10 Advisories and 3 Updates Published – 7-10-25
Today CISA’s NCCIC-ICS published ten control system security advisories for products from AAR Railroad Electronics Standards, KUNBUS, Advantech, Delta Electronics, and Siemens (6). They also update advisories for products from IDEC Products, ECOVACS, and KUNBUS.
NOTE: Siemens published three other advisories on Tuesday. I will cover them in the Public ICS Disclosure blog post this weekend.
AAR Advisory
This advisory describes a weak authentication vulnerability in the Association of American Railroads (AAR) End-of-Train and Head-of-Train remote linking protocol. The vulnerability was reported to CISA by Neil Smith and Eric Reuter. AAR is working on the next-generation protocol.
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure.
NOTE: Reuter did a 2018 DEFCON presentation about this telemetry system.
KUNBUS Advisory
This advisory describes an incorrect implementation of authentication algorithm vulnerability in the KUNBUS Revolution Pi OS and RevPi Webstatus. The vulnerability was reported by Ajay Anto. KUNBUS has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow attackers to bypass authentication and gain unauthorized access to the application.
Advantech Advisory
This advisory describes ten vulnerabilities in the Advantech iView product. The vulnerabilities were reported to CISA by Alex Williams of Converge Technology Solutions. Advantech has a new version that mitigates the vulnerabilities.
The ten reported vulnerabilities are:
Cross-site scripting (3) - CVE-2025-53397, CVE-2025-53519, and CVE-2025-41442,
SQL injection (4) - CVE-2025-48891, CVE-2025-53475, CVE-2025-52577, and CVE-2025-53515
Path traversal - CVE-2025-46704, and
Argument injection - CVE-2025-52459
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions.
Delta Advisory
This advisory describes a deserialization of untrusted data vulnerability in the Delta DTM Soft product. The vulnerability was reported to CISA by kimiya working with Trend Micro Zero Day. Delta has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to allow an attacker to encrypt files referencing the application in order to extract information.
NOTE: I briefly discussed this vulnerability on July 5th, 2025.
SIPROTEC Advisory
This advisory describes a use of GET request method with sensitive query strings vulnerability in the Siemens SIPROTEC products. The vulnerability was reported by Nozomi Networks. Siemens provides generic mitigation measures pending development of a fix.
NCCIC-ICS reports that an uncharacterized actor could remotely exploit the vulnerability to allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.
TIA Advisory #1
This advisory describes an upload of file with dangerous type vulnerability in the Siemens TIA Project-Server and TIA Portal products. The vulnerability is self-reported. Siemens has new versions for two of the affected products.
NCCIC-ICS reports that a relatively low-skilled attacker can remotely exploit the vulnerability to allow an attacker to cause a denial-of-service condition.
TIA Advisory #2
This advisory describes two vulnerabilities in the Siemens TIA Administrator. The vulnerabilities are self-reported. Siemens has a new version that mitigates the vulnerabilities.
The two reported vulnerabilities are:
Improper verification of cryptographic signature - CVE-2025-23364, and
Improper access control - CVE-2025-23365
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow an attacker to escalate privilege or execute arbitrary code during installations.
SIMATIC Advisory
This advisory describes an improper input validation vulnerability in the Siemens SIMATIC CN 4100 products. The vulnerability was reported by Michael Klassen and Martin Floeck from BASF Security Team. Siemens has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to cause a denial-of-service condition.
Solid Edge Advisory
This advisory describes three vulnerabilities in the Siemens Solid Edge product. The vulnerability was reported by Michael Heinzl. Siemens has a new version that mitigates the vulnerability.
The three reported vulnerabilities are:
Out-of-bounds read (2) - CVE-2025-40739 and CVE-2025-40740,
Stack-based buffer overflow - CVE-2025-40741
NCCIC-ICS reports that a relatively high-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow an attacker to crash the application or execute arbitrary code.
SINEC Advisory
This advisory describes four vulnerabilities in the Siemens SINEC NMS products. Three of the vulnerabilities were reported by the Zero Day Initiative. Siemens has a new version that mitigates the vulnerabilities.
The four reported vulnerabilities are:
SQL injection - CVE-2025-40735,
Missing authentication for critical function - CVE-2025-40736, and
Path traversal - CVE-2025-40737 and CVE-2025-40738
IDEC Update
This update provides additional information on the IDEC Products advisory that was originally published on September 19th, 2024. The new information includes revising product section, mitigation section and renamed title (original title IDEC PLCs).
ECOVACS Update
This update provides additional information on the DEEBOT Vacuum and Base Station advisory that was originally published on May 15th, 2025. The new information includes reporting that mitigation is available for all devices.
KUNBUS Update
This update provides additional information on the Revolution Pi advisory that was originally published on May 1st, 2025. The new information includes adding the new image release for Revolution Pi OS Bookworm in.