(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – December 4, 2025
Created: Thursday, December 4, 2025 - 15:33
Categories: Cybersecurity, Federal & State Resources, Security Preparedness
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On November 25, 2025, CISA Released Seven Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
- Rockwell Automation Arena Simulation
- Zenitel TCIV-3+
- Opto 22 groov View
- Festo Compact Vision System, Control Block, Controller, and Operator Unit products
- SiRcom SMART Alert (SiSA)
- Mitsubishi Electric FA Engineering Software (Update C)
On December 2, 2025, CISA Released Five Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Industrial Video & Control Longwatch – Used in Water and Wastewater Systems and Energy
- Iskra iHUB and iHUB Lite – Used in Energy
- Mirion Medical EC2 Software NMIS BioDose
- Mitsubishi Electric CNC Series (Update A)
- Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)
On December 4, 2025, CISA Released Nine Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Mitsubishi Electric GX Works2
- MAXHUB Pivot
- Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace – Used in Energy
- Johnson Controls iSTAR – Used in Energy
- Sunbird DCIM dcTrack and Power IQ – Used in Energy
- SolisCloud Monitoring Platform – Used in Energy
- Advantech iView
- Consilium Safety CS5000 Fire Panel (Update A)
- Johnson Controls FX Server, FX80 and FX90 (Update A) – Used in Energy
Additional Alerts, Updates, and Bulletins:
- December 3 – CISA Adds One Known Exploited Vulnerability to Catalog
- CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology
- December 2 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
- November 28 – CISA Adds One Known Exploited Vulnerability to Catalog
- Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
- November 21 – CISA Adds One Known Exploited Vulnerability to Catalog