CISA Releases Seven Urgent ICS Security Advisories
August 12, 2025 • César Daniel Barreto
Image credit: Photo by Rebecca Wang / CC BY 4.0
Impact: Security teams should note, CISA’s dropped seven ICS advisories yesterday – it’s a mix from CAD software to railroad protocols. This isn’t just one vendor — there’s Johnson Controls access systems, AVEVA’s PI Integrator, and, notably, hospital PACS servers. scope is pretty wide since it hits multiple infrastructure sectors.
Of particular note are the iSTAR systems – access controls common in corporate facilities. Schneider’s EcoStruxure Expert got dinged too, and it monitors vital electrical infrastructure, though CISA says no public exploit yet (luckily). Two advisories are actually updates from earlier advisories this year — train protocols sound ominous but likely impact fewer organizations.
What’s frustrating is the medical angle — with Santesoft’s PACS server — those store medical images and often remain unsecured and outdated. Advisories reveal the timeline: most are fresh (25-224 series), yet there are updates till July 2025, indicating some vulnerabilities floated for months.
Bottom line: Teams running these systems should get those advisories, ASAP, and check versions. CISA’s pushing standard defense-in-depth, but each product’s got targeted mitigations – these require attention. I’d flag the power monitoring and access systems first, their blast radius is significant if breached.
César Daniel Barreto
César Daniel Barreto is an esteemed cybersecurity writer and expert, known for his in-depth knowledge and ability to simplify complex cyber security topics. With extensive experience in network security and data protection, he regularly contributes insightful articles and analysis on the latest cybersecurity trends, educating both professionals and the public.