InfoSecBulletin Cybersecurity for mankind
On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities, and exploits in ICS.
Vulnerabilities found in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s WGS-804HPT switch could severely threaten critical infrastructure if exploited.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software:
Exploiting these vulnerabilities could lead to memory corruption and allow remote code execution through a buffer overflow.
ICSA-24-340-02 Planet Technology Planet WGS-804HPT:
Exploiting these vulnerabilities could lead to remote code execution.
These vulnerabilities pose serious risks to industrial control systems, prompting vendors and users to quickly implement patches, firmware updates, and secure configurations.
These advisories highlight the increasing risks that ICS devices and software encounter in a changing threat environment.
Vendors and users should work together to fix vulnerabilities by implementing timely updates, strong access controls, and proactive monitoring.
CISA’s report emphasizes the importance of staying alert to secure industrial environments.
