CISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products.

These advisories, published on April 15, 2025, urge immediate action from operators and administrators overseeing critical infrastructure. Below are the key highlights from each advisory:

Nine Industrial Control Systems Advisories

1.Siemens Mendix Runtime (CVE-2025-30280):

- Advertisement -

The first advisory concerns Siemens Mendix Runtime, which suffers from an observable response discrepancy (CWE-204) vulnerability.

This flaw, assigned CVE-2025-30280 and a CVSS v4 score of 6.9, allows unauthenticated remote attackers to enumerate valid entities and attribute names in Mendix Runtime-based applications.

All versions of Mendix Runtime V8, V9, and specific V10 versions are affected, and users are urged to apply any available updates.

2. Siemens Industrial Edge Device Kit (CVE-2024-54092):

The second advisory highlights a critical weak authentication issue (CWE-1390) in Siemens Industrial Edge Device Kit.

Identified as ...