Serial number: AV25-459
Date: July 28, 2025
Between July 21 and 27, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- DuraComm SPM-500 DP-10iN-100-MU – version 4.10 and prior
- Honeywell Experion PKS – versions prior to R520.2 TCU9 Hot Fix 1
- Honeywell Experion PKS – versions prior to R530 TCU3 Hot Fix 1
- LG Innotek Camera Model LNV5110R – all versions
- Lantronix Provisioning Manager – version 7.10.2 and prior
- Mitsubishi Electric CNC Series – all versions
- Network Thermostat X-Series WiFi Thermostats – multiple versions and models
- Schneider Electric EcoStruxure IT Data Center Expert – version v8.3 and prior
- Schneider Electric EcoStruxure Power Monitoring Expert (PME) – version 2023
- Schneider Electric EcoStruxure Power Monitoring Expert (PME) – version 2023 R2
- Schneider Electric EcoStruxure Power Monitoring Expert (PME) – version 2024
- Schneider Electric EcoStruxure Power Monitoring Expert (PME) – version 2024 R2
- Schneider Electric EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module – version 2022
- Schneider Electric EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module – version 2024
- Schneider Electric EcoStruxure Power Operation (EPO) – version 2022 CU6 and prior
- Schneider Electric EcoStruxure Power Operation (EPO) – version 2024 CU1 and prior
- Schneider Electric System Monitor application in Harmony Industrial PC series – all versions
- Schneider Electric System Monitor application in Pro-face Industrial PC series – all versions
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.