The Cybersecurity and Infrastructure Security Agency (CISA) released six advisories this month addressing vulnerabilities in Industrial Control Systems (ICS). These advisories highlight critical flaws that could be exploited to compromise critical infrastructure, disrupt operations, and potentially endanger public safety.

Our research team have summarised each of the following vulnerabilities in the sections below, with mitigation advice on how you can reduce the risk and mitigate these vulnerabilities:

mySCADA myPRO Manager (ICSA-25-023-01)

Affected Product(s):

• myPRO Manager: Versions prior to 1.3
• myPRO Runtime: Versions prior to 9.2.1

Vulnerability Overview: The mySCADA myPRO Manager is susceptible to an authentication bypass vulnerability. An attacker could exploit this flaw to gain unauthorised access to the system without valid credentials.

Potential Impact: Unauthorised access could allow attackers to manipulate system configurations, access sensitive data, or disrupt industrial processes managed by the myPRO Manager.

Mitigation Recommendations:

• Update Software: Ensure that the myPRO Manager is updated to the latest version provided by mySCADA, which addresses this vulnerability.
  • mySCADA PRO Manager 1.3
  • mySCADA PRO Runtime 9.2.1
• Network Segmentation: Isolate the myPRO Manager from untrusted networks to limit exposure.
• Access Controls: Implement strict access controls and monitor logs for any unauthorised access attempts.

Hitachi Energy RTU500 Series Product (ICSA-25-023-02)

Affected Product:

• RTU500 series CMU Firmware: Version 13.5.1 up to and including 13.5.3
• RTU500 series CMU Firmware: Version 13.4.1 up to and including 13.4.4
• RTU500 series CMU Firmware: Version 13.2.1 up to and including 13.2.7

Vulnerability Overview: The RTU500 series contains a vulnerability related to improper input validation. An attacker could exploit this by sending specially crafted packets, leading to potential denial-of-service conditions or arbitrary code execution.

Potential Impact: Exploitation could result in disruption of data acquisition and control functions, impacting the reliability of operations managed by the RTU.

Mitigation Recommendations:

• Firmware Update: Upgrade all affected devices to CMU firmware version 13.6.1 and enable secure update feature on all CMUs of an RTU500.
• Input Validation: Implement additional input validation checks to ensure data integrity.
• Network Monitoring: Deploy intrusion detection systems to monitor for anomalous traffic patterns targeting the RTU.

Schneider Electric EVlink Home Smart and Schneider Charge (ICSA-25-023-03)

Affected Products:

• EVlink Home Smart: All versions prior to 2.0.6.0.0
• Schneider Charge: All versions prior to 1.13.4

Vulnerability Overview: These products are affected by vulnerabilities that could allow unauthorised access and control over the charging systems. Specific details of the vulnerabilities were not disclosed but may involve issues like weak authentication mechanisms or exposed interfaces.

Potential Impact: Attackers could potentially start or stop charging sessions, alter configurations, or access user data, leading to unauthorised use or disruption of services.

Mitigation Recommendations:

• Firmware Update: Update to the latest firmware versions provided by Schneider Electric that address these vulnerabilities. These versions should be EVlink Home Smart (Version 2.0.6.0.0) and Schneider Charge  (version 1.13.4)
• Secure Configuration: Ensure that default passwords are changed, and strong, unique credentials are used.
• Network Security: Place the charging systems behind secure networks and restrict remote access.

Schneider Electric Easergy Studio (ICSA-25-023-04)

Affected Product:

• Easergy Studio: Versions 9.3.1 and prior

Vulnerability Overview: Easergy Studio contains vulnerabilities that could allow an attacker to execute arbitrary code or cause a denial-of-service condition. These issues may stem from buffer overflows or improper handling of certain file types.

Potential Impact: Successful exploitation could compromise the system running Easergy Studio, leading to potential control over connected devices or disruption of configuration and monitoring activities.

Mitigation Recommendations:

• Software Update: Apply the latest updates from Schneider Electric that mitigate these vulnerabilities. Easergy Studio (version 9.3.4 and later) has fixed this vulnerability.
• File Handling: Avoid opening untrusted files with Easergy Studio to prevent exploitation.
• System Hardening: Implement application whitelisting and other security measures to protect the system running Easergy Studio.

Schneider Electric EcoStruxure Power Build Rapsody (ICSA-25-023-05)

Affected Product:

• EcoStruxure Power Build Rapsody: Version v2.5.2 NL and prior
• EcoStruxure Power Build Rapsody: Version v2.7.1 FR and prior
• EcoStruxure Power Build Rapsody: Version v2.7.5 ES and prior
• EcoStruxure Power Build Rapsody: Version v2.5.4 INT and prior

Vulnerability Overview: This software is affected by vulnerabilities that could allow unauthorised access or modification of project files. The specifics may involve improper access controls or insecure storage of sensitive information.

Potential Impact: An attacker could alter electrical distribution configurations, leading to potential malfunctions or safety hazards in the designed systems.

Mitigation Recommendations:

Schneider Electric has the following remediations to fix this vulnerability. Please reboot the system after installing the new version:

• EcoStruxure Power Build Rapsody Versions v2.5.2 NL and prior: Version NL v2.7.2 includes a fix for this vulnerability and is available for download.
• EcoStruxure Power Build Rapsody Versions v2.7.1 FR and prior: Version FR v2.7.12 includes a fix for this vulnerability and is available for download.
• EcoStruxure Power Build Rapsody Versions v2.7.5 ES and prior: Version ES v2.7.52 includes a fix for this vulnerability and is available for download.
• EcoStruxure Power Build Rapsody Versions v2.5.4 INT and prior: Schneider Electric is establishing a remediation plan for all future versions of EcoStruxure Power Build Rapsody INT version that will include a fix for this vulnerability. Schneider Electric will update SEVD-2025-014-09 when the remediation is available.

Until installing the new version, users should immediately apply the following mitigations to reduce the risk of exploit:

• Only open projects from trusted sources.
• Ensure use of malware scans before opening any externally created project.
• Encrypt project file when stored and restrict the access to only trusted users.
• When exchanging files over the network, use secure communication protocols.
• Compute a hash of the project files and regularly check the consistency of this hash to verify the integrity before usage.

HMS Networks Ewon Flexy 202 (ICSA-25-023-06)

Affected Product:

• Ewon Flexy 202: All versions

Vulnerability Overview: The Ewon Flexy 202 has vulnerabilities that could allow an attacker to gain unauthorized access or disrupt device functionality. Details may include issues like improper authentication mechanisms or exposed services.

Potential Impact: Exploitation could lead to unauthorised data access, manipulation of device settings, or denial-of-service conditions affecting remote monitoring and control capabilities.

Mitigation Recommendations:

• Integrate with Talk2M Cloud: Always use the Flexy device in conjunction with Talk2M cloud. This guarantees a robust security level for your remote access connections.
• Disable Unused Protocols: Regularly review and disable any unsecure protocols that are not in use.
• Network Segmentation: Isolate the Ewon Flexy 202 from untrusted networks and monitor access logs for suspicious activities.