(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – April 17, 2025
Created: Thursday, April 17, 2025 - 13:23
Categories: Cybersecurity, Federal & State Resources, OT-ICS Security
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On April 17, 2025, CISA Released Six Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Schneider Electric Trio Q Licensed Data Radio – Used in Energy
- Schneider Electric Sage Series – Used in Energy
- Schneider Electric ConneXium Network Manager – Used in Energy
- Yokogawa Recorder Products – Used in Energy
- Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (Update A) – Used in Energy
- Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers (Update A) – Used in Energy
On April 15, 2025, CISA Released Nine Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Siemens Mendix Runtime
- Siemens Industrial Edge Device Kit
- Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
- Growatt Cloud Applications – Used in Energy
- Lantronix Xport – Used in Water and Wastewater Systems and Energy
- National Instruments LabVIEW
- Delta Electronics COMMGR – Used in Energy
- ABB M2M Gateway – Used in Energy
- Mitsubishi Electric Europe B.V. smartRTU
Additional Alerts, Updates, and Bulletins:
- April 17 – CISA Adds Three Known Exploited Vulnerabilities to Catalog
- April 16 – CISA Adds One Known Exploited Vulnerability to Catalog
- April 9 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
- April 8 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
- April 7 – CISA Adds One Known Exploited Vulnerability to Catalog
- April 4 – CISA Adds One Vulnerability to the KEV Catalog
- April 10 – CISA Releases Ten Industrial Control Systems Advisories
- CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise
- Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
- Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)
Related WaterISAC PIRs: 6, 8