InfoSecBulletin Cybersecurity for mankind
The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems.
Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting critical infrastructure.
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
The advisories point out various vulnerabilities in systems from major companies like Siemens, Rockwell Automation, ABB, and INFINITT Healthcare.
CISA advises users and administrators to check technical details and recommended solutions to protect their systems from potential threats.
Details of the ICS Advisories:
The ten advisories highlight vulnerabilities in industrial and healthcare control systems, reflecting a varied threat landscape. Here’s a summary of the affected products and their advisories:
ICSA-25-100-01: Siemens License Server
Addresses issues that could allow attackers to compromise license management systems.
ICSA-25-100-02: Siemens SIDIS Prime
Focuses on vulnerabilities in this diagnostic tool, potentially impacting system reliability.
ICSA-25-100-03: Siemens Solid Edge
Highlights weaknesses that could allow unauthorized access to sensitive engineering data.
ICSA-25-100-04: Siemens Industrial Edge Devices
Identifies critical exploits affecting IoT-edge devices used in industrial settings.
ICSA-25-100-05: Siemens Insights Hub Private Cloud
Covers security flaws in private cloud infrastructures that could lead to data breaches.
ICSA-25-100-06: Siemens SENTRON 7KT PAC1260 Data Manager
Targets vulnerabilities threatening energy data management systems.
ICSA-25-100-07: Rockwell Automation Arena
Discusses risks within this simulation software for manufacturing processes.
ICSA-25-100-08: Subnet Solutions PowerSYSTEM Center
Highlights potential exploits in power system management.
ICSA-25-100-09: ABB Arctic Wireless Gateways
Focuses on wireless communication vulnerabilities in industrial settings.
ICSMA-25-100-01: INFINITT Healthcare INFINITT PACS
Examines vulnerabilities in Picture Archiving and Communication Systems (PACS) used in healthcare.
CISA offers specific recommendations in its advisories, such as applying patches, setting up network segmentation, and improving system monitoring. Organizations should follow vendor guidance and keep their systems updated.
CISA highlights the need for proactive cybersecurity to protect ICS environments. Administrators and users are urged to review advisories and implement mitigations against vulnerabilities.
These advisories support CISA’s mission to strengthen the resilience of the nation’s critical infrastructure against cyber threats.
