InfoSecBulletin Cybersecurity for mankind
The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems.
Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting critical infrastructure.
NVIDIA Releases Security Update For GPU Driver Vulnerabilities
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure
NVIDIA NeMo Framework Vuln Allow Attackers RCE
Cisco Issued Urgent Security Advisories For Multiple Products
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
The advisories point out various vulnerabilities in systems from major companies like Siemens, Rockwell Automation, ABB, and INFINITT Healthcare.
CISA advises users and administrators to check technical details and recommended solutions to protect their systems from potential threats.
Details of the ICS Advisories:
The ten advisories highlight vulnerabilities in industrial and healthcare control systems, reflecting a varied threat landscape. Here’s a summary of the affected products and their advisories:
ICSA-25-100-01: Siemens License Server
Addresses issues that could allow attackers to compromise license management systems.
ICSA-25-100-02: Siemens SIDIS Prime
Focuses on vulnerabilities in this diagnostic tool, potentially impacting system reliability.
ICSA-25-100-03: Siemens Solid Edge
Highlights weaknesses that could allow unauthorized access to sensitive engineering data.
ICSA-25-100-04: Siemens Industrial Edge Devices
Identifies critical exploits affecting IoT-edge devices used in industrial settings.
ICSA-25-100-05: Siemens Insights Hub Private Cloud
Covers security flaws in private cloud infrastructures that could lead to data breaches.
ICSA-25-100-06: Siemens SENTRON 7KT PAC1260 Data Manager
Targets vulnerabilities threatening energy data management systems.
ICSA-25-100-07: Rockwell Automation Arena
Discusses risks within this simulation software for manufacturing processes.
ICSA-25-100-08: Subnet Solutions PowerSYSTEM Center
Highlights potential exploits in power system management.
ICSA-25-100-09: ABB Arctic Wireless Gateways
Focuses on wireless communication vulnerabilities in industrial settings.
ICSMA-25-100-01: INFINITT Healthcare INFINITT PACS
Examines vulnerabilities in Picture Archiving and Communication Systems (PACS) used in healthcare.
CISA offers specific recommendations in its advisories, such as applying patches, setting up network segmentation, and improving system monitoring. Organizations should follow vendor guidance and keep their systems updated.
CISA highlights the need for proactive cybersecurity to protect ICS environments. Administrators and users are urged to review advisories and implement mitigations against vulnerabilities.
These advisories support CISA’s mission to strengthen the resilience of the nation’s critical infrastructure against cyber threats.
