CISA releases thirteen advisories on industrial control systems vulnerabilities
Thirteen Industrial Control Systems (ICS) advisories were issued by CISA on October 16, 2025, addressing vulnerabilities across multiple ICS products. These advisories cover security issues affecting systems from several manufacturers, potentially impacting operational security and control integrity.
The advisories detail vulnerabilities in Rockwell Automation products including FactoryTalk View Machine Edition, PanelView Plus 7, FactoryTalk Linx, FactoryTalk ViewPoint, and ArmorStart Agent Orchestration Platform (AOP). Siemens is noted with affected products such as Solid Edge, SiPass Integrated, SIMATIC ET 200SP Communication Processors, SINEC Network Management System (NMS), TeleControl Server Basic, and HyperLynx with Industrial Edge App Publisher. Hitachi Energy's MACH GWS and Schneider Electric's EcoStruxure (Update A) are included, along with Delta Electronics CNCSoft-G2 DOPSoft (Update A). Specific Common Vulnerabilities and Exposures (CVE) identifiers, affected firmware and software versions, vulnerable components, and exploit conditions are delineated within each advisory.
The impacts of these vulnerabilities vary per product but generally involve potential unauthorized access, data manipulation, or control disruption. Each advisory specifies the consequences associated with its respective vulnerabilities as provided by the vendors and CISA.
Several advisories include information on available patches, updates, or other remediation steps. Users and administrators are provided with vendor-recommended solutions where such information exists. In cases where fixes are yet to be released, the advisories indicate the current status and recommended interim actions if any.
CISA advises that users and system operators examine the detailed ICS advisories to understand the specific vulnerabilities and to apply recommended mitigations or updates. Attention to these advisories assists in managing the security posture of the affected industrial control environments.