CISA Releases ICS Advisories Addressing Ongoing Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on June 24, 2025, addressing critical security vulnerabilities across multiple industrial platforms.

These advisories encompass seven newly identified security issues and one significant update to a previously disclosed vulnerability, highlighting ongoing threats to critical infrastructure systems.

The advisories target systems from major industrial vendors including Delta Electronics, Schneider Electric, and Mitsubishi Electric, emphasizing the widespread nature of current ICS security challenges.

CISA latest advisory release demonstrates the agency’s commitment to providing timely information about current security issues, vulnerabilities, and exploits surrounding industrial control systems.

The June 24 release includes seven new advisories spanning diverse industrial applications, from terminal operating systems to building automation and access control platforms.

These advisories are designated ICSA-25-175-01 through ICSA-25-175-07, following CISA’s standardized numbering system that indicates the year and Julian date of release.

The newly released advisories cover a broad spectrum of industrial technologies, including Kaleris Navis N4 Terminal Operating System used in port and logistics operations, Delta Electronics CNCSoft for CNC machine control, and multiple Schneider Electric products including Modicon Controllers and EVLink WallBox charging systems.

Additionally, the advisories address vulnerabilities in ControlID iDSecure On-Premises access control systems, Parsons AccuWeather Widget applications, and MICROSENS NMP Web+ network management platforms.

This diversity underscores the pervasive nature of cybersecurity challenges across different industrial sectors and the need for comprehensive security awareness across all operational technology environments.

Security Scrutiny Across Product Lines

The advisory release particularly highlights security concerns affecting products from three major industrial automation vendors.

Delta Electronics, a prominent provider of industrial automation and power management solutions, faces scrutiny with its CNCSoft platform, which is widely deployed in manufacturing environments for computer numerical control applications.

The identification of vulnerabilities in this system could potentially impact numerous manufacturing facilities that rely on Delta’s automation technologies for precision machining and production control.

Schneider Electric, a global leader in energy management and automation, appears twice in the advisory list with vulnerabilities affecting both its Modicon Controllers and EVLink WallBox systems.

The Modicon Controllers are fundamental components in industrial automation networks, serving as programmable logic controllers in manufacturing and process control applications.

Meanwhile, the EVLink WallBox vulnerabilities affect electric vehicle charging infrastructure, highlighting how cybersecurity concerns now extend into emerging clean energy technologies.

The dual appearance of Schneider Electric products in this advisory release emphasizes the critical importance of comprehensive security assessments across entire product portfolios.

Mitigations

CISA’s released these advisories, including the significant Update B to the Mitsubishi Electric MELSEC-Q Series PLCs advisory originally published in 2019, demonstrates the evolving nature of industrial cybersecurity threats.

The fact that a six-year-old advisory requires substantial updates indicates the complexity of addressing vulnerabilities in long-lifecycle industrial systems and the ongoing discovery of new attack vectors against established platforms.

The agency strongly encourages users and administrators to review the newly released ICS advisories for comprehensive technical details and specific mitigation strategies.

This recommendation reflects the critical importance of proactive security measures in industrial environments, where system compromises can result in operational disruptions, safety hazards, and significant economic impacts.

Organizations operating the affected systems should prioritize immediate assessment of their exposure and implementation of recommended security controls to protect against potential exploitation of these identified vulnerabilities.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.