[Control systems] CISA ICS security advisories (AV25–348)

Serial number: AV25-348
Date: June 16, 2025

Between June 9 and 15, 2025, CISA published ICS advisories to address vulnerabilities in the following products:

  • AVEVA PI Connector for CygNet – version 1.6.14 and prior
  • AVEVA PI Data Archive – multiple versions
  • AVEVA PI Server – multiple versions
  • AVEVA PI Web API – versions 2023 SP1 and prior
  • Hitachi Energy Relion 670 – version 2.2.0
  • Hitachi Relion 650 – multiple versions
  • Hitachi Relion 670 – multiple versions
  • Hitachi SAM600-IO – multiple versions
  • multiCAM Systems Pan-Tilt-Zoom Cameras – all versions
  • PTZOptics – multiple versions and models
  • Siemens Energy Services – all versions
  • Siemens RUGGEDCOM APE1808 – all versions (with Palo Alto Networks Virtual NGFW with an enabled GlobalProtect gateway or portal)
  • Siemens RUGGEDCOM RST2428P (6GK6242-6PA00) – versions prior to V3.1
  • Siemens SCALANCE – multiple versions and models
  • Siemens SIMATIC – multiple versions and models
  • Siemens Tecnomatix Plant Simulation V2404 – versions prior to V2404.0013
  • SinoTrack IOT PC Platform – all versions
  • SMTAV Pan-Tilt-Zoom Cameras – all versions
  • ValueHD Pan-Tilt-Zoom Cameras – all version

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

Date modified: