---
title: "CISA Issues 12 Critical ICS Advisories: Patch Now to Secure Systems"
short_title: "CISA releases 12 critical ICS advisories"
description: "CISA unveils 12 Industrial Control Systems advisories targeting vulnerabilities in Siemens, Johnson Controls, and more. Learn about risks and mitigation steps."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [ics, cisa, vulnerabilities, industrial-control-systems, cybersecurity]
score: 0.85
cve_ids: []
---
TL;DR
The Cybersecurity and Infrastructure Security Agency (CISA) has released 12 critical Industrial Control Systems (ICS) advisories addressing vulnerabilities in products from Siemens, Johnson Controls, AzeoTech, OpenPLC, and medical imaging software. These flaws could expose critical infrastructure to cyberattacks, emphasizing the need for immediate patching and mitigation.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has published 12 new Industrial Control Systems (ICS) advisories, highlighting vulnerabilities in widely used systems across sectors like energy, healthcare, and manufacturing. These advisories provide timely insights into security risks, exploitation methods, and mitigation strategies to help organizations safeguard their infrastructure.
Given the growing threat of cyberattacks on critical infrastructure, these advisories serve as a critical reminder for organizations to prioritize patching and proactive security measures.
---
Key Points
- 12 advisories cover vulnerabilities in Siemens, Johnson Controls, AzeoTech, OpenPLC, and medical imaging software.
- Affected systems are used in energy, healthcare, manufacturing, and building management.
- Exploitation of these vulnerabilities could lead to unauthorized access, disruption of operations, or data breaches.
- CISA urges users and administrators to review the advisories and apply recommended mitigations immediately.
---
Affected Systems
The advisories address vulnerabilities in the following products:
| Advisory ID | Product | Vendor | Sector |
|-----------------------|-------------------------------------------------|---------------------|--------------------------|
| ICSA-25-345-01 | Johnson Controls iSTAR | Johnson Controls | Building Management |
| ICSA-25-345-02 | Johnson Controls iSTAR Ultra | Johnson Controls | Building Management |
| ICSA-25-345-03 | AzeoTech DAQFactory | AzeoTech | Industrial Automation |
| ICSA-25-345-04 | Siemens IAM Client | Siemens | Energy, Manufacturing |
| ICSA-25-345-05 | Siemens Advanced Licensing (SALT) Toolkit | Siemens | Energy, Manufacturing |
| ICSA-25-345-06 | Siemens SINEMA Remote Connect Server | Siemens | Energy, Manufacturing |
| ICSA-25-345-07 | Siemens Building X - Security Manager Edge Controller | Siemens | Building Management |
| ICSA-25-345-08 | Siemens Energy Services | Siemens | Energy |
| ICSA-25-345-09 | Siemens Gridscale X Prepay | Siemens | Energy |
| ICSA-25-345-10 | OpenPLC_V3 | OpenPLC | Industrial Automation |
| ICSMA-25-345-01 | Grassroots DICOM (GDCM) | Grassroots | Healthcare |
| ICSMA-25-345-02 | Varex Imaging Panoramic Dental Imaging Software | Varex Imaging | Healthcare |
---
Impact Assessment
Industrial Control Systems (ICS) are the backbone of critical infrastructure, including power plants, water treatment facilities, manufacturing plants, and healthcare systems. Vulnerabilities in these systems can have severe consequences, such as:
- Operational Disruption: Attackers could exploit flaws to disable or manipulate industrial processes, leading to downtime or safety hazards.
- Unauthorized Access: Exploitation could allow threat actors to gain control of sensitive systems, potentially causing physical damage or data breaches.
- Supply Chain Risks: Compromised ICS systems can disrupt supply chains, affecting industries reliant on continuous operations.
- National Security Threats: Targeted attacks on critical infrastructure could pose risks to national security, particularly in sectors like energy and healthcare.
---
Mitigation Steps
CISA recommends the following actions to mitigate risks associated with these vulnerabilities:
1. Review Advisories: Access the [full list of advisories](https://www.cisa.gov/news-events/alerts/2025/12/11/cisa-releases-12-industrial-control-systems-advisories) for technical details and vendor-specific guidance.
2. Apply Patches: Install vendor-provided patches or updates immediately to address identified vulnerabilities.
3. Segment Networks: Isolate ICS networks from corporate IT networks to limit the spread of potential attacks.
4. Monitor for Threats: Deploy intrusion detection systems (IDS) and security information and event management (SIEM) tools to detect suspicious activity.
5. Implement Access Controls: Restrict access to ICS systems to authorized personnel only and enforce multi-factor authentication (MFA).
6. Conduct Regular Audits: Perform security audits and vulnerability assessments to identify and address weaknesses in ICS environments.
---
Conclusion
The release of these 12 ICS advisories underscores the growing cyber threats facing critical infrastructure. Organizations must act swiftly to assess their exposure, apply patches, and implement robust security measures to protect against potential attacks.
As cyber threats evolve, proactive cybersecurity practices are essential to safeguarding the systems that power our daily lives. Stay informed, stay vigilant, and prioritize the security of your industrial control systems.
---
References
[^1]: CISA. "[CISA Releases 12 Industrial Control Systems Advisories](https://www.cisa.gov/news-events/alerts/2025/12/11/cisa-releases-12-industrial-control-systems-advisories)". Retrieved 2025-01-24.
[^2]: Wikipedia. "[Industrial Control System](https://en.wikipedia.org/wiki/Industrial_control_system)". Retrieved 2025-01-24.
[^3]: Wikipedia. "[Cybersecurity and Infrastructure Security Agency](https://en.wikipedia.org/wiki/Cybersecurity_and_Infrastructure_Security_Agency)". Retrieved 2025-01-24.