(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – September 18, 2025
Created: Thursday, September 18, 2025 - 14:12
Categories: Cybersecurity, Federal & State Resources, OT-ICS Security
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On September 18, 2025, CISA Released Nine Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Westermo Network Technologies WeOS 5 – Used in Water and Wastewater Systems and Energy
- Westermo Network Technologies WeOS 5 (2) – Used in Water and Wastewater Systems and Energy
- Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit – Used in Energy
- Hitachi Energy Asset Suite – Used in Energy
- Hitachi Energy Service Suite – Used in Energy
- Cognex In-Sight Explorer and In-Sight Camera Firmware
- Dover Fueling Solutions ProGauge MagLink LX4 Devices
- End-of-Train and Head-of-Train Remote Linking Protocol (Update C)
- Mitsubishi Electric FA Engineering Software Products (Update D)
On September 16, 2025, CISA Released Eight Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter
- Hitachi Energy RTU500 Series – Used in Energy
- Siemens SIMATIC NET CP, SINEMA, and SCALANCE
- Siemens RUGGEDCOM, SINEC NMS, and SINEMA
- Siemens OpenSSL Vulnerability in Industrial Products
- Siemens Multiple Industrial Products
- Delta Electronics DIALink
- Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A) – Used in Energy
On September 11, 2025, CISA Released Eleven Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Siemens SIMOTION Tools
- Siemens SIMATIC Virtualization as a Service (SIVaaS)
- Siemens SINAMICS Drives
- Siemens SINEC OS
- Siemens Apogee PXC and Talon TC Devices
- Siemens Industrial Edge Management OS (IEM-OS) – Used in Energy
- Siemens User Management Component (UMC)
- Schneider Electric EcoStruxure – Used in Energy
- Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110 – Used in Energy
- Daikin Security Gateway – Used in Energy
- Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H (Update A) – Used in Energy
On September 9, 2025, CISA Released Fourteen Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Rockwell Automation ThinManager
- ABB Cylon Aspect BMS/BAS
- Rockwell Automation Stratix IOS
- Rockwell Automation FactoryTalk Optix
- Rockwell Automation FactoryTalk Activation Manager
- Rockwell Automation CompactLogix® 5480
- Rockwell Automation ControlLogix 5580
- Rockwell Automation Analytics LogixAI
- Rockwell Automation 1783-NATR
- Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update A)
- Schneider Electric Communication Modules for Modicon M580 and Quantum controllers (Update B) – Used in Energy
- EG4 Electronics EG4 Inverters (Update B) – Used in Energy
- Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module (Update A)
- Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT (Update A)
Additional Alerts, Updates, and Bulletins:
- September 11 – CISA Adds One Known Exploited Vulnerability to Catalog
- September 4 – CISA Adds Three Known Exploited Vulnerabilities to Catalog