Review – 9 Advisories and 5 Updates Published – 9-9-25

Today CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation (8) and ABB. They also updated five control system security advisories for products from Rockwell, Mitsubishi (2), EG4 and Schneider.

Advisories

Rockwell Advisory #1 - This advisory discusses a use of platform-dependent third party components vulnerability in the Rockwell 1783-NATR (Network Address Translation Router).

Rockwell Advisory #2 - This advisory describes an exposure of sensitive information to an unauthorized control sphere vulnerability in the Rockwell Analytics LogixAI.

Rockwell Advisory #3 - This advisory describes a NULL pointer dereference vulnerability in the Rockwell ControlLogix 5580 product.

Rockwell Advisory #4 - This advisory describes a missing authentication for critical function vulnerability in the Rockwell CompactLogix 5480 product.

Rockwell Advisory #5 - This advisory describes a missing authentication for critical function vulnerability in the Rockwell FactoryTalk Activation Manager.

Rockwell Advisory #6 - This advisory describes a command injection vulnerability in the Rockwell FactoryTalk Optix product.

Rockwell Advisory #7 - This advisory describes an injection vulnerability in the Rockwell Stratix IOS product.

Rockwell Advisory #8 - This advisory describes a server-side request forgery vulnerability in the Rockwell ThinManager product.

ABB Advisory - This advisory describes three vulnerabilities in the ABB ASPECT, NEXUS, MATRIX products.

Updates

Rockwell Update - This update provides additional information on the 1756-ENT2R advisory that was originally reported on August 14^th, 2025.

Mitsubishi Update #1 - This update provides additional information on the MELSEC iQ-F Series advisory that was originally published on August 21^st, 2025.

Mitsubishi Update #2 - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on October 22^nd, 2024.

EG4 Update - This update provides additional information on the EG4 Inverters advisory that was originally published on August 7^th, 2025, and most recently updated on August 19^th, 2025.

Schneider Update - This update provides additional information on the Communication Modules advisory that was originally published on February 27^th, 2025, and most recently updated on April 17^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-and-5-updates-published - subscription required.