Overview 

 The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks. 

ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A) 

Delta Electronics’ CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16. 

The vulnerabilities are as follows: 

1. Stack-based Buffer Overflow (CVE-2024-39880) 
2. Out-of-bounds Write (CVE-2024-39881) 
3. Out-of-bounds Read (CVE-2024-39882) 
4. Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858) 

These flaws, which range from improper validation of user-supplied data to memory corruption issues, all carry a CVSS v4 score of 8.4, indicating high severity. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the process. 

Mitigation: Delta Electronics recommends updating to CNCSoft-G2 version 2.1.0.20 or later and following security best practices such as avoiding untrusted internet links and placing control systems behind firewalls. 

ICSA-25-035-02: Rockwell Automation GuardLogix 5380 and 5580 (Update A) 

Rockwell Automation’s GuardLogix 5380 and 5580, components used in critical manufacturing sectors, are also subject to a vulnerability related to improper handling of exceptional conditions. This flaw can cause a denial-of-service (DoS) condition, potentially affecting the availability of industrial processes. 

The vulnerability (CVE-2025-24478) affects earlier versions of these systems, including GuardLogix 5580 (SIL 3) and Compact GuardLogix 5380 SIL 3. Successful exploitation could allow a remote, non-privileged user to send malicious requests, causing major faults that disrupt system operations. 

Mitigation: Users are encouraged to upgrade to the latest versions (V33.017, V34.014, V35.013, V36.011) and restrict access to the task object using CIP Security and Hard Run features. 

New Flaws Added to Known Exploited Vulnerabilities (KEV) Catalog 

CISA also added two more vulnerabilities to its Known Exploited Vulnerabilities Catalog on February 18, 2025. These vulnerabilities, identified in widely used products, pose risks to organizations that rely on these systems for secure network access. 

CVE-2025-0108: Palo Alto PAN-OS Authentication Bypass Vulnerability 

An authentication bypass vulnerability exists in Palo Alto Networks’ PAN-OS software, affecting the management web interface. This flaw could allow unauthenticated attackers with network access to bypass authentication controls, thereby potentially compromising the integrity and confidentiality of PAN-OS systems. 

Impact: While it does not allow remote code execution, this vulnerability can still lead to unauthorized access. The CVSS v4 score for this vulnerability is 8.8, reflecting a higher risk. Palo Alto Networks recommends restricting access to trusted internal IP addresses to reduce the risk of exploitation. 

CVE-2024-53704: SonicWall SonicOS SSLVPN Improper Authentication Vulnerability 

Another vulnerability added to the catalog affects SonicWall’s SSLVPN in SonicOS, which allows a remote attacker to bypass authentication mechanisms. This flaw, identified in multiple versions of SonicOS, enables attackers to gain unauthorized access, jeopardizing system security. 

Impact: The flaw is critical and was assigned a CVSS score of 9.0. SonicWall advises users to update their systems to patched versions to mitigate the risk. 

Conclusion 

CISA’s updates to the ICS advisories and Known Exploited Vulnerabilities highlight the urgent need for robust cybersecurity in critical infrastructure. Vulnerabilities in systems like Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix can lead to data breaches if not addressed.  

With threats targeting systems like Palo Alto Networks PAN-OS and SonicWall SSLVPN, organizations must apply security patches and follow best practices. Integrating solutions like Cyble Vision enhances threat detection and helps organizations stay protected of cybercriminals. By acting on these advisories and leveraging advanced tools, businesses can better protect their industrial control systems from cyberattacks. 

References 

• https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog 
• https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-releases-two-industrial-control-systems-advisories 
• https://www.cve.org/CVERecord?id=CVE-2025-0108 
• https://www.cve.org/CVERecord?id=CVE-2024-53704 
• https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02 

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.