The Cybersecurity and Infrastructure Security Agency (CISA) has released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025, highlighting critical security vulnerabilities affecting major industrial vendors, including Siemens, Delta Electronics, Advantech, KUNBUS, and IDEC.
This comprehensive release encompasses ten new security advisories and three updated advisories, underscoring the ongoing cybersecurity challenges facing critical infrastructure operators and industrial organizations worldwide.
The bulk of the newly identified vulnerabilities affect Siemens products, with six separate advisories targeting the German industrial giant’s diverse portfolio.
The affected systems include SINEC NMS network management software (ICSA-25-191-01), Solid Edge computer-aided design platform (ICSA-25-191-02), and TIA Administrator automation software (ICSA-25-191-03).
Additionally, Siemens’ SIMATIC CN 4100 industrial communication device (ICSA-25-191-04), TIA Project-Server and TIA Portal development environment (ICSA-25-191-05), and SIPROTEC 5 protection relay system (ICSA-25-191-06) are all subject to newly discovered security flaws.
Beyond Siemens, several other prominent industrial technology vendors face security challenges.
Delta Electronics’ DTM Soft configuration software (ICSA-25-191-07), Advantech’s iView industrial monitoring platform (ICSA-25-191-08), and KUNBUS RevPi Webstatus interface (ICSA-25-191-09) have all been identified with vulnerabilities requiring immediate attention from users and system administrators.
Among the most concerning revelations is the identification of vulnerabilities in the End-of-Train and Head-of-Train Remote Linking Protocol (ICSA-25-191-10), which directly impacts railroad transportation systems.
This protocol is fundamental to modern freight train operations, enabling communication between locomotive engineers and remote car monitoring systems.
The exposure of security flaws in such critical transportation infrastructure highlights the expanding attack surface that cybercriminals can exploit to disrupt essential services.
The advisory updates also reveal ongoing security concerns with previously identified vulnerabilities.
KUNBUS GmbH Revolution Pi systems (ICSA-25-121-01 Update A), ECOVACS DEEBOT vacuum and base station products (ICSA-25-135-19 Update A), and IDEC industrial products (ICSA-24-263-02 Update A) have received updated guidance, indicating either new attack vectors or refined mitigation strategies.
CISA’s simultaneous release of thirteen advisories represents one of the most significant single-day disclosures of ICS vulnerabilities in recent memory.
The agency emphasizes that users and administrators must immediately review these advisories for technical details and implement recommended mitigations to protect their industrial systems from potential cyberattacks.
The breadth of affected systems spanning manufacturing automation, network management, transportation control, and even consumer robotics demonstrates the interconnected nature of modern industrial infrastructure and the cascading risks that unpatched vulnerabilities can create across multiple sectors.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…