7 Advisories and 2 Updates Published – 9-18-25
Today CISA’s NCCIC-ICS published control system security advisories for products from Dover Fueling, Cognex, Hitachi Energy (2), Schneider Electric, and Westermo (2). They also published an update for products from Mitsubishi and End-of-Train.
Dover Advisory
This advisory describes three vulnerabilities in the Dover ProGauge MagLink LX4 products. The vulnerabilities were reported to CISA by Pedro Umbelino of Bitsight TRACE. Dover has a new version that mitigates the vulnerabilities.
The three reported vulnerabilities are:
Integer overflow or wraparound - CVE-2025-55068,
Use of hard-coded cryptographic key - CVE-2025-54807, and
Use of weak credentials - CVE-2025-30519
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to result in a remote attacker causing a denial-of-service condition or gaining administrative access to the device.
Cognex Advisory
This advisory describes nine vulnerabilities in the Cognex In-Sight Explorer and In-Sight Camera products. The vulnerabilities were reported to CISA by Diego Giubertoni of Nozomi Networks. Cognex reports that the affected products are legacy products and no fix is planned.
The nine reported vulnerabilities are:
Use of hard-coded password - CVE-2025-54754,
Cleartext transmission of sensitive information (2) - CVE-2025-47698 and CVE-2025-54818,
Incorrect default permissions - CVE-2025-53947,
Improper restriction of excessive authentication attempts - CVE-2025-54860,
Incorrect permissions assignment for critical resource (2) - CVE-2025-52873 and CVE-2025-54497,
Authentication bypass by capture replay - CVE-2025-54810,
Client-side enforcement of server-side security - CVE-2025-53969
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to disclose sensitive information, steal credentials, modify files, or cause a denial-of-service condition.
Hitachi Energy Advisory #1
This advisory discusses a deserialization of untrusted data vulnerability in the Hitachi Energy Service Suite. This is a third-party (Oracle) vulnerability with publicly available exploit; this vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog. Hitachi Energy has a new version that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow attackers to compromise Oracle WebLogic Server, resulting in potential impacts on confidentiality, integrity, and availability.
NOTE: I briefly discussed this vulnerability on August 30th, 2025.
Hitachi Energy Advisory #2
This advisory discusses six vulnerabilities in the Hitachi Energy Asset Suite product. These are third-party vulnerabilities. Hitachi Energy has new versions that mitigate the vulnerabilities.
The six reported vulnerabilities are:
Server-side request forgery - CVE-2022-44729,
Deserialization of untrusted data - CVE-2023-6378,
Cleartext storage of sensitive information - CVE-2022-45868 (exploit),
Uncontrolled resource consumption - CVE-2025-23184,
Open redirect - CVE-2024-22262, and
Improper authentication - CVE-2022-41678 (exploit)
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow attackers to trigger resource consumption or information disclosure through SSRF in Apache XML Graphics Batik, mount a Denial-Of-Service attack via poisoned data in logback, discover cleartext passwords in H2 Database Engine, fill up the file system in Apache CXF, perform open redirect or SSRF attacks through UriComponentsBuilder, and execute arbitrary code in Apache ActiveMQ.
NOTE: I briefly discussed this vulnerability on August 30th, 2025.
Schneider Advisory
This advisory describes two OS command injection vulnerabilities in the Schneider Saitel DR & Saitel DP remote terminal units. The vulnerabilities were reported by Robin Senn and Sebastian Krause of GAI NetConsult GmbH. Schneider has new versions that mitigate the vulnerabilities.
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to enable the attacker to execute arbitrary shell commands on the affected devices.
NOTE: I briefly discussed these vulnerabilities on September 14th, 2025.
Westermo Advisory #1
This advisory describes an improper validation of syntactic correctness of input vulnerability in the Westermo WeOS 5 products. The vulnerability was self-reported. Westermo has a new version that mitigates the vulnerability.
NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to cause the device to reboot.
NOTE: I briefly discussed this vulnerability on March 29th, 2025.
Westermo Advisory #2
This advisory describes an OS command injection vulnerability in the Westermo WeOS 5 product. The vulnerability was self-reported. Westermo provides generic mitigation measures.
NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to allow an attacker with administrative permissions to execute commands that would typically be inaccessible. This could allow the execution of commands with privileges beyond those normally granted to the attacker.
NOTE: I briefly discussed this vulnerability on July 6th, 2025.
Mitsubishi Update
This update provides additional information on the FA Engineering Software advisory that was originally published on January 30th, 2024, and most recently updated on February 13th, 2025. The new information includes updating affected versions and mitigations.
End-of-Train Update
This update provides additional information on the Remote Linking Protocol advisory that was originally published on July 10th, 2025, and most recently updated on September 4th, 2025. The new information includes expanding affected device list with Siemens and DPS Electronics products.
NOTE: Earlier this week Siemens published an advisory reflecting their products affected by this vulnerability. I will address that advisory this weekend in my Public ICS Disclosures post.