Review – 8 Advisories and 2 Updates Published – 8-7-25

Today CISA’s NCCIC-ICS published eight control system security advisories for products from Yealink, EG4 Electronics, Dreame Technology, Packet Power, Rockwell Automation, Burk Technology, Johnson Controls, and Delta Electronics. They also updated advisories from Mitsubishi and Instantel.

Advisories

Yealink Advisory - This advisory describes four vulnerabilities in the Yealink IP Phones.

EG4 Advisory - This advisory describes four vulnerabilities in the EGR4 Inverters.

Dreame Advisory - This advisory describes an improper certificate validation vulnerability in the Dreame Dreamehome and MOVAhome mobile applications.

Packet Power Advisory - This advisory describes a missing authentication for critical function vulnerability in the Packet Power EMX and EG products.

Rockwell Advisory - This advisory describes three vulnerabilities in the Rockwell Arena product.

Burk Advisory - This advisory describes a missing authentication for critical function vulnerability in the Burk ARC Solo monitoring and control device.

Johnson Controls Advisory - This advisory describes a dependency on vulnerable third party component vulnerability in the Johnson Controls FX80 and FX90 controllers.

Delta Advisory - This advisory describes a path traversal vulnerability in the Delta DIAView industrial automation management system.

Updates

Mitsubishi Update - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on May 20^th, 2025.

Instantel Update - This update provides additional information on the Micromate advisory that was originally published on May 29^th, 2025.

 

For more information on these advisories, including links to researcher reports and vendor advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-and-2-updates-published - subscription required.