---
title: "CISA Issues Urgent Alert: 7 Critical ICS Vulnerabilities Exposed"
short_title: "CISA warns of 7 critical ICS vulnerabilities"
description: "CISA releases seven Industrial Control Systems advisories highlighting severe vulnerabilities. Learn about affected systems, risks, and mitigation steps to secure critical infrastructure."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [ics, cisa, vulnerabilities, critical-infrastructure, cybersecurity]
score: 0.85
cve_ids: []
---
TL;DR
The Cybersecurity and Infrastructure Security Agency (CISA) has released seven advisories addressing critical vulnerabilities in Industrial Control Systems (ICS). These flaws affect products from Güralp Systems, Johnson Controls, Hitachi Energy, Mitsubishi Electric, and Fuji Electric. Organizations using these systems are urged to review the advisories and apply mitigations immediately to prevent potential exploitation.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has published seven new Industrial Control Systems (ICS) advisories, highlighting vulnerabilities that could expose critical infrastructure to cyber threats. These advisories provide timely insights into security issues, exploits, and mitigation strategies for affected systems. Given the increasing frequency of attacks on ICS, organizations must prioritize addressing these vulnerabilities to safeguard their operations.
Key Points
- CISA released seven ICS advisories covering vulnerabilities in products from Güralp Systems, Johnson Controls, Hitachi Energy, Mitsubishi Electric, and Fuji Electric.
- The advisories include newly identified flaws and updates to previously disclosed vulnerabilities.
- Affected systems are widely used in energy, manufacturing, and critical infrastructure sectors.
- Users and administrators are strongly encouraged to review the advisories and implement recommended mitigations.
---
Affected Systems
The following systems and products are impacted by the vulnerabilities outlined in the advisories:
1. Güralp Systems FMUS (Fortimus) Series and MIN (Minimus) Series – [ICSA-25-350-01](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-01)
2. Johnson Controls PowerG, IQPanel, and IQHub – [ICSA-25-350-02](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02)
3. Hitachi Energy AFS, AFR, and AFF Series – [ICSA-25-350-03](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-03)
4. Mitsubishi Electric GT Designer3 – [ICSA-25-350-04](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-04)
5. Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C) – [ICSA-25-140-04](https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04)
6. Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, and iSTAR Edge G2 (Update A) – [ICSA-25-224-02](https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-02)
7. Fuji Electric Monitouch V-SFT-6 (Update A) – [ICSA-25-308-01](https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01)
---
Impact Assessment
Industrial Control Systems are the backbone of critical infrastructure, including energy, water, manufacturing, and transportation sectors. Exploitation of these vulnerabilities could lead to:
- Unauthorized access to sensitive systems and data.
- Disruption of operations, leading to financial losses and safety risks.
- Remote code execution (RCE), allowing attackers to take control of affected systems.
- Lateral movement within networks, enabling attackers to compromise additional assets.
Given the high stakes involved, organizations must treat these advisories with urgency and prioritize patching and mitigation efforts.
---
Mitigation Steps
CISA recommends the following actions to mitigate the risks associated with these vulnerabilities:
1. Review the Advisories: Visit the [CISA ICS Advisories page](https://www.cisa.gov/news-events/ics-advisories) for detailed technical information and mitigation guidance.
2. Apply Patches: Install updates and patches provided by the vendors as soon as they become available.
3. Segment Networks: Isolate ICS networks from corporate networks to limit exposure to potential threats.
4. Monitor for Suspicious Activity: Implement continuous monitoring to detect and respond to anomalous behavior.
5. Restrict Access: Limit access to ICS systems to authorized personnel only and enforce strong authentication measures.
---
Conclusion
The release of these seven ICS advisories underscores the growing threats facing critical infrastructure. Organizations must act swiftly to assess their exposure, apply mitigations, and strengthen their defenses against potential cyberattacks. Failure to address these vulnerabilities could result in severe operational disruptions, financial losses, and compromised safety.
Stay vigilant, prioritize cybersecurity, and leverage CISA’s resources to protect your systems from emerging threats.
---
References
[^1]: CISA. "[CISA Releases Seven Industrial Control Systems Advisories](https://www.cisa.gov/news-events/alerts/2025/12/16/cisa-releases-seven-industrial-control-systems-advisories)". Retrieved 2025-01-24.
[^2]: Güralp Systems. "[FMUS (Fortimus) Series and MIN (Minimus) Series Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-01)". Retrieved 2025-01-24.
[^3]: Johnson Controls. "[PowerG, IQPanel, and IQHub Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02)". Retrieved 2025-01-24.
[^4]: Hitachi Energy. "[AFS, AFR, and AFF Series Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-03)". Retrieved 2025-01-24.