(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – December 11, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

On December 9, 2025, CISA Released Three Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

• Universal Boot Loader (U-Boot) – Used in Water and Wastewater Systems and Energy
• Festo LX Appliance – Used in Energy
• Multiple India-Based CCTV Cameras 

On December 11, 2025, CISA Released 12 Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

• Johnson Controls iSTAR – Used in Energy
• Johnson Controls iSTAR Ultra – Used in Energy
• AzeoTech DAQFactory
•  Siemens IAM Client
• Siemens Advanced Licensing (SALT) Toolkit
• Siemens SINEMA Remote Connect Server
• Siemens Building X – Security Manager Edge Controller
• Siemens Energy Services – Used in Energy
• Siemens Gridscale X Prepay – Used in Energy
• OpenPLC_V3 – Used in Water and Wastewater Systems and Energy
• Grassroots DICOM (GDCM)
• Varex Imaging Panoramic Dental Imaging Software 

Additional Alerts, Updates, and Bulletins:

• 2025 CWE Top 25 Most Dangerous Software Weaknesses
• December 9 – CISA Adds One Known Exploited Vulnerability to Catalog
• December 9 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
• Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure
• December 8 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
• PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems