---
title: "CISA Issues Critical Advisories for ICS Vulnerabilities in Wheelchairs and DAQ Software"
short_title: "CISA warns of critical ICS vulnerabilities"
description: "CISA releases two urgent Industrial Control Systems advisories for WHILL wheelchairs and AzeoTech DAQFactory. Learn technical details and mitigation steps now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [ics, cisa, vulnerabilities, cybersecurity, industrial-control-systems]
score: 0.75
cve_ids: []
---
TL;DR
CISA has released two critical Industrial Control Systems (ICS) advisories addressing vulnerabilities in WHILL Model C2 Electric Wheelchairs and AzeoTech DAQFactory software. These flaws could expose affected systems to remote attacks, posing risks to safety and operational integrity. Users and administrators are urged to review the advisories and apply mitigations immediately.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has published two new Industrial Control Systems (ICS) advisories, highlighting vulnerabilities in widely used technologies. These advisories provide timely insights into security risks, exploitation methods, and mitigation strategies for affected systems. The vulnerabilities impact WHILL Model C2 Electric Wheelchairs and AzeoTech DAQFactory, both of which play critical roles in their respective domains—healthcare mobility and industrial data acquisition.
Key Points
- ICSA-25-364-01: Vulnerabilities in WHILL Model C2 Electric Wheelchairs could allow unauthorized access or control, posing safety risks to users.
- ICSA-25-345-03: AzeoTech DAQFactory (Update A) contains flaws that may enable remote code execution or denial-of-service attacks in industrial environments.
- CISA emphasizes the urgency of reviewing these advisories to implement necessary mitigations and protect critical infrastructure.
---
Affected Systems
#### 1. WHILL Model C2 Electric Wheelchairs
WHILL’s Model C2 Electric Wheelchairs are advanced mobility devices designed for users with limited mobility. These wheelchairs rely on wireless connectivity and embedded software for operation, making them potential targets for cyber threats. The advisory highlights vulnerabilities that could be exploited to compromise device functionality or gain unauthorized control.
#### 2. AzeoTech DAQFactory (Update A)
AzeoTech DAQFactory is a popular data acquisition and control software used in industrial environments to monitor and manage processes. The identified vulnerabilities in this software could allow attackers to execute arbitrary code, disrupt operations, or access sensitive data. This poses significant risks to industries relying on DAQFactory for critical operations.
---
Impact Assessment
The vulnerabilities outlined in these advisories have far-reaching implications:
- Safety Risks: For WHILL wheelchairs, exploitation could lead to unauthorized control of the device, endangering users' physical safety.
- Operational Disruption: In industrial settings, attacks on AzeoTech DAQFactory could disrupt production lines, cause data loss, or enable further network infiltration.
- Regulatory Compliance: Organizations failing to address these vulnerabilities may face compliance violations, particularly in sectors governed by strict cybersecurity regulations (e.g., healthcare, critical infrastructure).
---
Mitigation Steps
CISA recommends the following actions to mitigate risks associated with these vulnerabilities:
1. Review the Advisories:
- [ICSA-25-364-01: WHILL Model C2 Electric Wheelchairs](https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01)
- [ICSA-25-345-03: AzeoTech DAQFactory (Update A)](https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03)
2. Apply Patches and Updates:
- Ensure all affected systems are updated to the latest firmware or software versions provided by the vendors.
3. Implement Network Segmentation:
- Isolate critical systems, such as ICS and medical devices, from general IT networks to limit exposure to potential attacks.
4. Monitor for Suspicious Activity:
- Deploy intrusion detection systems (IDS) and regularly review logs for signs of unauthorized access or exploitation attempts.
5. Educate Stakeholders:
- Train employees, administrators, and end-users on recognizing phishing attempts and other common attack vectors.
---
Conclusion
CISA’s latest advisories underscore the growing cybersecurity threats facing Industrial Control Systems, particularly in sectors like healthcare and industrial automation. The vulnerabilities in WHILL wheelchairs and AzeoTech DAQFactory highlight the urgent need for organizations to prioritize cybersecurity measures. By reviewing the advisories, applying patches, and implementing robust security practices, stakeholders can mitigate risks and protect critical infrastructure from potential attacks.
For more details, visit the [CISA advisories page](https://www.cisa.gov/news-events/alerts/2025/12/30/cisa-releases-two-industrial-control-systems-advisories).
---
References
[^1]: CISA. "[CISA Releases Two Industrial Control Systems Advisories](https://www.cisa.gov/news-events/alerts/2025/12/30/cisa-releases-two-industrial-control-systems-advisories)". Retrieved 2025-01-24.
[^2]: WHILL. "Model C2 Electric Wheelchairs". Retrieved 2025-01-24.
[^3]: AzeoTech. "DAQFactory Data Acquisition Software". Retrieved 2025-01-24.