Serial number: AV25-400
Date: July 7, 2025
Between June 30 and July 6, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- FESTO Automation Suite, FluidDraw, and Festo Didactic Products – multiple products and versions
- FESTO CODESYS Gateway Server V2 – all versions
- FESTO CODESYS Gateway Server V2 – versions prior to V2.3.9.38
- FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic CP including S7 PLC (All versions) – all versions
- FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 200 Systems (All versions) – all versions
- FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 400 Systems (All versions) – all versions
- Festo Firmware installed on Festo Hardware Controller – multiple products and versions
- Hitachi Energy MSM – version 2.2.9 and prior
- Hitachi Energy Relion 650 – multiple versions
- Hitachi Energy Relion 670 – multiple versions
- Hitachi MicroSCADA Pro/X SYS600 – multiple versions
- Hitachi SAM600-IO – version 2.2.5.6
- Mitsubishi Electric MELSEC iQ-F Series – multiple versions and models
- Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M – versions 1.000A to 1.012N
- Voltronic Power Viewpower – version 1.04-24215 and prior
- Voltronic Power ViewPower Pro – version 2.2165 and prior
- Voltronic Powershield NetGuard – version 1.04-22119 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.