InfoSecBulletin Cybersecurity for mankind
CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
ICSA-23-187-01 PiiGAB M-Bus
ICSA-23-187-02 ABUS TVIP
ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update A)
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
Industrial Control Systems vulnerabilities: PiiGAB M-Bus
These vulnerabilities include:
Code injection (CVE-2023-36859)
Improper restriction of authentication attempts (CVE-2023-33868)
Unprotected transport of credentials (CVE-2023-31277)
Use of hard-coded credentials (CVE-2023-35987)
Plaintext storage of passwords (CVE-2023-35765)
Cross-site scripting (CVE-2023-32652)
Weak password requirements (CVE-2023-34995)
Use of weak password hash (CVE-2023-34433)
Cross-site request forgery (CVE-2023-35120)
Industrial Control Systems vulnerabilities: ABUS TVIP
ABUS, a vendor of security camera systems, has identified vulnerability in their ABUS TVIP indoor security camera that could allow remote attackers to execute arbitrary code. The vulnerability, known as command injection, occurs when an attacker is able to inject malicious code into a system by exploiting a flaw in the application’s input validation. In this case, the vulnerability exists in a specific field of the camera’s configuration.
Once the attacker has successfully injected the malicious code, they can then execute it on the system, which could lead to a variety of consequences, such as arbitrary file reads or remote code execution. The severity of this vulnerability is rated as moderate, and public exploits are available. ABUS has released a patch for the vulnerability, and users are advised to update their cameras as soon as possible.
ICS vulnerabilities: Mitsubishi Electric MELSEC Series CPU Module
Mitsubishi Electric has released a firmware update to address vulnerability in their MELSEC Series CPU modules. The vulnerability, tracked as CVE-2023-1424, is a classic buffer overflow that could allow a remote attacker to cause a denial-of-service condition or execute malicious code.
The vulnerability exists due to inadequate input size checks in the affected modules. An attacker could exploit this vulnerability by sending specially crafted packets to the affected modules. If successful, the attacker could cause a denial-of-service condition or execute malicious code on the affected system.
Mitsubishi Electric has released firmware updates to address this vulnerability. Users are advised to update their firmware as soon as possible.
