Serial number: AV25–838
Date: December 15, 2025
Between December 8 and 14, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- AzeoTech DAQFactory – release 20.7 (Build 2555) and prior
- Festo Software LX Appliance – versions prior to June 2023
- Grassroots DICOM (GDCM) – versions 3.0.24 and prior
- Grassroots Simple TK – versions 2.5.2 and prior
- Grassroots medlnria – versions 4.0 and prior
- Johnson Controls iSTAR – multiple models and versions
- Multiple India-based CCTV Cameras – D-Link DCS-F5614-L1, Sparsh Securitech and Securus
- OpenPLC_V3 – versions prior to pull request #310
- Siemens Advanced Licensing (SALT) Toolkit – multiple models and versions
- Siemens Building X - Security Manager Edge Controller (ACC-AP) – all versions
- Siemens Energy Services – all versions with G5DFR
- Siemens Gridscale X Prepay – versions prior to 4.2.1
- Siemens IAM Client – multiple models and versions
- Siemens SINEMA Remote Connect Server – versions prior to V3.2 SP4
- U-Boot – versions prior to 2017.11 on multiple Qualcomm chips
- Varex Imaging Panoramic Dental Imaging Software – versions prior to 6.6.1.490
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.