The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On May 15, 2025, CISA Released Twenty-Two Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Siemens RUGGEDCOM APE1808 Devices
- Siemens INTRALOG WMS – Used in Water and Wastewater Systems and Energy
- Siemens BACnet ATEC Devices
- Siemens Desigo
- Siemens SIPROTEC and SICAM
- Siemens Teamcenter Visualization
- Siemens IPC RS-828A – Used in Water and Wastewater Systems and Energy
- Siemens VersiCharge AC Series EV Chargers – Used in Energy
- Siemens User Management Component (UMC)
- Siemens OZW Web Servers
- Siemens Polarion
- Siemens SIMATIC PCS neo
- Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems
- Siemens APOGEE PXC and TALON TC Series – Used in Energy
- Siemens Mendix OIDC SSO – Used in Energy
- Siemens MS/TP Point Pickup Module – Used in Energy
- Siemens RUGGEDCOM ROX II
- Siemens SCALANCE LPE9403
- ECOVACS DEEBOT Vacuum and Base Station
- Schneider Electric EcoStruxure Power Build Rapsody – Used in Energy
- Mitsubishi Electric Multiple FA Engineering Software Products (Update C)
- Mitsubishi Electric MELSOFT MaiLab and MELSOFT VIXIO (Update A)
Additional Alerts, Updates, and Bulletins:
- May 14 - CISA Adds One Known Exploited Vulnerability to Catalog
- May 13 - CISA Adds Five Known Exploited Vulnerabilities to Catalog
- Update to How CISA Shares Cyber-Related Alerts and Notifications
Related WaterISAC PIRs: 6, 8
