CISA launched three vital Industrial Management Techniques (ICS) advisories on August 26, 2025, alerting organizations to essential vulnerabilities affecting widely-deployed automation programs.
These advisories spotlight extreme safety flaws throughout INVT Electrical’s engineering instruments, Schneider Electrical’s Modicon controllers, and Danfoss refrigeration programs, with CVSS v4 scores reaching 8.7, indicating high-severity exploitable situations.
Key Takeaways1. CISA issued three ICS advisories for essential flaws in INVT VT-Designer/HMITool, Schneider Modicon, and Danfoss programs.2. Vulnerabilities allow distant code execution or DoS.3. Apply vendor patches instantly.
CISA advisory ICSA-25-238-01 exposes 9 essential vulnerabilities in INVT Electrical’s VT-Designer model 2.1.13 and HMITool model 7.1.011 software program platforms.
The vulnerabilities, assigned CVE identifiers CVE-2025-7223 via CVE-2025-7231, primarily contain CWE-787 out-of-bounds write situations and one CWE-843 kind confusion vulnerability.
The affected purposes endure from insufficient enter validation when parsing VPM information (in HMITool) and PM3 information (in VT-Designer).
Attackers exploiting these flaws can obtain arbitrary code execution throughout the present course of context, requiring solely person interplay reminiscent of opening malicious information or visiting compromised internet pages.
Every vulnerability carries a CVSS v3.1 rating of seven.8 and a CVSS v4 rating of 8.5, with assault vectors characterised as AV:L/AC:L/PR:N/UI:R.
The vulnerability researcher Kimiya, working with Pattern Micro’s Zero Day Initiative, reported these safety flaws to CISA.
Notably, INVT Electrical has not responded to CISA’s coordination makes an attempt, leaving customers with out vendor-provided patches.
The affected programs span a number of essential infrastructure sectors, together with Industrial Services, Vital Manufacturing, Vitality, Data Know-how, and Transportation Techniques worldwide.
Schneider Electrical Modicon Controllers Flaws
Advisory ICSA-25-238-03 addresses CVE-2025-6625, an improper enter validation vulnerability (CWE-20) affecting Schneider Electrical’s Modicon M340 controllers and related communication modules.
The flaw allows distant attackers to set off denial-of-service situations via specifically crafted FTP instructions, incomes a CVSS v4 rating of 8.7 as a consequence of its network-accessible assault vector AV:N/AC:L/AT:N/PR:N/UI:N.
Affected merchandise embrace all variations of the Modicon M340 controller, BMXNOR0200H Ethernet/Serial RTU modules, BMXNGD0100 M580 International Information modules, and BMXNOC0401 communication modules.
Nonetheless, Schneider Electrical has launched firmware updates for the BMXNOE0100 (model 3.60) and BMXNOE0110 (model 6.80) modules, requiring system reboots for implementation.
CyManII researchers found the vulnerability and its impacts on the Vital Manufacturing and Vitality sectors globally.
Danfoss Refrigeration Techniques Flaws
The up to date advisory ICSA-25-140-03 reveals three distinct vulnerabilities in Danfoss AK-SM 8xxA Sequence refrigeration controllers.
CVE-2025-41450 represents an improper authentication vulnerability (CWE-287) brought on by datetime-based password technology, enabling authentication bypass in variations previous to R4.2.
Moreover, CVE-2025-41451 entails command injection (CWE-77) via alarm-to-mail configuration fields, permitting post-authenticated distant code execution.
CVE-2025-41452 addresses exterior management of system settings (CWE-15), probably inflicting denial-of-service via improper exception dealing with.
These vulnerabilities have an effect on variations previous to 4.3.1, with Claroty Team82 researcher Tomer Goldschmidt credited for the discoveries.
Danfoss has launched remediation updates, together with launch R4.2 and launch R4.3.1, accessible via their official software program improve course of.
The vulnerabilities primarily influence Industrial Services infrastructure, although their excessive assault complexity necessities cut back rapid exploitation dangers.
CISA emphasizes implementing defense-in-depth methods throughout all affected programs, together with community segmentation, firewall deployment, and VPN-secured distant entry protocols.
Organizations ought to prioritize rapid patching the place accessible and implement complete monitoring for suspicious actions focusing on these industrial automation platforms.
Discover this Story Fascinating! Comply with us on LinkedIn and X to Get Extra Prompt Updates.
