[Control systems] CISA ICS security advisories (AV25-381)

Serial number: AV25-381
Date: June 30, 2025

Between June 23 and 29, 2025, CISA published ICS advisories to address vulnerabilities in the following products:

  • ControlID iDSecure On-premises – version 4.7.48.0 and prior
  • Delta Electronics CNCSoft – version v1.01.34 and prior
  • Kaleris Navis N4 – versions prior to 4.0
  • MICROSENS NMP WEB+ – version 3.2.5 and prior
  • Mitsubishi Electric Air conditioning systems – multiple versions and models
  • Parsons Utility Enterprise Data Management – versions 5.18, 5.03, 3.30, and versions 4.02 to 4.26
  • Parsons AclaraONE Utility Portal – versions prior to 1.22
  • Schneider Electric EVLink WallBox – all versions
  • Schneider Electric Modicon Controllers M241 – versions prior to 5.3.12.51
  • Schneider Electric Modicon Controllers M251 – versions prior to 5.3.12.51
  • Schneider Electric Modicon Controllers M262 – versions prior to 5.3.9.18
  • Schneider Electric Modicon Controllers M258 – all versions
  • Schneider Electric Modicon Controllers LMC058 – all versions
  • TrendMakers Sight Bulb Pro Firmware ZJ_CG32-2201 – version 8.57.83 and prior

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

Date modified: