CISA Issues 10 ICS Advisories on Critical Vulnerabilities and Exploitation Risks

The Cybersecurity and Infrastructure Security Agency (CISA) on August 7, 2025, published ten new Industrial Control Systems (ICS) advisories to alert organizations to critical vulnerabilities and potential exploits affecting control-system components.

These advisories address a broad spectrum of products—from programmable logic controllers to remote provisioning services—underscoring the ever-evolving threat landscape facing critical infrastructure sectors.

CISA urges all asset owners, operators, and service providers to review the technical details and implement recommended mitigations to bolster security posture.

Among the ten advisories, seven pertain to newly discovered vulnerabilities, while three updates expand upon earlier advisories:

• ICSA-25-219-01: Delta Electronics DIAView.
• ICSA-25-219-02: Johnson Controls FX80 and FX90.
• ICSA-25-219-03: Burk Technology ARC Solo.
• ICSA-25-219-04: Rockwell Automation Arena.
• ICSA-25-219-05: Packet Power EMX and EG.
• ICSA-25-219-06: Dreame Technology iOS and Android Mobile Applications.
• ICSA-25-219-07: EG4 Electronics EG4 Inverters.
• ICSA-25-219-08: Yealink IP Phones and RPS (Redirect and Provisioning Service).

The two supplemental advisories released alongside this batch provide updates to previously identified vulnerabilities:

• ICSA-25-148-04: Instantel Micromate (Update A).
• ICSA-25-140-04: Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update A).

These advisories span a range of ICS components, including human-machine interfaces (HMIs), inverter controllers, remote provisioning tools, and mobile applications that interface with industrial deployments.

By grouping advisories with related technical contexts, CISA enables practitioners to prioritize patches according to asset criticality and exposure.

CISA Issues 10 ICS Advisories

Analysis of the advisories reveals several recurring vulnerability themes:

1. Authentication Bypass: Certain HMI products allow remote attackers to bypass authentication mechanisms, enabling unauthorized control of critical systems. In both the Delta DIAView and Rockwell Arena advisories, CISA highlights flaws in session validation logic that could be exploited over network interfaces.
   
2. Buffer Overflows and Memory Corruption: The Burk ARC Solo and Packet Power EMX/EG advisories point to memory corruption issues that may be triggered via specially crafted packets. Successful exploitation could permit arbitrary code execution or denial-of-service (DoS) conditions.
   
3. Insecure Mobile and Provisioning Services: The Dreame mobile applications and Yealink RPS both exhibit weaknesses in certificate validation and encryption controls. Attackers positioned on the same network segment could intercept provisioning data or install malicious firmware.
   
4. Firmware Integrity and Update Mechanisms: The EG4 Electronics inverters and Instantel Micromate devices demonstrate insufficient integrity checks during firmware updates, raising the risk of supply-chain attacks. The Mitsubishi Electric advisory further underscores the necessity for secure update channels in SCADA environments.

Each advisory categorizes vulnerabilities by Common Vulnerability Scoring System (CVSS) severity, ranging from medium to critical. Several issues carry a CVSS score above 9.0, reflecting their potential impact on safety, availability, and confidentiality within sectors such as energy, water, and manufacturing.

Mitigations

CISA’s advisories consistently emphasize a defense-in-depth approach. Key recommendations include:

• Patch Deployment: Apply vendor-supplied updates or workarounds immediately. Vendors of affected products have released firmware or software patches addressing the reported flaws.
  
• Network Segmentation: Isolate ICS networks from enterprise and public networks, employing firewalls or data diodes to reduce external exposure.
  
• Access Controls and Monitoring: Enforce strong authentication for all remote and local access, implement role-based privileges, and deploy intrusion detection systems to flag anomalous traffic patterns.
  
• Firmware and Configuration Hardening: Verify cryptographic signatures on all firmware, disable unnecessary services, and enforce secure provisioning protocols.

CISA also recommends regular vulnerabilities scanning and penetration testing to detect latent issues before adversaries can exploit them.

In addition, asset owners should subscribe to CISA’s Automated Indicator Sharing (AIS) service to receive real-time threat intelligence.

By promptly addressing these advisories, organizations can significantly reduce their risk of disruption or compromise.

Detailed technical information, including affected product versions, CVE identifiers, and patch instructions, is available on CISA’s website under “ICS Advisories.” Continuous vigilance and rapid remediation are critical as adversaries increasingly target industrial environments.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.