Security

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 9.3
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Yokogawa
• Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000
• Vulnerability: Missing Authentication for Critical Function

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Yokogawa recorder products are affected:

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools). When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed.

CISA released nine Industrial Control Systems (ICS) advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-105-01 Siemens Mendix Runtime
• ICSA-25-105-02 Siemens Industrial Edge Device Kit
• ICSA-25-105-03 Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
• ICSA-25-105-04 Growatt Cloud Applications
• ICSA-25-105-05 Lantronix Xport
• ICSA-25-105-06 National Instruments LabVIEW
• ICSA-25-105-07 Delta Electronics COMMGR
• ICSA-25-105-08 ABB M2M Gateway
• ICSA-25-105-09 Mitsubishi Electric Europe B.V. smartRTU
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 9.3
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Delta Electronics
• Equipment: COMMGR
• Vulnerability: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the COMMGR software and execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of COMMGR, a software management platform that contain virtual PLCs, are affected:

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 9.3
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Growatt
• Equipment: Cloud Applications
• Vulnerabilities: Cross-site Scripting, Authorization Bypass Through User-Controlled Key, Insufficient Type Distinction, External Control of System or Configuration Setting

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Growatt products are affected:

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 9.3
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Mitsubishi Electric Europe B.V.
• Equipment: smartRTU
• Vulnerability: Missing Authentication for Critical Function, OS Command Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric Europe reports following versions of smartRTU are affected:

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials. During upgrade, the sshd service must be restarted right away using the same connection to avoid being locked out.

The malicious code path does not exist in the arch version of sshd, as it does not link to liblzma. 



However, out of an abundance of caution, we advise users to avoid the vulnerable code in their system as it is possible it could be triggered from other, un-identified vectors.