[Control systems] CISA ICS security advisories (AV25–054)

Serial number: AV25-054

Date: February 3, 2025

Between January 27 and February 2, 2025, CISA published ICS advisories to address vulnerabilities in the following products:

  • B&R Automation Runtime – versions prior to 6.1
  • B&R mapp View – versions prior to 6.1
  • Contec Health CMS8000 Patient Monitor – multiple versions
  • Hitachi Energy UNEM – multiple versions
  • New Rock Technologies MX8G VoIP Gateway – all versions
  • New Rock Technologies NRP1302/P Desktop IP Phone – all versions
  • New Rock Technologies OM500 IP-PBX – all versions
  • Rockwell Automation DataEdgePlatform DataMosaix Private Cloud – version 7.11 and prior, version 7.09 and prior
  • Rockwell Automation FactoryTalk AssetCentre – versions prior to V15.00.001
  • Rockwell Automation FactoryTalk View SE – all versions prior to 15.0
  • Rockwell Automation FactoryTalk – all versions prior to 15.0
  • Rockwell Automation KEPServer – versions 6.0 to 6.14.263
  • Schneider Electric Power Logic – version v0.62.7 and prior
  • Schneider Electric RemoteConnect – all versions
  • Schneider Electric SCADAPackTM x70 Utilities – all versions
  • Schneider Electric System Monitor application in Harmony Industrial PC – all versions
  • Schneider Electric System Monitor application in Pro-face Industrial PC – all versions

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

Date modified: