CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers. These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical infrastructure sectors. The disclosures underscore escalating risks to operational technology (OT) environments, where successful exploitation […] The post CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers.
These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical infrastructure sectors.
The disclosures underscore escalating risks to operational technology (OT) environments, where successful exploitation could enable remote code execution, denial-of-service (DoS) attacks and operational disruption.
Delta Electronics CNCSoft-G2 Vulnerabilities (ICSA-24-191-01)
The Delta Electronics CNCSoft-G2 advisory details four memory corruption vulnerabilities (CVE-2024-39880 to CVE-2024-39883) affecting versions prior to 2.1.0.10.
These flaws, discovered by Trend Micro’s Zero Day Initiative (ZDI), stem from improper validation of user-supplied data in the parsing of DPAX files—a proprietary format used in computer numerical control (CNC) systems.
Attackers can exploit these vulnerabilities by tricking users into opening malicious files or visiting compromised web pages, leading to:
- Stack-based buffer overflow (CVE-2024-39880): Allows arbitrary code execution via crafted input exceeding fixed buffer limits.
- Out-of-bounds write (CVE-2024-39881): Enables memory corruption by writing data beyond allocated boundaries.
- Out-of-bounds read (CVE-2024-39882): Permits unauthorized access to sensitive memory contents.
- Heap-based buffer overflow (CVE-2024-39883): Triggers code execution via manipulated heap allocations.
All vulnerabilities carry a CVSS v4 base score of 8.4, reflecting high exploitability and impact.
Mitigation requires updating to CNCSoft-G2 v2.1.0.10 and isolating control systems from untrusted networks.
Rockwell Automation GuardLogix Controllers (ICSA-25-035-02)
The Rockwell Automation GuardLogix 5380 and 5580 advisory addresses CVE-2025-24478, a DoS vulnerability in firmware versions prior to V33.017, V34.014, V35.013, and V36.011.
The flaw arises from improper handling of exceptional conditions in CIP (Common Industrial Protocol) message processing.
Remote, non-privileged attackers can send malicious requests to trigger a major nonrecoverable fault (MNRF), forcing controllers into a halted state and requiring manual reinitialization.
With a CVSS v3.1 score of 6.5 and v4 score of 7.1, the vulnerability poses significant risks to industrial automation systems reliant on continuous operation.
Rockwell recommends updating firmware, restricting network access via CIP Security, and implementing VPNs for remote connections.
Mitigation Strategies and Broader Implications
CISA emphasizes proactive measures to mitigate risks:
- Network Segmentation: Isolate ICS devices from corporate IT networks and the internet.
- Patch Management: Apply vendor-supplied updates immediately. Delta Electronics and Rockwell have released patches for their respective systems.
- Defense-in-Depth: Deploy firewalls, intrusion detection systems (IDS), and application allowlisting.
- Secure Remote Access: Use VPNs with multi-factor authentication (MFA) and audit access logs.
The advisories arrive amid heightened scrutiny of OT security following high-profile attacks on critical infrastructure.
As noted in CISA’s alert, “These vulnerabilities could be exploited by threat actors to disrupt essential services, emphasizing the need for rapid remediation”.
CISA’s latest advisories highlight persistent vulnerabilities in industrial control systems, urging immediate action to safeguard critical infrastructure.
Exploits require low attack complexity, so organizations must prioritize firmware updates, network hardening, and adherence to frameworks like NIST SP 800-82 for ICS security.
As adversarial tactics evolve, collaboration between vendors, auditors, and federal agencies remains critical to maintaining resilience in an increasingly connected industrial landscape.
The post CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities appeared first on Cyber Security News.