CISA has released two advisories addressing vulnerabilities in critical Industrial Control Systems (ICS) products from ABB and Nedap. These advisories aim to inform users about security weaknesses that could be exploited by cyber attackers, emphasizing the need for immediate action to mitigate risks. Affected: ABB ASPECT-Enterprise, NEXUS, MATRIX Series Products, Nedap Librix Ecoreader
Keypoints :
- CISA released advisories ICSA-25-007-01 and ICSA-25-007-02 to address vulnerabilities in ICS products.
- ICSA-25-007-01 focuses on ABB’s ASPECT-Enterprise, NEXUS, and MATRIX series products.
- ICSA-25-007-02 addresses vulnerabilities in Nedap’s Librix Ecoreader.
- ABB’s vulnerabilities include weak passwords, code injection, and unauthorized access risks.
- Mitigations include upgrading systems to version 3.08.02 or later and applying security patches.
- Both advisories highlight the potential for remote exploitation of vulnerabilities.
- Organizations are urged to prioritize security updates to protect critical infrastructure.
MITRE Techniques :
- TA0001 – Initial Access: Exploiting weak passwords (CVE-2024-48845).
- TA0002 – Execution: Code Injection (CVE-2024-48839).
- TA0003 – Persistence: Unrestricted Upload of Dangerous Files (CVE-2024-51548).
- TA0004 – Privilege Escalation: Cleartext Transmission of Sensitive Information (CVE-2024-6515).
- TA0005 – Defense Evasion: Cross-site Scripting (XSS) (CVE-2024-6516).
- TA0006 – Credential Access: Improper Validation of Specified Type of Input (CVE-2024-6298).
- TA0007 – Discovery: Server-Side Request Forgery (SSRF) (CVE-2024-6784).
- TA0008 – Collection: Files or Directories Accessible to External Parties (CVE-2024-6209).
Indicator of Compromise :
- [file name] CVE-2024-6209
- [file name] CVE-2024-6298
- [file name] CVE-2024-6515
- [file name] CVE-2024-6516
- [file name] CVE-2024-6784
- Check the article for all found IoCs.
Full Research: https://malware.news/t/cisa-releases-two-new-industrial-control-systems-advisories-for-2025/89970