(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 28, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

On August 28, 2025, CISA Released Nine Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

• Mitsubishi Electric MELSEC iQ-F Series CPU Module
• Mitsubishi Electric MELSEC iQ-F Series CPU Module
• Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit – Used in Energy
• Delta Electronics CNCSoft-G2 – Used in Energy
• Delta Electronics COMMGR
• GE Vernova CIMPLICITY
• Mitsubishi Electric Multiple FA Engineering Software Products (Update D)
• Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update B)
• Hitachi Energy Relion 670/650 and SAM600-IO series (Update A) – Used in Energy

On August 26, 2025, CISA Released Three Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

• INVT VT-Designer and HMITool – Used in Energy
• Schneider Electric Modicon M340 Controller and Communication Modules – Used in Energy
• Danfoss AK-SM 8xxA Series (Update A)

Additional Alerts, Updates, and Bulletins:

• August 26 – CISA Adds One Known Exploited Vulnerability to Catalog
• August 25 – CISA Adds Three Known Exploited Vulnerabilities to Catalog
• August 21 – CISA Adds One Known Exploited Vulnerability to Catalog
• CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems
• CISA Requests Public Comment for Updated Guidance on Software Bill of Materials