Review – 6 Advisories and 1 Update Published – 11-25-25

Today CISA’s NCCIC-ICS published five control system security advisories for products from SiRcom, Festo, Opto 22, Zenitel, Rockwell, and Ashlar-Vellum. They also updated an advisory for products from Mitsubishi.

Advisories

SiRcom Advisory - This advisory describes a missing authentication for critical function vulnerability in the SiRcom SMART Alert (SiSA) central control system.

Festo Advisory - This advisory discusses two vulnerabilities in the multiple Festo product lines.

NOTE: I briefly discussed these vulnerabilities on December 3^rd, 2022.

Opto 22 Advisory - This advisory describes an exposure of sensitive data through meta data vulnerability in the Opto 22 groov View product line.

Zenitel Advisory - This advisory describes five vulnerabilities in the Zenitel TCIV-3+ IP video intercom.

Rockwell Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Rockwell Arena Simulation product.

NOTE: I briefly discussed this vulnerability on November 16^th, 2025.

Ashlar-Vellum Advisory - This advisory describes two vulnerabilities in multiple Ashlar-Vellum products.

Updates

Mitsubishi Update - This update provides additional information on the FA Engineering Software advisory that was originally published on December 5^th, 2022, and most recently updated on June 29^th, 2023.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-b5e - subscription required.