Overview

The weekly ICS vulnerabilities Intelligence Report to clients highlights the latest vulnerability landscape for ICS systems, derived from alerts by the Cybersecurity and Infrastructure Security Agency (CISA). This report covers vulnerabilities identified between February 19, 2025, and February 25, 2025, shedding light on the ongoing cybersecurity challenges faced by critical industries that rely on ICS technologies.

During this period, CISA issued seven security advisories addressing vulnerabilities impacting multiple ICS products and vendors. These advisories for these ICS vulnerabilities cover vulnerabilities found in products from ABB, Siemens, Rockwell Automation, Rapid Response Monitoring, Elseta, Medixant, and others. ABB was the most affected vendor, reporting five critical vulnerabilities across its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products.

Publicly available proof-of-concept (PoC) exploits for the reported vulnerabilities have escalated the risk of active exploitation, making it essential for organizations to quickly address these security flaws through patching and mitigation measures.

ICS Vulnerabilities by Vendor and Product

The ICS vulnerabilities identified during this reporting period span a wide range of critical infrastructure systems. For instance, ABB reported multiple flaws in its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. These vulnerabilities include hard-coded credentials, command injections, and missing origin validation in WebSockets, all categorized as critical. These ICS vulnerabilities can potentially allow attackers to execute unauthorized commands or escalate privileges, putting sensitive industrial systems at cyber risk.

Additionally, Siemens reported a critical path traversal vulnerability in its SiPass integrated product range, which could allow unauthorized access to restricted files. Elseta disclosed a critical OS command injection vulnerability in its Vinci Protocol Analyzer, a tool used for analyzing communication protocols in industrial networks, including SCADA, RTUs, and IEDs. Versions of this tool prior to 3.2.3.19 are affected, and users are advised to update to the latest version to mitigate the risk.

Impact on Critical Industry Sectors

A sector-wise analysis of the vulnerabilities revealed that the Critical Manufacturing sector was the most heavily impacted, accounting for 55.56% of the total reported vulnerabilities. This sector’s reliance on interconnected systems, such as SCADA and RTUs, makes it particularly vulnerable to cyberattacks.

In addition, vulnerabilities across the Critical Manufacturing, Transport, Energy, Healthcare, and Public Health sectors represented 11.11% of the total, highlighting the increasing interdependence between these critical infrastructure domains.

Furthermore, the Healthcare and Public Health sectors also accounted for 11.11% of the vulnerabilities, underscoring the growing risk faced by systems that manage sensitive medical data and critical care environments. The vulnerabilities in these sectors highlight the need for advanced cybersecurity strategies in industries directly impacting public safety and welfare.

Vulnerability Severity Overview

Most of the vulnerabilities disclosed by CISA in this report were classified as critical, with a significant proportion affecting core ICS components, such as RTUs, PLCs, and SCADA systems. The high severity of these vulnerabilities is a cause for concern, as they could allow attackers to disrupt essential operations, compromise sensitive data, and potentially cause system failures.

Among the various vendors reported in this period, ABB stands out due to the high number of vulnerabilities disclosed. The company reported five critical vulnerabilities across its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. These vulnerabilities are primarily concentrated in the Critical Manufacturing sector, emphasizing ABB’s role in industrial control systems and its significant exposure to cyber threats.

The availability of PoC exploits for some of these flaws has increased the likelihood of active attacks, making it essential for organizations to prioritize patching and mitigation efforts.

Recommendation and Mitigation Strategies

To protect against these vulnerabilities, organizations should adopt the following measures:

1. Patch Management: Organizations must stay up to date with the latest security advisories from vendors and authorities such as CISA. Applying patches promptly is crucial in mitigating the risks associated with vulnerabilities like those reported in the ICS Vulnerability Intelligence Report.
2. Risk-Based Vulnerability Management: A risk-based approach to vulnerability management should be employed. This approach focuses on identifying and prioritizing vulnerabilities based on their potential impact on critical systems. This approach ensures that the most pressing threats are addressed first, minimizing exposure to attacks.
3. Zero-Trust Policy: Implementing a Zero-Trust Policy across industrial networks helps minimize the risk of insider threats and reduces attack surfaces. A Zero-Trust approach assumes no implicit trust, requiring continuous authentication and authorization for users and devices.
4. Continuous Monitoring: Establishing robust monitoring and logging systems allows organizations to detect suspicious activity early, allowing them to respond to potential threats before they cause significant damage.
5. Network Segmentation: Segregating networks based on function and sensitivity can help limit the spread of attacks. Network segmentation prevents attackers from easily moving laterally within the infrastructure, protecting critical assets from exposure.

Conclusion

The Weekly ICS Vulnerability Intelligence Report highlights the pressing need for heightened cybersecurity measures across industries, particularly those relying on industrial control systems. The concentration of vulnerabilities in Critical Manufacturing and essential sectors like healthcare signals the urgent need for better patching strategies and a comprehensive approach to cybersecurity risk management. By staying informed through ICS vulnerability reports, adopting best practices for vulnerability management, and following guidance from authorities such as CISA. To access the full report, click here.

References

• https://www.cisa.gov/news-events/bulletins/sb25-041
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-02
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-04
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-05
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-06
• https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-051-01
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-056-01

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.