Review – 7 Advisories Published – 7-1-25

Today CISA’s NCCIC-ICS published control system security advisories for products from Hitachi Energy (2), Voltronic, and FESTO (4).

Advisories

Hitachi Energy Advisory #1 - This advisory discusses a cross-site scripting vulnerability (with publicly available exploit) in the Hitachi Energy Modular Switchgear Monitoring (MSM) product.

Hitachi Energy Advisory #2 - This advisory describes an allocation of resources without limit or throttling vulnerability in the Hitachi Energy Relion 670/650 and SAM600-IO series intelligent electronic devices.

Voltronic Advisory - This advisory describes two vulnerabilities in UPS monitoring products from Voltronic and Powershield.

Festo Advisory #1 - This advisory describes four command injection vulnerabilities in the Festo Hardware Controller and Hardware Servo Press Kit products.

Festo Advisory #2 - This advisory discusses three vulnerabilities in the FESTO CODESYS Gateway Server.

Festo Advisory #3 - This advisory discusses an out-of-bounds write vulnerability in multiple Festo advisories.

Festo Advisory #4 - This advisory discusses an improper restriction of operations within the bounds of a memory buffer vulnerability in FESTO Didactic CP, MPS 200, and MPS 400 products.

 

For more information on these advisories, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-7-1-25 - subscription required