CISA has published two advisories addressing vulnerabilities and exploits related to Industrial Control Systems (ICS).

On August 5, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding critical vulnerabilities in Industrial Control Systems (ICS) that could severely impact the manufacturing and energy sectors. The advisories highlight significant security flaws in products from Mitsubishi Electric and Tigo Energy, with the latter’s vulnerabilities allowing for remote exploitation, while the former poses risks of information tampering. CISA’s advisory ICSA-25-217-01 identifies a Windows Shortcut Following vulnerability (CWE-64) in various Mitsubishi Electric Iconics Digital Solutions products, including GENESIS64 and MC Works64. This vulnerability, assigned CVE-2025-7376 with a CVSS v3.1 base score of 5.9, enables attackers to manipulate symbolic links, potentially leading to denial-of-service conditions. Mitsubishi Electric has released GENESIS Version 11.01 as a remediation measure and urges administrators to enforce strict access controls.

The second advisory, ICSA-25-217-02, addresses three critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) device, affecting versions 4.0.1 and earlier. These vulnerabilities present a heightened risk profile, with the most severe flaw receiving a CVSS v4 score of 9.3. CVE-2025-7768 exposes hard-coded credentials (CWE-798), granting unauthorised administrative access. CVE-2025-7769 reveals a command injection vulnerability (CWE-77) in the DEVICE_PING command, allowing for remote code execution. Additionally, CVE-2025-7770 uncovers predictable session ID generation (CWE-337), facilitating unauthorised access to sensitive functions. Collectively, these vulnerabilities enable attackers to gain full control over the system, disrupt safety mechanisms, and compromise sensitive operational data. CISA recommends implementing defence-in-depth strategies, including network isolation, firewall deployment, and VPN usage, to mitigate these risks effectively.

CISA has published two advisories addressing vulnerabilities and exploits related to Industrial Control Systems (ICS).

A newly discovered vulnerability in Microsoft Exchange Server allows attackers to acquire administrative privileges.

The United States has declared a funding allocation of $100 million aimed at enhancing cybersecurity for state, local, and tribal governments.

CISA Issues Urgent Advisory Calling on Federal Agencies to Fix Exchange Server Flaw by Monday.

The Cursor AI Code Editor has addressed a vulnerability that permitted attackers to execute commands through prompt injection.

CISA has included three D-Link vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog due to indications of ongoing exploitation.

Similar Posts