CISA Issues Four ICS Advisories on Vulnerabilities and Exploits

/ Daily Cyber News, ICS Security, Vulnerabilities
add a heading (26)

On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four detailed Industrial Control Systems (ICS) advisories, warning of serious security flaws in critical infrastructure sectors such as energy and manufacturing.

The reported issues carry CVSS severity scores between 5.8 and 9.8, highlighting the urgent need for action from administrators and security teams.

Key Highlights
1. CISA published four ICS advisories impacting Siemens, Tigo Energy, and EG4 systems across key infrastructure.
2. Some vulnerabilities received CVSS ratings as high as 9.8, making remote exploitation and full system compromise possible.
3. Security teams must immediately apply vendor patches, enforce network segmentation, and strengthen access controls.

Siemens Security Flaws

CISA issued two separate Siemens advisories.

  • ICSA-25-231-01 targets the Desigo CC Product Family and SENTRON Powermanager. The flaw (CVE-2025-47809) is linked to Wibu CodeMeter components across versions V5.0 through V8. With a CVSS 8.2 score, this least privilege violation (CWE-272) allows attackers to escalate privileges through the CodeMeter Control Center right after installation.
  • ICSA-25-231-02 addresses vulnerabilities in the Mendix SAML Module. The critical flaw, CVE-2025-40758 (CVSS 8.7), involves improper cryptographic signature verification (CWE-347). It allows unauthenticated remote attackers to hijack accounts in certain Single Sign-On (SSO) setups. Fixes are available in updated versions V3.6.21, V4.0.3, and V4.1.2.

Solar and Energy Infrastructure Risks

Two advisories focus on the solar energy sector.

  • ICSA-25-217-02 (Tigo Energy) exposes Cloud Connect Advanced devices to three severe flaws:
    • Hard-coded credentials (CWE-798)
    • Command injection (CWE-77)
    • Weak PRNG seeds (CWE-337)
    Among these, CVE-2025-7768 holds a CVSS v4 score of 9.3, while CVE-2025-7769 and CVE-2025-7770 each scored 8.7.
  • ICSA-25-219-07 (EG4 Electronics) highlights four vulnerabilities in EG4 inverters, including cleartext transmission (CWE-319), firmware integrity flaws (CWE-494), information leaks (CWE-203), and authentication bypass (CWE-307). The most critical, CVE-2025-46414, reached CVSS 9.2. Some server-side fixes were applied by EG4 in April 2025, with additional hardware updates scheduled for October 15, 2025.

Mitigation Strategies

  • Siemens requires updating CodeMeter to version 8.30a and enabling UseEncryption in SAML module settings.
  • Tigo Energy is developing complete patches for the exposed flaws.
  • EG4 has already deployed partial fixes and plans further updates.

CISA advises organizations to adopt defense-in-depth strategies, including:

  • Strict network segmentation
  • VPN-secured remote access
  • Firewall-based isolation
  • Continuous monitoring and incident reporting to CISA for deeper threat correlation

Related Posts