The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On March 20, 2025, CISA Released Five Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Schneider Electric EcoStruxure™ – Used in Water and Wastewater Systems and Energy
- Schneider Electric Enerlin’X IFE and eIFE – Used in Energy
- Siemens Simcenter Femap
- SMA Sunny Portal – Used in Energy
- Santesoft Sante DICOM Viewer Pro
On March 18, 2025, CISA Released Seven Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
- Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) – Used in Energy
- Rockwell Automation Lifecycle Services with VMware
- Schneider Electric EcoStruxure Power Automation System – Used in Energy
- Schneider Electric EcoStruxure Panel Server – Used in Energy
- Schneider Electric ASCO 5310/5350 Remote Annunciator – Used in Energy
- Schneider Electric Modicon (Update A) – Used in Energy
- Mitsubishi Electric CNC Series (Update B)
Additional Alerts, Updates, and Bulletins:
- March 19 - CISA Adds Three Known Exploited Vulnerabilities to Catalog
- March 18 - CISA Adds Two Known Exploited Vulnerabilities to Catalog
- Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066
Related WaterISAC PIRs: 6, 8
