Overview

The Cybersecurity and Infrastructure Security Agency (CISA) released a series of nine Industrial Control Systems (ICS) advisories on February 4, 2025. These CISA ICS advisories provide essential information about vulnerabilities, security risks, and recommended mitigations affecting various industrial control systems and their components.

The advisories, which highlight numerous threats across a variety of devices, emphasize the need for vigilance and prompt action to protect critical infrastructure from potential exploits. The nine advisories address flaws found in systems from notable vendors such as Schneider Electric, Rockwell Automation, and AutomationDirect.

These vulnerabilities can allow attackers to disrupt operations, gain unauthorized access, or even execute remote code on compromised devices.

Details of the Industrial Control Systems Advisories

1. Western Telematic Inc. Vulnerability

Advisory Code: ICSA-25-035-01

Vulnerable Products:

• NPS Series
• DSM Series
• CPM Series

An authentication bypass vulnerability (CVE-2025-0630) allows an attacker to access and manipulate files on affected devices’ filesystems. This flaw, present in versions of the products running firmware ≤ 6.62, has a CVSS v4 score of 6.0, indicating medium risk. Users are advised to update affected products to firmware versions 8.06 or 4.02 and to change default passwords before deployment.

2. Rockwell Automation Vulnerability

Advisory Code: ICSA-25-035-02

Vulnerable Products:

• 1756-L8zS3
• 1756-L3zS3

A critical vulnerability in Rockwell’s 1756-L8zS3 and 1756-L3zS3 PLC models (CVE-2025-24478) allows attackers to cause a denial-of-service (DoS) condition through malicious requests. The flaw, rated with a CVSS v4 score of 7.1, is exploitable remotely and requires low attack complexity. Users should update to the latest firmware versions to mitigate the risk.

3. Elber Communications Equipment Vulnerabilities

Advisory Code: ICSA-25-035-03

Vulnerable Products:

• Signum DVB-S/S2 IRD
• Cleber/3 Broadcast Multi-Purpose Platform
• Reble610 M/ODU XPIC IP-ASI-SDH
• ESE DVB-S/S2 Satellite Receiver
• Wayber Analog/Digital Audio STL

Elber’s devices are plagued by authentication bypass (CVE-2025-0674) and hidden functionality vulnerabilities (CVE-2025-0675). Exploiting these flaws allows attackers unauthorized administrative access. The vulnerabilities, which carry high CVSS v4 scores of 9.3 and 8.7, affect several products with versions that are either obsolete or at the end of their lifecycle. Users are urged to contact Elber for guidance.

4. Schneider Electric Modicon M580 PLCs and EVLink Pro AC Vulnerability

Advisory Code: ICSA-25-035-04

Vulnerable Products:

• Modicon M580 PLCs
• BMENOR2200H
• EVLink Pro AC

This vulnerability (CVE-2024-11425) affects Schneider Electric’s Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC products, and can lead to a denial-of-service (DoS) condition via improper buffer size calculations. With a CVSS v4 score of 8.7, this flaw is exploitable remotely and requires low attack complexity. Users should update the affected products to newer firmware versions to mitigate risks.

5. Schneider Electric Web Designer for Modicon Vulnerability

Advisory Code: ICSA-25-035-05

Vulnerable Products:

• Web Designer for Modicon

This vulnerability (CVE-2024-12476) within Schneider Electric’s Web Designer for Modicon could allow an attacker to execute arbitrary code or cause information disclosure. With a CVSS v3 score of 7.8, this flaw affects all versions of Web Designer. Mitigation measures include encrypting project files, restricting access to trusted users, and using secure communication protocols when transferring files.

6. Schneider Electric Pro-face GP-Pro EX and Remote HMI Vulnerability

Advisory Code: ICSA-25-035-07

Vulnerable Products:

• Pro-face GP-Pro EX
• Pro-face Remote HMI

Schneider Electric’s Pro-face GP-Pro EX and Remote HMI systems suffer from improper enforcement of message integrity during transmission, which could allow for man-in-the-middle (MITM) attacks. This vulnerability (CVE-2024-12399) has a CVSS v4 score of 6.1. To mitigate this, Schneider Electric recommends the use of secure VPNs like Pro-face Connect to encrypt remote communications.

7. AutomationDirect C-more EA9 HMI Vulnerability

Advisory Code: ICSA-25-035-08

Vulnerable Products:

• C-more EA9 HMI (Multiple Models)

A classic buffer overflow vulnerability (CVE-2025-0960) in AutomationDirect’s C-more EA9 HMI devices allows remote code execution or DoS attacks. With a CVSS v4 score of 9.3, this critical flaw affects multiple models. AutomationDirect recommends updating to version 6.80 of the C-more EA9 HMI software or isolating the devices from external networks as an interim mitigation measure.

8. Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, and Lithium Vulnerabilities (Update A)

Advisory Code: ICSA-23-299-03

Vulnerable Products:

• Cobalt
• Graphite
• Xenon
• Argon
• Lithium

Several vulnerabilities, including out-of-bounds write, heap-based buffer overflow, and out-of-bounds read issues, were discovered in Ashlar-Vellum’s Cobalt, Graphite, Xenon, Argon, and Lithium product lines. These vulnerabilities, with CVSS v4 scores of 8.4, could allow attackers to execute arbitrary code. Users should update to the latest software versions to mitigate these risks.

Mitigation and Recommendations

• Update Firmware and Software: Regularly update both firmware and software to the latest versions to ensure that all known vulnerabilities are patched, and that the system has the latest security improvements.
• Apply Security Patches: Promptly apply all security patches issued by vendors for both hardware and software components.
• Implement Secure Access Controls: Use multi-factor authentication (MFA) to enhance user verification processes.
• Use VPNs and Secure Protocols for Remote Communications: Require the use of Virtual Private Networks (VPNs) to encrypt remote connections, ensuring that communications between remote users and the industrial control system are secure.
• Apply Secure Configurations to Systems: Regularly audit system configurations to ensure compliance with security best practices, such as those outlined by industry standards (e.g., NIST, CIS).
• Contact Vendor for End-of-Life Devices: For devices approaching end-of-life (EOL), reach out to the manufacturer or vendor to seek guidance on continued support options, updates, and any potential mitigation strategies available.

Conclusion

CISA’s recent release of nine critical advisories highlights vulnerabilities in Industrial Control Systems (ICS) that could jeopardize critical infrastructure. These vulnerabilities, affecting products from major vendors, emphasize the need for immediate action to secure systems.

Organizations must implement key mitigation strategies, including firmware updates, applying patches, and secure communications. Cyble enhances this effort with AI-driven cybersecurity solutions like Cyble Vision and Cyble Hawk, offering real-time threat intelligence to help organizations stay ahead of cyber threats. By combining CISA’s recommendations with Cyble’s advanced platforms, organizations can better protect their critical systems from cyber adversaries.

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.