On August 5, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released two critical advisories addressing significant security vulnerabilities in Industrial Control Systems (ICS) utilized within the manufacturing and energy sectors. These vulnerabilities, if exploited, could severely disrupt industrial operations and essential services.
Key Highlights:
1. Mitsubishi Electric Systems Vulnerability:
– CISA’s advisory ICSA-25-217-01 identifies a Windows Shortcut Following vulnerability (CWE-64) in several Mitsubishi Electric Iconics Digital Solutions products, including GENESIS64 (all versions), GENESIS (version 11.00), and Mitsubishi Electric MC Works64 (all versions).
– Designated as CVE-2025-7376 with a CVSS v3.1 base score of 5.9, this flaw allows attackers with low-privileged access to create symbolic links, leading elevated processes to perform unauthorized writes to arbitrary file system locations.
– Exploitation can result in denial-of-service (DoS) conditions if critical system files are altered.
– Mitsubishi Electric has released GENESIS Version 11.01 to address this issue and recommends implementing strict access controls, such as administrator-only login configurations and firewall restrictions.
2. Tigo Energy Cloud Systems Vulnerabilities:
– Advisory ICSA-25-217-02 reveals three severe vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) device, affecting versions 4.0.1 and earlier.
– The most critical vulnerability has a CVSS v4 score of 9.3.
– CVE-2025-7768 involves hard-coded credentials (CWE-798), granting unauthorized administrative access and potential full device compromise.
– CVE-2025-7769 is a command injection vulnerability (CWE-77) in the /cgi-bin/mobile_api endpoint’s DEVICE_PING command, allowing remote code execution.
– CVE-2025-7770 pertains to predictable session ID generation (CWE-337) using timestamp-based methods, facilitating unauthorized access to sensitive device functions.
– Collectively, these vulnerabilities enable attackers to gain full system control, modify solar energy production settings, disrupt safety mechanisms, and expose sensitive operational data.
– The remote exploitability of these flaws poses significant risks to energy sector infrastructure.
Mitigation Strategies:
– Defense-in-Depth: Implement comprehensive security measures, including network isolation, firewall deployment, and VPN-secured remote access.
– Access Controls: Enforce strict access controls, limiting system access to authorized personnel only.
– Regular Updates: Ensure all systems are updated with the latest security patches provided by vendors.
– Impact Assessments: Conduct thorough impact assessments before implementing defensive measures to understand potential risks.
Both Mitsubishi Electric and Tigo Energy are actively addressing these vulnerabilities. Mitsubishi Electric has provided immediate patches, while Tigo Energy is developing comprehensive fixes. As of now, CISA reports no known public exploitations targeting these specific vulnerabilities but emphasizes the need for immediate action due to the critical nature of the affected systems.
