[Control systems] CISA ICS security advisories (AV25–295)

Serial number: AV25–295
Date: May 26, 2025

Between May 19 and 25, 2025, CISA published ICS advisories to address vulnerabilities in the following products:

  • ABUP IoT Cloud Platform – all versions
  • Assured Telematics Inc (ATI) Fleet Management System – versions prior to February 6th, 2025
  • AutomationDirect MB-Gateway – all versions
  • Danfoss AK-SM 8xxA Series – versions prior to R4.2
  • Lantronix Device Installer – versions 4.4.0.7 and prior
  • Mitsubishi Electric GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX) – all versions
  • Mitsubishi Electric MC Works64 AlarmWorX Multimedia (AlarmWorX64 MMX) – all versions
  • National Instruments Circuit Design Suite – versions 14.3.0 and prior
  • Rockwell Automation 95057C-FTHTWXCT11 – versions v4.02.00 and prior
  • Schneider Electric Galaxy VL – all versions
  • Schneider Electric Galaxy VS – all versions
  • Schneider Electric Galaxy VXL – all versions
  • Schneider Electric Modicon Controllers LMC058 – all versions
  • Schneider Electric Modicon Controllers M241 – versions prior to 5.3.12.48
  • Schneider Electric Modicon Controllers M251 – versions prior to 5.3.12.48
  • Schneider Electric Modicon Controllers M258 – all versions
  • Schneider Electric PrismaSeT Active - Wireless Panel Server – all versions
  • Siemens Siveillance Video – versions V24.1 and later
  • Vertiv Liebert IS-UNITY – versions 8.4.1.0 and prior
  • Vertiv Liebert RDU101 – versions 1.9.0.0 and prior

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

Date modified: