Review – 3 Advisories and 1 Update Published – 10-9-25

Today CISA’s NCCIC-ICS published three control system security advisories for products from Rockwell Automation (2) and Hitachi Energy. They also updated an advisory for products from Mitsubishi Electric.

Advisories

Rockwell Advisory #1 - This advisory discusses a stack-based buffer overflow vulnerability {listed in CISA’s Known Exploited Vulnerability (KEV) catalog}in the Rockwell Stratix 5X00 products.

NOTE: I briefly discussed this vulnerability on September 27^th, 2025.

Rockwell Advisory #2 - This advisory discusses a stack-based buffer overflow vulnerability (listed in CISA’s KEV catalog) in multiple Rockwell products.

NOTE: I briefly discussed this vulnerability on October 5^th, 2025.

Hitachi Energy Advisory - This advisory describes an improper output neutralization for logs vulnerability in the Hitachi Energy Asset Suite product.

NOTE: I briefly discussed this vulnerability on October 4^th, 2025.

Updates

Mitsubishi Update - This update provides additional information on the Multiple FA Products advisory that was originally published on May 8^th, 2025.

 

For more information on these advisories, including a down-the-rabbit hold look at KEV reporting, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published-1b5 - subscription required.