Overview

Cyble’s weekly industrial control system (ICS) vulnerability report to clients examined 22 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities found in 10 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The 22 vulnerabilities affect products from eight vendors across nine critical sectors, ranging from energy and healthcare to IT, transportation, critical manufacturing, government, food and agriculture, and commercial facilities. Four of the vulnerabilities are rated critical.

Analysis of CWE data highlights path traversal (17.4%) as the most recurring vulnerability, followed by information disclosure (13%), memory-related flaws (8.7%), weak authentication and access control issues (8.7%), and uncontrolled search path elements (8.7%).

Critical ICS Vulnerabilities

Here are some of the most critical ICS vulnerabilities highlighted in the report.

CVE-2025-1316 is a critical OS command injection vulnerability affecting all versions of the Edimax IC-7100 IP Camera, a widely used physical access control and CCTV system. Exploiting this flaw – which carries a CVSS v3.1 base score of 9.8 – could allow attackers to execute arbitrary commands on the device, potentially leading to unauthorized access, data exfiltration, or system compromise.

Given its presence in the Commercial Facilities sector, Cyble said the vulnerability poses a significant risk to security monitoring infrastructure, making it crucial for organizations to implement network segmentation, firmware updates, and strict access controls to mitigate potential threats.

CVE-2021-29999 is a 9.8-severity Out-of-bounds Write vulnerability found in the Wind River VxWorks real-time operating system (RTOS) through version 6.8. CISA flagged the vulnerability recently after Schneider Electric reported that it is present in some communication modules for Modicon M580 and Quantum controllers. This highlights the risk of third-party vulnerabilities in ICS components and the persistent exploitation of older embedded system vulnerabilities by threat actors.

The vulnerability could allow a stack overflow attack, resulting in loss of confidentiality, integrity, and denial of service of the device. Version SV1.10 of BMENOC0321 includes a fix for the vulnerability. Schneider is working on a remediation plan for other affected versions and will update guidance when it is available. In the meantime, Schneider urges users to “immediately implement a firewall to allow only authorized traffic on 67/UDP and 68/UDP ports to reduce the risk of exploit.”

CVE-2025-23410 and CVE-2025-24924 are 9.8-severity Relative Path Traversal and Missing Authentication for Critical Function vulnerabilities, respectively, that affect the GMOD Appollo collaborative real-time genome annotation editor. CISA notes that the vulnerabilities “could allow an attacker to escalate privileges, bypass authentication, upload malicious files, or disclose sensitive information.”

GMOD recommends that users update to Version 2.8.0.

Recommendations for Mitigating ICS Vulnerabilities

Cyble recommends several controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. These measures include:

• Staying on top of security advisories and patch alerts issued by vendors and regulatory bodies like CISA. A risk-based approach to vulnerability management reduces the risk of exploitation.
• Implementing a Zero-Trust Policy to minimize exposure and ensure that all internal and external network traffic is scrutinized and validated.
• Developing a comprehensive patch management strategy that covers inventory management, patch assessment, testing, deployment, and verification. Automating these processes can help maintain consistency and improve efficiency.
• Proper network segmentation can limit an attacker’s potential damage and prevent lateral movement across networks. This is particularly important for securing critical ICS assets, which should not be exposed to the Internet if possible and properly protected if remote access is essential.
• Conducting regular vulnerability assessments and penetration testing to identify gaps in security that might be exploited by threat actors.
• Establishing and maintaining an incident response plan and ensuring that it is tested and updated regularly to adapt to the latest threats.
• All employees, especially those working with Operational Technology (OT) systems, should be required to undergo ongoing cybersecurity training programs. The training should focus on recognizing phishing attempts, following authentication procedures, and understanding the importance of cybersecurity practices in day-to-day operations.

Conclusion

These vulnerabilities highlight the complexity and dangers that critical infrastructure system vulnerabilities can pose to critical sectors and other sensitive environments. Users should heed the advice of CISA, vendors, and security researchers and ensure that these critical systems are patched and properly protected.

Regardless of the sector, staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls can limit risk. This includes limiting internet exposure and properly protecting assets that must be accessed remotely.

To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.