Overview

Cyble’s weekly industrial control system (ICS) vulnerability report to clients examined 66 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities found in 18 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The 66 vulnerabilities include 30 high-severity flaws and 15 critical vulnerabilities across eight sectors, ranging from energy and healthcare to transportation, critical manufacturing, chemical, food and agriculture, wastewater, and commercial facilities.

Cyble highlighted two of the CISA advisories as meriting particularly high attention because of vulnerabilities found in solar energy management and cardiology diagnostic systems.

Critical ICS Vulnerabilities

Cyble noted that vulnerabilities within Sungrow iSolarCloud “are among the important ones as they impact critical energy management systems.”

Sungrow’s iSolarCloud Android App and WiNet firmware are critical for monitoring and controlling solar energy infrastructure, enabling users to optimize performance and ensure seamless operations. Eight critical vulnerabilities in particular pose significant risks to the energy sector, as successful exploitation could result in attackers accessing and modifying sensitive information.

The vulnerabilities include eight flaws rated between CVSS v4 9.2 and 9.5. Those include:

• CVE-2024-50693 and CVE-2024-50689: These are both 9.2-rated Authorization Bypass Through User-Controlled Key vulnerabilities
• CVE-2024-50692: a 9.5-severity Use of Hard-Coded Credentials vulnerability
• CVE-2024-50694, CVE-2024-50695 and CVE-2024-50697: 9.5-severity Stack-Based Buffer Overflow vulnerabilities
• CVE-2024-50698: a 9.5-rated Heap-Based Buffer Overflow vulnerability
• CVE-2024-50696: a 9.5-rated Download of Code Without Integrity Check vulnerability

Sungrow has released updated versions of the affected firmware. Users are urged to apply version WINET-SV200.001.00.P028 or higher and update their iSolarCloud Android App to the latest version. The iSolarCloud has been updated and requires no further user action.

A second CISA advisory flagged by Cyble involves two 8.5 severity vulnerabilities affecting older versions of Philips IntelliSpace Cardiovascular (ISCV), a critical platform for managing and analyzing cardiovascular imaging data that assist clinicians in diagnosing and treating heart conditions.

An Improper Authentication Vulnerability (CVE-2025-2230) could allow unauthorized users to access sensitive patient data, compromising the confidentiality and integrity of medical records. Additionally, using Weak Credentials (CVE-2025-2229) makes the system more susceptible to brute-force attacks and credential exploitation.

“These weaknesses not only endanger patient privacy but also disrupt critical diagnostic workflows, potentially impacting patient care,” Cyble said in its report to clients.

CISA noted that successfully exploiting the vulnerabilities “could allow an attacker to replay the session of the logged-in ISCV user and gain access to patient records.”

While the ISCV vulnerability findings are new, they were fixed some time ago but may still be present in older systems.

CVE-2025-2229 was resolved in ISCV 4.2 build 20589, released in May 2019, and CVE-2025-2230 was resolved in ISCV 5.2, which was released in September 2020.

Recommendations for Mitigating ICS Vulnerabilities

Cyble recommends the following controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. These measures include:

• Staying on top of security advisories and patch alerts issued by vendors and regulatory bodies like CISA. A risk-based approach to vulnerability management reduces the risk of exploitation.
• Implementing a Zero-Trust Policy to minimize exposure and ensure that all internal and external network traffic is scrutinized and validated.
• Developing a comprehensive patch management strategy that covers inventory management, patch assessment, testing, deployment, and verification. Automating these processes can help maintain consistency and improve efficiency.
• Network segmentation can limit an attacker’s potential damage and prevent lateral movement across networks. This is particularly important for securing critical ICS assets, which should not be exposed to the Internet if possible and protected adequately if remote access is essential.
• Conducting regular vulnerability assessments and penetration testing to identify security gaps that might be exploited by threat actors.
• Establishing and maintaining an incident response plan and ensuring that it is tested and updated regularly to adapt to the latest threats.
• All employees, especially those working with Operational Technology (OT) systems, should be required to undergo ongoing cybersecurity training programs. The training should focus on recognizing phishing attempts, following authentication procedures, and understanding the importance of cybersecurity practices in day-to-day operations.

Conclusion

These vulnerabilities highlight the dangers that critical infrastructure system vulnerabilities can pose to critical sectors like energy, healthcare, and other sensitive environments. Users should heed the advice of CISA, vendors, and security researchers and ensure that these critical systems are patched and properly protected.

Regardless of the sector, staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls can limit risk. This includes limiting internet exposure and properly protecting assets that must be accessed remotely.

To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.