(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – September 4, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

On September 4, 2025, CISA Released Five Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

• Honeywell OneWireless Wireless Device Manager (WDM) – Used in Energy
• Mitsubishi Electric Iconics Digital Solutions Multiple Products (Update A)
• Delta Electronics COMMGR (Update A) – Used in Energy
• Honeywell Experion PKS (Update A) – Used in Water and Wastewater Systems and Energy
• End-of-Train and Head-of-Train Remote Linking Protocol (Update B)

On September 2, 2025, CISA Released Four Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

• Delta Electronics EIP Builder
• Fuji Electric FRENIC-Loader 4
• SunPower PVS6 – Used in Energy
• Hitachi Energy Relion 670/650 and SAM600-IO Series (Update A) – Used in Energy

Additional Alerts, Updates, and Bulletins:

• September 3 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
• September 2 – CISA Adds Two Known Exploited Vulnerabilities to Catalog
• August 29 – CISA Adds One Known Exploited Vulnerability to Catalog
• CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance