In a recent development, it has been reported that multiple industrial control system (ICS) devices are currently facing vulnerabilities with critical severity ratings of up to 9.9 on the CVSS base score. This concerning issue was highlighted in a blog post by Cyble on April 10, urging users of industrial hardware providers Rockwell Automation, Hitachi Energy, and Inaba Denki Sangyo to take immediate action and patch these critical vulnerabilities in their products.
The vulnerabilities in question affect a range of products, including the Rockwell Automation Industrial Data Center, Hitachi Energy MicroSCADA Pro/X SYS600, and Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras. These vulnerabilities have been identified as follows:
– CVE-2025-23120: A deserialization of untrusted data vulnerability in Veeam Backup and Replication, posing a risk of remote code execution within the Rockwell Automation Industrial Data Center product range, with a CVSS v3.1 score of 9.9.
– CVE-2025-25211: A weak password requirement vulnerability in Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, potentially leading to unauthorized access with a CVSS v3.1 score of 9.8.
– CVE-2025-26689: A forced browsing vulnerability in Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, which could result in data tampering and product setting modifications, scoring a 9.8 on the CVSS v3.1 scale.
– CVE-2024-4872: An improper neutralization of special elements in data query logic vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, with a potential for code injection and a CVSS v3.1 score of 8.8.
– CVE-2024-3980: A path traversal vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, allowing for file system manipulation and session hijacking, also scoring 8.8 on the CVSS v3.1 rating.
These vulnerabilities have been highlighted as the most critical in Cyble’s latest ICS Vulnerability Report, which examined a total of 70 flaws across ICS, operational technology (OT), and supervisory control and data acquisition (SCADA) systems. The impact of these vulnerabilities spans across various sectors, including critical manufacturing, energy, healthcare, wastewater, and commercial facilities.
Cyble has emphasized the importance of immediate mitigation measures to prevent potential exploitation, such as patching, authentication hardening, and access restrictions. The critical role of SCADA, DCS, and MES systems necessitates proactive steps to address these vulnerabilities and ensure the security and stability of industrial control systems.
This latest revelation adds to the ongoing challenges faced by organizations in securing ICS environments, highlighting the need for robust cybersecurity measures and proactive risk management strategies. It is imperative for industrial hardware providers and users to stay vigilant and address these vulnerabilities promptly to safeguard their systems and prevent potential cyber threats.
In conclusion, the identification of these critical vulnerabilities underscores the critical need for ongoing vigilance and proactive cybersecurity measures in the ever-evolving landscape of industrial control systems. Organizations must prioritize security efforts to mitigate risks and ensure the resilience of their ICS environments against potential cyber threats.