The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued heightened cybersecurity alerts on February 18, 2025, with the release of two crucial advisories concerning Industrial Control Systems (ICS) vulnerabilities in Delta Electronics’ CNCSoft-G2 and Rockwell Automation’s GuardLogix controllers.
These alerts, identified as ICSA-24-191-01 (Update A) and ICSA-25-035-02 (Update A), target severe flaws that could potentially lead to remote code execution and denial-of-service attacks in industrial settings.
Delta Electronics CNCSoft-G2 Vulnerabilities Expose Systems to Remote Exploitation
CISA’s ICSA-24-191-01 advisory sheds light on six critical vulnerabilities within Delta Electronics’ CNCSoft-G2, a popular human-machine interface (HMI) software utilized in manufacturing and CNC machining systems. These vulnerabilities, rated with a CVSS v4 score of 8.4, impact versions 2.0.0.5 through 2.1.0.16 and are rooted in memory corruption weaknesses:
1. CVE-2024-39880: A stack-based buffer overflow enables attackers to execute arbitrary code by deceiving users into accessing malicious files or compromised websites.
2. CVE-2024-39881: An out-of-bounds write vulnerability allows for memory corruption under similar attack scenarios.
3. CVE-2024-39882: An out-of-bounds read flaw facilitates the leakage of sensitive data or process crashes.
4. CVE-2024-39883: A heap-based buffer overflow in version 2.0.0.5 allows for code execution.
5. CVE-2024-12858: Impacting versions up to 2.1.0.16, this heap overflow could grant full system control.
6. CVE-2025-22880: Versions 2.1.0.10 and prior are susceptible to heap-based overflows via malicious files.
CISA pointed out that all vulnerabilities demand minimal attack complexity and do not require any privileges for exploitation. Successful attacks could disrupt manufacturing operations, compromise intellectual property, or enable lateral movement within operational technology (OT) networks.
Rockwell Automation GuardLogix Controllers at Risk of Denial-of-Service Attacks
The second advisory, ICSA-25-035-02, is focused on Rockwell Automation’s GuardLogix 5380 and 5580 controllers, which are crucial components in industrial safety systems. The vulnerability CVE-2025-24478 (CVSS v4: 7.1) stems from improper exception handling, allowing unprivileged remote threat actors to trigger major faults and denial-of-service conditions. Affected firmware includes GuardLogix 5580 (SIL 3) versions before V33.017, V34.014, V35.013, and V36.011, as well as Compact GuardLogix 5380 SIL 3 versions predating the same updates.
Exploiting this vulnerability could potentially halt safety-critical processes in sectors such as energy, pharmaceuticals, and automotive manufacturing, leading to operational shutdowns and safety incidents.
CISA recommends organizations using Delta Electronics CNCSoft-G2 to promptly upgrade to patched versions. For Rockwell Automation systems, firmware updates to GuardLogix 5380/5580 controllers beyond the affected versions are essential. Temporary mitigation measures include segmenting OT networks from corporate IT environments, restricting file execution and web access on HMIs, and monitoring for abnormal traffic to PLCs and safety controllers.
Both Delta Electronics and Rockwell Automation have issued patches and workarounds through their respective security portals. CISA’s advisories highlight the increasing risks to ICS environments due to outdated software and interconnected systems, which expand the attack surface.
Given that industrial infrastructure is increasingly targeted by nation-states and cybercriminal groups, these advisories underscore the critical need for proactive vulnerability management. Organizations should prioritize patch deployment, network segmentation, and continuous monitoring to safeguard critical operations.
For comprehensive technical details, organizations are encouraged to review CISA’s advisories ICSA-24-191-01 and ICSA-25-035-02 on the official CISA.gov repository.