Review – 10 Advisories and 3 Updates Published – 7-10-25

Today CISA’s NCCIC-ICS published ten control system security advisories for products from AAR Railroad Electronics Standards, KUNBUS, Advantech, Delta Electronics, and Siemens (6). They also update advisories for products from IDEC Products, ECOVACS, and KUNBUS.

NOTE: Siemens published three other advisories on Tuesday. I will cover them in the Public ICS Disclosure blog post this weekend.

Advisories

AAR Advisory - This advisory describes a weak authentication vulnerability in the Association of American Railroads (AAR) End-of-Train and Head-of-Train remote linking protocol.

KUNBUS Advisory - This advisory describes an incorrect implementation of authentication algorithm vulnerability in the KUNBUS Revolution Pi OS and RevPi Webstatus.

Advantech Advisory - This advisory describes ten vulnerabilities in the Advantech iView product.

Delta Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Delta DTM Soft product.

SIPROTEC Advisory - This advisory describes a use of GET request method with sensitive query strings vulnerability in the Siemens SIPROTEC products.

TIA Advisory #1 - This advisory describes an upload of file with dangerous type vulnerability in the Siemens TIA Project-Server and TIA Portal products.

TIA Advisory #2 - This advisory describes two vulnerabilities in the Siemens TIA Administrator.

SIMATIC Advisory - This advisory describes an improper input validation vulnerability in the Siemens SIMATIC CN 4100 products.

Solid Edge Advisory - This advisory describes three vulnerabilities in the Siemens Solid Edge product.

SINEC Advisory - This advisory describes four vulnerabilities in the Siemens SINEC NMS products.

Updates

IDEC Update - This update provides additional information on the IDEC Products advisory that was originally published on September 19^th, 2024.

ECOVACS Update - This update provides additional information on the DEEBOT Vacuum and Base Station advisory that was originally published on May 15^th, 2025.

KUNBUS Update - This update provides additional information on the Revolution Pi advisory that was originally published on May 1^st, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-and-3-updates-published - subscription required.