CISA Issues New Advisories on Vulnerabilities in Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released four advisories addressing critical vulnerabilities in industrial control systems (ICS) equipment manufactured by Siemens, Tigo Energy, and EG4 Electronics. Understanding these vulnerabilities is essential for organizations relying on these systems to safeguard their operations.
Siemens Vulnerabilities: Desigo CC and Mendix SAML Module
Two advisories, ICSA-25-231-01 and ICSA-25-231-02, target Siemens’ products—specifically the Desigo CC Product Family, SENTRON Powermanager, and the Mendix SAML Module. These components are widely implemented in industrial environments, raising concerns over their security.
Desigo CC and SENTRON Powermanager Vulnerability
The advisory ICSA-25-231-01 highlights a significant vulnerability (CVE-2025-47809) linked to the Wibu CodeMeter, a software licensing tool used in Siemens’ Desigo CC and SENTRON Powermanager. With a CVSS v3.1 score of 8.2, this flaw allows potential exploitation through Windows Explorer without requiring users to reboot or log off. All versions from Desigo CC (V5.0 to V8) and SENTRON Powermanager (V5 to V8) are impacted. Siemens has recommended upgrading to CodeMeter version 8.30a and restarting the system post-installation to resolve the issue, which was first reported to CISA by the company itself.
Mendix SAML Module Exploit Risk
Advisory ICSA-25-231-02 reveals another critical issue within the Mendix SAML module, categorized under CVE-2025-40758. Rated at 8.7 on the CVSS v3.1 scale, this vulnerability allows unauthenticated attackers to hijack user accounts in certain Single Sign-On (SSO) settings due to improper cryptographic signature verification. It affects various Mendix SAML versions, particularly those before 3.6.21 and 4.0.3. Siemens emphasizes that users should enable encryption settings and update their modules to mitigate this issue. This vulnerability poses significant risks, especially in sectors critical to manufacturing.
High-Risk Vulnerabilities in Tigo Energy’s Cloud Connect Advanced
The advisory ICSA-25-217-02 (Update A) highlights several high-risk vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA). This device plays an integral role in solar energy management, and the vulnerabilities identified could lead to severe security breaches.
Critical Flaws in CCA
The most critical vulnerability (CVE-2025-7768) scores a staggering 9.3 on the CVSS v4 base score, linked to hard-coded credentials that could grant unauthorized access and control. Further vulnerabilities include:
- Command Injection (CVE-2025-7769, CVSS v3.1 score of 8.8), confirmed to be publicly exploitable.
- Predictable Session IDs (CVE-2025-7770), allowing attackers to bypass authentication measures.
These vulnerabilities predominantly affect Cloud Connect Advanced versions 4.0.1 and earlier. Tigo Energy is working on patches and advises users to check its Help Center for interim security recommendations. CISA also recommends isolating ICS networks and carefully managing internet access due to ongoing vulnerabilities.
Security Issues with EG4 Electronics Inverters
The advisory ICSA-25-219-07 (Update A) exposes serious flaws in EG4 Electronics’ inverter systems utilized in both residential and commercial solar setups.
Identified Vulnerabilities in Inverter Systems
The vulnerabilities detailed include:
- Cleartext Transmission of Sensitive Data (CVE-2025-52586)
- Download of Code Without Integrity Check (CVE-2025-53520)
- Observable Discrepancy (CVE-2025-47872)
- Improper Restriction of Authentication Attempts (CVE-2025-46414)
The CVSS v4 score for these issues reaches an alarming 9.2. These flaws allow attackers to intercept commands, install malicious firmware, and exploit insecure APIs. Affected models include EG4 12kPV, 18kPV, Flex 21, and others. While EG4 has addressed some issues through server fixes, comprehensive firmware and hardware solutions are still in development.
CISA’s Call to Action for ICS Operators
CISA highlights the increasing targeting of ICS environments by cyber adversaries due to their vital role in national infrastructure. While no significant exploits associated with the identified vulnerabilities have been confirmed (except one related to Tigo), CISA urges operators to adopt several mitigation strategies:
- Isolating ICS from networks connected to the Internet.
- Ensuring devices and software are updated to their latest secure versions.
- Conducting risk assessments to guide the deployment of security measures.
As organizations rely more heavily on ICS, maintaining robust cybersecurity practices is more critical than ever. The newly identified vulnerabilities underscore the need for vigilance and proactive measures to protect these crucial systems.
