Serial number: AV25-764
Date: November 17, 2025
Between November 10 and 16, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- AVEVA Application Server IDE – version 2023 R2SP1 PO2 and prior
- AVEVA Edge – version 2023 R2 and prior
- Brightpick Mission Control / Internal Logic Control – All versions
- Festo Hardware Controller – multiple models and firmware versions
- General Industrial Controls Lynx+ Gateway – versions R08, V03, V05 and V18
- Mitsubishi MELSEC iQ-F Series – multiple models and versions
- Rockwell Automation AADvance-Trusted SIS Workstation – versions 2.00.00 to 2.00.04
- Rockwell Automation FactoryTalk DataMosaix Private Cloud – versions 7.11, 8.00 and
- 8.01
- Rockwell Automation FactoryTalk Policy Manager – version 6.51.00 and prior
- Rockwell Automation Studio 5000 Simulation Interface – version 2.02 and prior
- Rockwell Automation Verve Asset Manager – multiple versions
- Siemens Altair Grid Engine – versions prior to V2026.0.0
- Siemens COMOS with COMOS Web deployed – versions prior to 10.4.5
- Siemens COMOS using COMOS Snapshots component – versions prior to 10.4.5
- Siemens LOGO! 8 BM Devices – multiple models and all versions
- Siemens SICAM P850 family and SICAM P855 family – multiple models and versions
- prior to 3.11
- Siemens Software Center – versions prior to 3.5
- Siemens Solid Edge SE2025 – versions prior to V225.0 Update 11
- Siemens Spectrum Power 4 – versions prior to V4.70 SP12 Update 2
- Ubia Ubox – version v1.1.124
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.