CISA Issues Five Critical ICS Advisories Covering Siemens, Schneider Electric, and ABB Systems

The Cybersecurity and Infrastructure Security Agency (CISA) published five Industrial Control Systems (ICS) advisories on April 22, 2025, addressing vulnerabilities in products from major industrial automation vendors including Siemens, Schneider Electric, and ABB. These advisories provide technical details about security flaws and recommended mitigation strategies for critical infrastructure operators.

Summary for Security Decision Makers

The latest batch of ICS advisories continues CISA’s pattern of monthly vulnerability disclosures targeting operational technology environments. This release follows six advisories issued on April 17 and nine on April 15, demonstrating sustained attention to industrial control system security. The affected systems span energy management, manufacturing automation, and building control systems, with several vulnerabilities rated high severity.

Siemens TeleControl Server Basic SQL injection (ICSA-25-112-01)
Siemens TeleControl Server Basic authentication bypass (ICSA-25-112-02)
Schneider Electric Wiser Home Controller WHC-5918A command injection (ICSA-25-112-03)
ABB MV Drives privilege escalation (ICSA-25-112-04)
Schneider Electric Modicon M580 PLCs memory corruption (ICSA-25-035-04 Update A)

Technical Analysis of Advisories

The ICSA-25-112-01 advisory details an SQL injection vulnerability in Siemens TeleControl Server Basic that could allow authenticated attackers to execute arbitrary database commands. This affects versions prior to V3.1.2 and requires network access to the TeleControl Server Basic service port (typically TCP/80). CISA recommends applying Siemens Security Update SSB-625642 and restricting network access to trusted hosts.

Schneider Electric’s Wiser Home Controller WHC-5918A (ICSA-25-112-03) contains an unauthenticated command injection vulnerability in its web interface. Successful exploitation could lead to complete system compromise. Schneider has released firmware version 2.30.0 to address this issue, along with workarounds including disabling remote access if immediate patching isn’t feasible.

Recent ICS Advisory Timeline
Date	Advisory Count	Notable Affected Systems
Apr 22, 2025	5	Siemens, Schneider, ABB
Apr 17, 2025	6	Yokogawa, Schneider
Apr 15, 2025	9	Mitsubishi Electric smartRTU
Mar 20, 2025	5	Multiple ICS vendors

Security Implications and Mitigation

These advisories highlight ongoing security challenges in industrial environments where patching cycles often conflict with operational requirements. The Modicon M580 PLC advisory (ICSA-25-035-04 Update A) specifically addresses a memory corruption issue that could lead to denial-of-service conditions – particularly disruptive in process control environments.

CISA’s consistent advisory format includes clear sections on affected products, vulnerability details, and mitigation measures. For the ABB MV Drives vulnerability (ICSA-25-112-04), the agency recommends implementing network segmentation and monitoring for anomalous drive parameter modifications that could indicate exploitation attempts.

Operational Recommendations

Organizations using affected systems should prioritize patching according to vendor guidance, with special attention to internet-facing ICS components. For systems that cannot be immediately updated, CISA suggests implementing compensating controls such as:

“Network segmentation, strict access controls, and monitoring for anomalous traffic patterns can significantly reduce risk when immediate patching isn’t possible.” – CISA ICS Advisory Portal

The frequency of these advisories – averaging five per month in 2025 according to CISA’s published data – underscores the importance of establishing robust vulnerability management processes for industrial environments. This includes maintaining accurate asset inventories, monitoring vendor security bulletins, and developing risk-based patching strategies.

Conclusion

CISA’s latest ICS advisories continue the agency’s critical role in disseminating timely vulnerability information for industrial control systems. The consistent format and technical depth of these advisories enable security teams to quickly assess risk and implement appropriate countermeasures. As industrial systems remain attractive targets for malicious actors, maintaining awareness of these advisories and responding promptly should be a priority for all critical infrastructure operators.

References

“ICSA-25-112-01: Siemens TeleControl Server Basic SQL Injection Vulnerability”, CISA, Apr. 2025.
“ICSA-25-112-03: Schneider Electric Wiser Home Controller WHC-5918A Command Injection”, CISA, Apr. 2025.

“Industrial Control Systems (ICS) Overview”, CISA, accessed Apr. 2025.
“CISA Releases Five Industrial Control Systems Advisories”, CISA Alert, Apr. 2025.
“Cybersecurity Advisories Archive”, CISA, accessed Apr. 2025.

Leave a Reply Cancel reply

Read More

Siemens TeleControl Server Basic SQL Injection Vulnerabilities: Critical Risks and Mitigations

Critical Vulnerabilities in ABB MV Drives: Technical Analysis and Mitigation Strategies

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

You may have missed

North Korean Hackers Exploit Zoom’s Remote Control Feature in Crypto-Theft Campaign

Europe’s 5-Year Path to AI Independence: Security Implications and Dutch Governance

China’s Undersea Cable-Cutting Device: Technical Analysis and Strategic Implications

Siemens TeleControl Server Basic SQL Injection Vulnerabilities: Critical Risks and Mitigations