The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five new ICS advisories this week, drawing attention to severe vulnerabilities affecting industrial and medical systems worldwide. Among the most notable disclosures are flaws in Siemens SiPass, Consilium’s CS5000 Fire Panel, Instantel Micromate, and others.

CISA’s advisories, released under alert codes ICSA-25-148-01 through ICSA-25-148-04, along with ICSMA-25-148-01, include vulnerability scores, mitigation strategies, and analysis of potential exploitation. Organizations across the manufacturing, healthcare, transportation, and energy sectors are urged to review these findings promptly.

CISA’s New ICS Advisories this Week

Siemens SiPass Advisory (ICSA-25-148-01)

Among the high-profile advisories is a serious vulnerability in Siemens SiPass, a widely used access control system in critical manufacturing environments.

• Vulnerability: Improper Verification of Cryptographic Signature (CWE-347)
• CVE: CVE-2022-31807
• CVSS v3.1 Score: 6.2
• CVSS v4 Score: 8.2

This flaw could allow an attacker to install malicious firmware on affected devices. If exploited remotely or via a man-in-the-middle attack, a bad actor could compromise system integrity without needing physical access.

All versions of SiPass integrated AC5102 (ACC-G2) and ACC-AP are affected. Siemens has not issued a fix yet but recommends enabling TLS encryption to protect firmware transfers. The company also stresses the importance of operating devices in secure IT environments, following Siemens’ industrial security guidelines.

Siemens SiPass Integrated (ICSA-25-148-02)

Another ICS advisory was issued for Siemens SiPass Integrated, specifically addressing a remote denial-of-service vulnerability.

• Vulnerability: Out-of-bounds Read (CWE-125)
• CVE: CVE-2022-31812
• CVSS v3.1 Score: 7.5
• CVSS v4 Score: 8.7

This issue affects versions prior to V2.95.3.18 and could allow an unauthenticated attacker to crash the application by sending malformed packets. Airbus Security first reported the vulnerability, and Siemens recommends updating to version V2.95.3.18 or newer to mitigate the issue.

Consilium Safety CS5000 Fire Panel (ICSA-25-148-03)

CISA also reported two critical vulnerabilities in the Consilium CS5000 Fire Panel, which is used in commercial, energy, healthcare, and transportation facilities.

• Vulnerabilities:

• Initialization with Insecure Defaults (CWE-1188) – CVE-2025-41438
  • Use of Hard-Coded Credentials (CWE-798) – CVE-2025-46352

• CVSS v4 Score for both: 9.3

The CS5000 contains a default SSH-enabled account with elevated permissions and a hard-coded VNC password visible within the binary itself. These backdoors allow attackers to remotely control or disable the fire panel.

Reported by Andrew Tierney of Pen Test Partners, these vulnerabilities currently have no fixes. Users are urged to upgrade to post-July 2024 fire panels or implement compensating controls like strict physical access.

Instantel Micromate (ICSA-25-148-04)

Used in vibration monitoring across critical manufacturing, Micromate devices by Instantel are vulnerable due to a lack of authentication on a configuration port.

• Vulnerability: Missing Authentication for Critical Function (CWE-306)
• CVE: CVE-2025-1907
• CVSS v4 Score: 9.3

An attacker could remotely send commands to the device without any credentials. Instantel is working on a firmware update and advises users to restrict IP access and monitor device exposure in the meantime.

Santesoft Sante DICOM Viewer Pro (ICSMA-25-148-01)

In the healthcare domain, Sante DICOM Viewer Pro, a diagnostic imaging tool, contains a memory corruption flaw.

• Vulnerability: Out-of-Bounds Read (CWE-125)
• CVE: CVE-2025-5307
• CVSS v4 Score: 8.4

Researcher Michael Heinzl reported that if a local attacker successfully exploits this vulnerability, it could lead to information disclosure or arbitrary code execution. Santesoft has released an updated version (v14.2.2) to address the issue.

Mitigation and Recommendations

CISA recommends the following proactive security measures to reduce risk and improve resilience across industrial and healthcare environments:

• Conduct comprehensive risk assessments before applying any mitigation strategies to understand system impact and exposure.
• Minimize internet exposure of industrial control systems (ICS) and medical devices to prevent unauthorized access.
• Segment control networks from corporate or business networks to limit lateral movement in case of compromise.
• Implement Zero Trust access principles to ensure strict verification at every access point, regardless of user location or device.
• Regularly update software and firmware across all ICS, medical, and networked systems to patch known vulnerabilities.

Conclusion

The latest ICS advisories reinforce a sobering reality: vulnerabilities in control systems like Siemens SiPass, Consilium’s fire panels, and Instantel’s monitoring tools could lead to business disruption and financial loss. As attackers continue to exploit weak spots in critical infrastructure, the need for smarter, faster vulnerability management is more urgent than ever.

Cyble empowers organizations with advanced, AI-driven intelligence to mitigate zero-day threats, prioritize patching based on real-world risk, and protect both IT and ICS environments. By combining vulnerability data, dark web insights, exploit intelligence, and asset context into a unified platform, Cyble helps security teams act faster, reduce attack surfaces, and prevent breaches before they occur.

See Cyble in action — request a DEMO today.

References:

• https://www.cisa.gov/news-events/alerts/2025/05/29/cisa-releases-five-industrial-control-systems-advisories
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-01
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-02
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04
• https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-148-01

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.