Review – 8 Advisories and 1 Update Published – 12-18-25

Today CISA’s NCCIC-ICS published eight control system security advisories for products from Axis Communications, Rockwell Automation, Advantech, Siemens, Mitsubishi Electric, National Instruments, Schneider Electric, and Inductive Automation. They also updated an advisory for products from Mitsubishi.

Advisories

Axis Advisory - This advisory describes four vulnerabilities in multiple Axis surveillance products.

Rockwell Advisory - This advisory describes two vulnerabilities in the Rockwell Micro8xx PLCs.

Advantech Advisory - This advisory describes five vulnerabilities in the Advantech WebAccess/SCADA product.

Siemens Advisory - This advisory describes an improper verification of source of a communications channel vulnerability in the Siemens Interniche IP-Stack used in a wide range of Siemens products.

NOTE: I briefly mentioned this vulnerability on December 14^th, 2025.

Mitsubishi Advisory - This advisory describes an OS command injection vulnerability in multiple Mitsubishi Electric Iconics Digital Solutions products.

NI Advisory - This advisory describes nine vulnerabilities in the NI LabView product.

Schneider Advisory - This advisory discusses a deserialization of untrusted data vulnerability in the Schneider EcoStruxure Foxboro DCS Advisor.

NOTE: I briefly discussed this vulnerability on December 14^th, 2025.

Inductive Advisory - This advisory describes an execution with unnecessary privileges vulnerability in the Inductive Ignition product.

Updates

Mitsubishi Update - This update provides additional information on the CNC Series advisory that was originally published on October 17^th, 2024, and most recently updated on March 18^th, 2025

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-and-1-update-published-f72 - subscription required.