Review – 11 Advisories and 2 Updates Published – 5-20-25

Today CISA’s NCCIC-ICS published 11 control system security advisories for products from Assured Telematics, Vertiv, AutomationDirect, Schneider (3), Siemens, Mitsubishi, Danfoss, NI, ABUP. They also updated two advisories for products from Schneider.

Advisories

Assured Telematics Advisory - This advisory describes an exposure of sensitive information to an unauthorized control sphere vulnerability in the Assured Telematics Fleet Management System.

Vertiv Advisory - This advisory describes two vulnerabilities in the Vertiv Liebert RDU101 and Liebert UNITY communications cards.

Automation Direct Advisory - This advisory describes a missing authentication for critical function vulnerability in the AutomationDirect MB-Gateway.

Schneider Advisory #1 - This advisory describes an externally controlled reference to a resource in another sphere vulnerability in the Schneider Modicon Controllers M241/M251/M258/LMC058.

Schneider Advisory #2 - This advisory discusses a missing authentication for critical function vulnerability in the Schneider Galaxy VS, VL, and VXL products.

Schneider Advisory #3 - This advisory discusses a classic buffer overflow vulnerability in the Schneider PrismaSeT Active wireless panel server.

Siemens Advisory - This advisory discusses a missing encryption of sensitive data vulnerability in the Siemens Siveillance Video product.

Mitsubishi Advisory - This advisory describes an execution with unnecessary privileged vulnerability in the Mitsubishi MC Works64 AlarmWorX Multimedia and the Iconics GENESIS64 AlarmWorX Multimedia products.

Danfoss Advisory - This advisory describes an improper authentication vulnerability in the Danfoss K-SM 800A system manager.

NI Advisory - This advisory describes five vulnerabilities in the National Instruments Circuit Design Suite.

ABUB Advisory - This advisory describes an incorrect privilege assignment vulnerability in the ABUB IoT Cloud Platform.

UPDATES

Schneider Update #1 - This update provides additional information on the Schneider EcoStruxure Power Monitoring Expert advisory that was originally published on February 6^th, 2025, and most recently updated on March 27^th, 2025.

Schneider Update #2 - This update provides additional information on the Schneider EcoStruxure Power Build Rapsody advisory that was originally published on January 23, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/11-advisories-and-2-updates-published - subscription required.