CISA Warns of Escalating Threats to Critical Sectors

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories and updated two others, highlighting active vulnerabilities and exploits that continue to threaten industrial control systems (ICS) environments. The disclosures put critical sectors such as energy, utilities, and manufacturing at heightened risk, with potential consequences including privilege escalation, unauthorized access, and disruption of critical services.

Siemens, a leading provider of industrial control systems, has been identified as having several vulnerabilities in its products, including the Desigo CC Product Family and SENTRON Powermanager. According to CISA, these vulnerabilities could allow attackers to gain unauthorized access and escalate privileges, potentially compromising the global critical manufacturing sector. The affected products include:

• Desigo CC Product Family: Versions 5.0, 5.1, 6, 7, and 8 are vulnerable to a ‘least privilege violation’ vulnerability, which could allow privilege escalation.
• SENTRON Powermanager: Versions 5, 6, 7, and 8 are vulnerable to a ‘least privilege violation’ vulnerability, which could allow privilege escalation.

Siemens has recommended that users update their WIBU CodeMeter software to version 8.30a to mitigate the risks associated with these vulnerabilities. The update process involves uninstalling the previously installed version through the Control Panel and then installing CodeMeter V8.30a from WIBU’s support site. Once installation is complete, users should restart the client or server.

Tigo Energy, a company that provides cloud-connected solar energy systems, has also been identified as having several vulnerabilities in its Cloud Connect Advanced equipment. These vulnerabilities, which include hard-coded credentials, command injection, and predictable seed in pseudo-random number generator (PRNG) vulnerabilities, could allow attackers to gain unauthorized administrative access, escalate privileges, and disrupt solar energy production.

The affected versions of Cloud Connect Advanced include 4.0.1 and earlier. Tigo Energy has acknowledged the vulnerabilities and is actively working on a fix to address them.

EG4 Electronics, another company that provides industrial control systems, has been identified as having several vulnerabilities in its EG4 inverters. These vulnerabilities, which include cleartext transmission of sensitive information, download of code without integrity check, observable discrepancy, and improper restriction of excessive authentication attempts, could allow attackers to intercept and manipulate critical data, install malicious firmware, and gain unauthorized control over the system.

The affected EG4 inverters include all versions of the EG4 12kPV, EG4 18kPV, EG4 Flex 21, EG4 Flex 18, EG4 6000XP, EG4 12000XP, and EG4 GridBoss. CISA has assigned several Common Vulnerability and Exposure (CVE) identifiers to the vulnerabilities identified in these products, including CVE-2025-47809, CVE-2025-40758, CVE-2025-7768, CVE-2025-7769, CVE-2025-7770, CVE-2025-52586, CVE-2025-53520, CVE-2025-47872, and CVE-2025-46414.

The agency has also provided recommendations for mitigating the risks associated with these vulnerabilities, including:

• Siemens: Update WIBU CodeMeter software to version 8.30a to mitigate the risks associated with the ‘least privilege violation’ vulnerability.
• Tigo Energy: Update Cloud Connect Advanced equipment to a version that is not vulnerable to hard-coded credentials, command injection, and predictable seed in pseudo-random number generator (PRNG) vulnerabilities.
• EG4 Electronics: Update EG4 inverters to a version that is not vulnerable to cleartext transmission of sensitive information, download of code without integrity check, observable discrepancy, and improper restriction of excessive authentication attempts.

The disclosures by CISA highlight the ongoing threat to industrial control systems and the need for manufacturers and operators to take proactive measures to protect against these vulnerabilities. As the global reliance on industrial control systems continues to grow, the potential consequences of a successful attack could be catastrophic, making it essential for all stakeholders to take these threats seriously and address them promptly.