[Control systems] CISA ICS security advisories (AV25–238)

Serial number: AV25-238
Date: April 28, 2025

Between April 21 and 27, 2025, CISA published ICS advisories to address vulnerabilities in the following products:

  • ABB ACS5000 – versions LAAAB 4.03.0 to LAAAB 5.06.1
  • ABB ACS6000 – versions LAAAA 2.10.0 to LAAAB 5.06.1
  • ABB ACS6080 – versions LAAAA 2.10.0 to LAAAB 5.06.1
  • ALBEDO Telecom Net.Time – PTP/NTP clock (Serial No. NBC0081P) – software release 1.4.4
  • Johnson Controls Inc. ICU – versions prior to 6.9.5
  • Nice Linear eMerge E3 – versions 1.00-07 and prior
  • Planet Technology NMS-1000V – all versions
  • Planet Technology NMS-500 – all versions
  • Planet Technology UNI-NMS-Lite – versions 1.0b211018 and prior
  • Planet Technology WGS-4215-8T2S – versions 1.305b241115 and prior
  • Planet Technology WGS-804HPT-V2 – versions 2.305b250121 and prior
  • Schneider Electric Modicon M340 – all versions
  • Schneider Electric Modicon M340 – versions prior to 3.10
  • Schneider Electric Modicon M340 – versions prior to SV3.60
  • Schneider Electric Modicon M580 – all versions
  • Schneider Electric Modicon M580 – versions prior to 2.80
  • Schneider Electric Modicon M580 – versions prior to 2.90
  • Schneider Electric Modicon M580 – versions prior to sv4.20
  • Schneider Electric Modicon MC80 BMKC80* – versions prior to 1.80
  • Schneider Electric Modicon MC80 – all versions
  • Schneider Electric Modicon Momentum CPU (part numbers 171CBU*) – all versions
  • Schneider Electric Modicon Momentum M1E – all versions
  • Schneider Electric Modicon Momentum Unity M1E Processor (part numbers 171CBU*) – versions prior to SV2.6
  • Schneider Electric Modicon Premium – all versions
  • Schneider Electric Modicon Premium – all versions
  • Schneider Electric Modicon Premium – versions prior to 3.20
  • Schneider Electric Modicon Quantum Safety – all versions
  • Schneider Electric Modicon Quantum – all versions
  • Schneider Electric Modicon Quantum – versions prior to 3.60
  • Schneider Electric PLC Simulator for EcoStruxure Control Expert – versions prior to 15.1
  • Schneider Electric Wiser Home Controller WHC-5918A – all versions
  • Siemens TeleControl Server Basic SQL – versions prior to V3.1.2.2
  • Siemens TeleControl Server Basic – versions prior to V3.1.2.2
  • Vestel AC Charger EVC04 – version 3.75.0

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

Date modified: