CISA issued three important Industrial Management Programs (ICS) advisories on July 17, 2025, addressing vital vulnerabilities affecting power monitoring, healthcare imaging, and entry management techniques.
These advisories spotlight extreme safety flaws with CVSS v4 scores starting from 8.5 to eight.7, exposing vital infrastructure throughout a number of sectors to potential cyberattacks and unauthorized entry.
Key Takeaways1. Leviton’s AcquiSuite and Power Monitoring Hub endure a high-severity cross-site scripting flaw.2. Panoramic Company’s Digital Imaging Software program is susceptible to DLL hijacking.3. Johnson Controls’ C- CURE 9000 Web site Server exposes executable directories with incorrect default permissions.
Cross-Web site Scripting in Leviton Programs
CISA advisory ICSA-25-198-01 reveals a extreme cross-site scripting (XSS) vulnerability in Leviton AcquiSuite Model A8810 and Power Monitoring Hub Model A8812.
The flaw, designated CVE-2025-6185, carries a CVSS v4 rating of 8.7 and allows attackers to craft malicious payloads in URL parameters that execute in shopper browsers.
This CWE-79 categorized vulnerability permits attackers to steal session tokens and probably management your complete service remotely with low assault complexity.
The vulnerability impacts communications infrastructure deployed worldwide, with researcher notnotnotveg reporting the flaw to CISA.
Notably, Leviton has not responded to CISA’s requests for collaboration on mitigation methods, leaving customers to contact buyer assist independently for added data and patches.
DLL Hijacking Flaw Exposes Healthcare Imaging Software program
Healthcare techniques face important danger from ICSMA-25-198-01, which identifies a CWE-427 uncontrolled search path ingredient vulnerability in Panoramic Company’s Digital Imaging Software program Model 9.1.2.7600.
The CVE-2024-22774 vulnerability, scoring 8.5 on CVSS v4, allows commonplace customers to escalate privileges to NT Authority/SYSTEM via DLL hijacking methods.
This vulnerability notably threatens healthcare and public well being infrastructure throughout North America.
The flaw originates from an unsupported SDK part owned by Oy Ajat Ltd, making remediation advanced.
Damian Semon Jr. of Blue Crew Alpha LLC found and reported this vulnerability, which requires native entry however supplies full system compromise upon profitable exploitation.
Johnson Controls Entry Management Permission Flaw
The third advisory, ICSA-24-191-05 Replace B, addresses incorrect default permissions in Johnson Controls’ Software program Home C●CURE 9000 Web site Server Model 2.80 and prior variations.
CVE-2024-32861 presents a CVSS v4 rating of 8.5 and impacts techniques with non-compulsory C- CURE IQ Internet and/or C- CURE Portal installations.
The CWE-276 vulnerability supplies inadequate safety of directories containing executables underneath sure circumstances.
This vulnerability impacts vital manufacturing, business amenities, authorities amenities, transportation techniques, and power sectors worldwide.
Johnson Controls has launched particular mitigation directions via Product Safety Advisory, recommending elimination of Full management and Write permissions for non-administrator accounts on the C:CouchDBbin path.
Safety Suggestions
CISA emphasizes implementing defense-in-depth methods and community segmentation to attenuate exploitation dangers.
Key suggestions embody isolating management techniques from web entry, deploying firewalls between enterprise and management networks, and using safe VPN connections for distant entry necessities.
Organizations ought to prioritize correct influence evaluation and danger evaluation earlier than deploying defensive measures. The company encourages reporting suspected malicious exercise and following established incident response procedures.
Whereas no recognized public exploitation has been reported for these vulnerabilities, their excessive CVSS scores and widespread deployment throughout vital infrastructure sectors necessitate rapid consideration and remediation efforts.
Enhance detection, scale back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Strive ANY.RUN Now
