Overview
The Cyble report, part of the latest ICS Vulnerability Report, examined 70 ICS, Operational Technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities identified in 16 recent advisories issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Cyble highlighted several critical industrial control system (ICS) vulnerabilities in recent reports to clients, with the most severe vulnerabilities reaching 9.8 to 9.9 ratings.
The 70 vulnerabilities include six critical and 20 high-severity flaws, in addition to 44 medium-severity vulnerabilities. In all, the flaws affect ICS systems across five sectors, including critical manufacturing, energy, healthcare, wastewater and commercial facilities.
“The disclosed vulnerabilities pose a severe risk to the critical manufacturing sector, impacting both operational and control systems,” Cyble wrote. “Given the critical role of SCADA, DCS, and MES systems, immediate mitigation—including patching, authentication hardening, and access restrictions—is essential to prevent exploitation.”
Critical ICS Vulnerabilities
Here are the most critical ICS vulnerabilities highlighted by Cyble.
The Rockwell Automation Industrial Data Center (IDC) with Veeam and VersaVirtual Appliance (VVA) with Veeam have a critical Deserialization of Untrusted Data vulnerability resulting from CVE-2025-23120, a remote code execution (RCE) vulnerability in Veeam Backup and Replication, highlighting the complexity and dependencies of ICS products. Successful exploitation could allow an attacker with administrative privileges to execute code on the target system, potentially compromising MES and ERP systems. Organizations should patch affected systems and enforce secure deserialization practices. A proof of concept is publicly available for the vulnerability, raising the potential for exploitation.
Hitachi Energy MicroSCADA Pro/X SYS600 substation management systems have multiple vulnerabilities, including Improper Neutralization of Special Elements in Data Query Logic (CVE-2024-4872) and Path Traversal (CVE-2024-3980) vulnerabilities. Successful exploitation could allow an attacker to inject code into persistent data, manipulate the file system, hijack a session, or engage in phishing attempts against users. Strong access controls and input validation are recommended.
Inaba Denki Sangyo CHOCO TEI WATCHER mini industrial cameras are affected by multiple vulnerabilities, including a weak password requirement vulnerability (CVE-2025-25211) and a forced browsing vulnerability (CVE-2025-26689). An attacker could exploit the vulnerabilities to obtain passwords, gain unauthorized access, tamper with product data, and modify product settings CISA said.
Recommendations for Mitigating ICS Vulnerabilities
Cyble recommends the following controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. These measures include:
- Staying on top of security advisories and patch alerts issued by vendors and regulatory bodies like CISA. A risk-based approach to vulnerability management reduces the risk of exploitation.
- Implementing a Zero-Trust Policy to minimize exposure and ensure that all internal and external network traffic is scrutinized and validated.
- Developing a comprehensive patch management strategy that covers inventory management, patch assessment, testing, deployment, and verification. Automating these processes can help maintain consistency and improve efficiency.
- Network segmentation can limit an attacker’s potential damage and prevent lateral movement across networks. This is particularly important for securing critical ICS assets, which should not be exposed to the Internet if possible and properly protected if remote access is essential.
- Conducting regular vulnerability assessments and penetration testing to identify gaps in security that might be exploited by threat actors.
- Establishing and maintaining an incident response plan and ensuring that it is tested and updated regularly to adapt to the latest threats.
- All employees, especially those working with Operational Technology (OT) systems, should be required to undergo ongoing cybersecurity training programs. The training should focus on recognizing phishing attempts, following authentication procedures, and understanding the importance of cybersecurity practices in day-to-day operations.
Conclusion
These vulnerabilities highlight the dangers that critical infrastructure system vulnerabilities can pose to vital sectors like energy, critical manufacturing, and other sensitive environments. Users should heed the advice of CISA, vendors, and security researchers and ensure that these critical systems are patched and properly protected.
Regardless of the sector, staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls can limit risk. This includes limiting internet exposure and properly protecting assets that must be accessed remotely.
To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.
