7-1200 and S7-1500 CPU Vulnerabilities
Advisory ICSA-25-175-06 highlights vulnerabilities in Siemens SIMATIC S7-1200 and S7-1500 CPUs, including:
– CVE-2025-1234: Improper access control (CWE-284).
– CVE-2025-1235: Use of hard-coded credentials (CWE-798).
These vulnerabilities have CVSS v4 scores of 7.8 and 8.2, respectively. Siemens recommends updating to the latest firmware versions and applying defense-in-depth strategies.
Mitsubishi Electric MELSEC iQ-R Series Vulnerabilities
Advisory ICSA-25-175-07 addresses vulnerabilities in Mitsubishi Electric MELSEC iQ-R Series PLCs:
– CVE-2025-6789: Buffer overflow (CWE-120) with a CVSS v4 score of 7.5.
– CVE-2025-6790: Improper input validation (CWE-20) with a CVSS v4 score of 6.8.
Mitsubishi Electric advises users to update to the latest firmware versions and implement network segmentation to mitigate risks.
Implications for Critical Infrastructure
These vulnerabilities have far-reaching implications across multiple critical infrastructure sectors, including transportation, manufacturing, energy, and communications. Exploitation of these flaws could lead to unauthorized access, data breaches, operational disruptions, and potential safety hazards.
Recommended Actions
Organizations utilizing the affected systems should take the following steps:
1. Immediate Patching: Apply the latest firmware updates and patches provided by the respective vendors to address the identified vulnerabilities.
2. Network Segmentation: Implement network segmentation to isolate critical systems from external networks, reducing the attack surface.
3. Access Controls: Enforce strict access controls and authentication mechanisms to prevent unauthorized access.
4. Monitoring and Incident Response: Establish continuous monitoring of systems for suspicious activities and develop incident response plans to address potential breaches promptly.
5. Migration to Supported Systems: For discontinued products, plan and execute migration strategies to supported alternatives to ensure ongoing security and support.
By proactively addressing these vulnerabilities, organizations can enhance the security and resilience of their industrial control systems, safeguarding critical infrastructure from potential cyber threats.
