Between February 10 and February 16, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued alerts regarding vulnerabilities in various industrial control systems (ICS) and other related products. The advisory aims to inform users and system administrators about the potential risks associated with outdated software and firmware, urging them to implement necessary mitigations and updates to enhance security.
The affected products include a wide range of devices and software from different manufacturers, predominantly Siemens and Dingtian. For instance, numerous models of Siemens’ Simatic series were listed, covering various versions of CPUs, drive controllers, and different software applications. The specific software vulnerabilities spanned from earlier versions to products that were entirely unpatched.
-
Dingtian Devices:
- A total of four different models (DT-R002, DT-R008, DT-R016, and DT-R032) each with specific version vulnerabilities were highlighted.
- It is essential for users of these devices to review their systems and ensure they operate on the latest software versions to mitigate any potential threats.
-
MySCada and Oring Devices:
- Older versions of MySCada MyPro Manager (prior to v1.4) and Oring IAP-20 (versions 2.01e and earlier) were included in the vulnerabilities list. The recommendation is to upgrade to the latest available versions.
-
Outback Power and Siemens Products:
- The Outback Power Mojave Inverter was cited with vulnerabilities across all versions, indicating a significant risk for users not applying necessary updates.
- Siemens products made up a significant portion of the list, with numerous models across different categories (S7-1200, S7-1500, and others) flagged due to vulnerabilities in specified version ranges or prior to certain updates.
- Critical Siemens applications like TeamCenter, TIA Portal, and several safety-related products also required urgent attention due to older versions being prone to cyber threats.
-
Cybersecurity Recommendations:
- The Cyber Center urged users to follow the guidance provided in the advisory, specifically reviewing the included link to access detailed vulnerability information.
- Users were also encouraged to perform mitigations such as patching systems where updates are available, applying relevant configurations to enhance security, and staying informed about further advisories regarding cybersecurity risks.
- Mobile and Other Applications:
- Specific mobile applications for health management, such as Qardioarm A100 and Qardio Heart Health (iOS version 2.7.4 and Android version 2.5.1), were also flagged, highlighting the extensive reach of this advisory beyond just industrial systems.
- The broad spectrum of product vulnerabilities indicates that cyber threats are prevalent across not only industrial sectors but also consumer and health-related applications, necessitating a proactive approach in maintaining software integrity.
Overall, the CISA advisory serves as a crucial reminder for businesses and individual users to regularly assess and upgrade their software and devices to safeguard against emerging cyber threats. Failure to do so could result in significant vulnerabilities that might be exploited maliciously. Administrators are strongly encouraged to implement the suggested mitigations promptly to secure their systems and protect sensitive data.