Serial number: AV25-158
Date: March 24, 2025
Between March 17 and 23, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- Rockwell Automation Endpoint Protection Service with RA Proxy & VMware only – all versions
- Rockwell Automation Engineered and Integrated Solutions with VMware – all versions
- Rockwell Automation Industrial Data Center (IDC) with VMware – Generations 1 to 4
- Rockwell Automation Threat Detection Managed Services (TDMS) with VMware – all versions
- Rockwell Automation VersaVirtual Appliance (VVA) with VMware – Series A and B
- Santesoft Sante DICOM Viewer Pro – version 14.1.2 and prior
- Schneider Electric ASCO 5310 Single-Channel Remote Annunciator – all versions
- Schneider Electric ASCO 5350 Eight Channel Remote Annunciator – all versions
- Schneider Electric EcoStruxure Panel Server – versions v2.0 and prior
- Schneider Electric EcoStruxure Power Automation System – versions 2.6.30.19 and prior
- Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) – version v2.1 to v2.9
- Schneider Electric EcoStruxure Process Expert – versions 2020R2, 2021 and 2023 (prior to v4.8.0.5715)
- Schneider Electric EcoStruxure Process Expert for AVEVA System Platform – versions 2020R2, 2021 and 2023
- Schneider Electric Enerlin'X eIFE – all versions
- Schneider Electric Enerlin'X IFE interface – all versions
- Siemens Simcenter Femap V2401 – versions prior to V2401.0003
- Siemens Simcenter Femap V2406 – versions prior to V2406.0002
- SMA Sunny Portal – all versions before December 19, 2024
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.