Review – 7 Advisories and 1 Update Published – 6-24-25

Today CISA’s NCCIC-ICS published seven control system security advisories for products from MICROSENS, Parsons, ControlID, Schneider (2), Delta Electronics, and Kaleris. They also updated an advisory for products from Mitsubishi.

Advisories

MICROSENS Advisory - This advisory discusses three vulnerabilities in the MICROSENS NMP Web+ product.

Parsons Advisory - This advisory describes a cross-site scripting vulnerability in the AccuWeather and Custom RSS widget in multiple products from Parsons.

ControlID Advisory - This advisory describes three vulnerabilities in the ControlID iDSecure On-premises product.

Schneider Advisory #1 - This advisory describes four vulnerabilities in the Schneider EVLink WallBox.

Schneider Advisory #2 - This advisory describes six vulnerabilities in the Schneider Modicon Controllers.

Delta Advisory - This advisory describes four out-of-bounds write vulnerabilities in the Delta CNCSoft human-machine interface.

Kaleris Advisory - This advisory describes two vulnerabilities in the Kaleris Navis N4 terminal operating system.

Updates

Mitsubishi Update - This update provides additional information on the MELSEC-Q Series PLCs advisory that was originally published on January 29^th, 2019, and most recently updated on October 5^th, 2023.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-410 - subscription required.