The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released seven new ICS advisories, each highlighting cybersecurity vulnerabilities in key Industrial Control Systems across energy, communications, emergency response, and manufacturing sectors.
The alerts shed light on remotely exploitable flaws discovered in devices and software produced by CyberData, Hitachi Energy, and Mitsubishi Electric—names synonymous with modern operational technology (OT).
A Breakdown of the Latest ICS Advisories
The first advisory, ICSA-25-155-01, addresses multiple high-impact issues in CyberData’s 011209 SIP Emergency Intercom. With a CVSS v4 severity score of 9.3, this vulnerability, reported by Claroty researcher Vera Mens, enables authentication bypass, SQL injection, and path traversal. Affected systems using firmware versions prior to 22.0.1 are vulnerable to remote code execution and denial-of-service attacks. CISA recommends upgrading to version 22.0.1 and advises isolating the intercoms from public networks using firewalls and VPNs.
The second alert, ICSA-25-155-02, involves a critical integer overflow in Hitachi Energy’s Relion 670, 650 series, and SAM600-IO devices. The flaw resides in the VxWorks OS memory allocator and holds a CVSS v3 score of 9.8. Exploitation could lead to memory corruption, potentially crippling protective relays in power systems. Multiple firmware subversions across series 1.1 to 2.2.5 are affected. Mitigation entails upgrading to version 2.2.5.2 or applying interim workarounds provided by Hitachi.
ICSA-21-049-02 (Update H) highlights vulnerabilities in Mitsubishi Electric’s broad range of FA Engineering Software, such as GX Developer, GT Designer3, and RT ToolBox2. With a CVSS v4 score of 8.7, attackers can exploit heap-based buffer overflows to crash the software or interfere with PLC diagnostics in factory automation environments. Users are advised to install the latest updates—e.g., GX Developer version 8.507D+ and RT ToolBox2 version 3.74C+.
Continued Focus on Hitachi Energy’s Industrial Control Systems
CISA’s June release includes updates to prior ICS advisories concerning Hitachi Energy’s Relion products and IEC 61850 MMS Server implementations. Notable among them:
- ICSA-25-133-02 details CVE-2023-4518, where malformed GOOSE messages could cause vulnerable Relion firmware versions to reboot, creating a denial-of-service condition. Firmware series 2.2.0.x to 2.2.5.6 are affected, and the agency recommends upgrading to secure versions such as 2.2.2.6 or 2.2.3.7.
- ICSA-23-068-05 (CVE-2022-3864) uncovers weaknesses in firmware signature validation. If exploited by an authenticated attacker, this vulnerability could lead to unauthorized firmware uploads. Affected firmware spans across versions 2.2.0 to 2.2.5.5.
- ICSA-21-336-05 is about outdated VxWorks boot components in the Relion series. CVE-2021-35535, with a CVSS v4 score of 8.9, references known “Urgent/11” vulnerabilities that could allow TCP session hijacking or packet injection. Users must patch to at least version 2.2.2.5 or apply physical and network isolation strategies.
- ICSA-23-089-01 points to a medium-severity issue (CVE-2022-3353) in Hitachi’s IEC 61850 MMS Server, where malformed client requests can block new connections. Though scoring a 5.9, it could still disrupt operations under targeted conditions.
Conclusion
CISA’s latest ICS advisories highlight the urgent need for critical infrastructure operators to secure vulnerable systems against remote exploitation. With many legacy ICS components lacking basic protections, the risks are growing, but so are the tools. CISA’s guidance offers a clear roadmap: patch systems, segment networks, restrict access, monitor threats, and train staff.
