Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Multiple industrial control system (ICS) devices are affected by vulnerabilities carrying critical severity ratings up to a 9.9 CVSS base score.

In an April 10 blog post, Cyble urged users of Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo, three industrial hardware providers, to patch critical vulnerabilities in their products.

The vulnerabilities affect various products, including Rockwell Automation Industrial Data Center, Hitachi Energy MicroSCADA Pro/X SYS600, and Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras.

The identified vulnerabilities are:

CVE-2025-23120: A deserialization of untrusted data vulnerability in Veeam Backup and Replication, potentially allowing remote code execution to the Rockwell Automation Industrial Data Center (IDC) product range (CVSS v3.1 score: 9.9)
CVE-2025-25211: A weak password requirement vulnerability in Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, potentially allowing unauthorized access (CVSS v3.1 score: 9.8)
CVE-2025-26689: A forced browsing vulnerability in Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, potentially allowing data tampering and product setting modifications (CVSS v3.1 score: 9.8)
CVE-2024-4872: An improper neutralization of special elements in data query logic vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, potentially allowing code injection (CVSS v3.1 score: 8.8)
CVE-2024-3980: A path traversal vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, potentially allowing file system manipulation and session hijacking (CVSS v3.1 score: 8.8)

These are the most critical vulnerabilities identified in Cyble’s latest ICS Vulnerability Report, which examined 70 flaws in ICS, operational technology (OT) and supervisory control and data acquisition (SCADA) systems.

The vulnerabilities identified affect systems across five sectors, including critical manufacturing, energy, healthcare, wastewater and commercial facilities.

“Given the critical role of SCADA, DCS, and MES systems, immediate mitigation—including patching, authentication hardening, and access restrictions—is essential to prevent exploitation,” Cyble wrote.

Read now: Five ICS Security Challenges and How to Overcome Them

Source link

Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Leave a Comment Cancel reply

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

Leave a Comment Cancel reply

VMWARE

Configuration Templates