Serial number: AV25-815
Date: December 8, 2025
Between December 1 and 7, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- Advantech iView – version 5.7.05.7057
- Industrial Video & Control Longwatch – versions 6.309 to 6.334
- Iskra iHUB and iHUB Lite – all versions
- Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace – version 2025.1.2 and prior
- Johnson Controls iSTAR (multiple models) – versions prior to TLS 1.2
- MAXHUB Pivot client application – versions prior to v1.36.2
- Mitsubishi Electric GX Works2 – all versions
- SolisCloud Monitoring Platform (Cloud API & Device Control API) – versions API v1 and API v2
- Sunbird DCIM dcTrack and Power IQ – versions v9.2.0 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.