Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Summary:
A recent report by Cyble highlights critical vulnerabilities affecting industrial control system (ICS) devices from multiple vendors. The report examined 70 flaws in ICS, operational technology (OT) and supervisory control and data acquisition (SCADA) systems.

The identified vulnerabilities affect systems across five sectors, including critical manufacturing, energy, healthcare, wastewater and commercial facilities.

Security Officer Comments:

The identified vulnerabilities are:
  • CVE-2025-23120: A deserialization of untrusted data vulnerability in Veeam Backup and Replication, potentially allowing remote code execution to the Rockwell Automation Industrial Data Center (IDC) product range (CVSS v3.1 score: 9.9)
  • CVE-2025-25211: A weak password requirement vulnerability in Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, potentially allowing unauthorized access (CVSS v3.1 score: 9.8)
  • CVE-2025-26689: A forced browsing vulnerability in Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, potentially allowing data tampering and product setting modifications (CVSS v3.1 score: 9.8)
  • CVE-2024-4872: An improper neutralization of special elements in data query logic vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, potentially allowing code injection (CVSS v3.1 score: 8.8)
  • CVE-2024-3980: A path traversal vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, potentially allowing file system manipulation and session hijacking (CVSS v3.1 score: 8.8)
Suggested Corrections:

Cyble urges users of Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo to patch critical vulnerabilities in their products. Some of the vulnerabilities include potential remote code execution, unauthorized access, data tampering, code injection, file system manipulation, and session hijacking.

Cyble emphasizes that immediate mitigation, including patching, authentication hardening, and access restrictions, is essential to prevent exploitation, given the critical role of SCADA, DCS, and MES systems.

Link(s):

https://cyble.com/blog/ics-vulnerability-report-energy-cyble/

Contact Us for Threat Assistance Back to Current Threats

Just Starting?



Contact LACyber for More Info



Current Active Cyber Threats