The Cybersecurity and Infrastructure Safety Company (CISA) launched three Industrial Management Programs (ICS) advisories on August 26, 2025, detailing 9 essential vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5).
A number of flaws in Schneider Electrical Modicon M340 controllers (CVSS v4 scores as much as 9.1), and several other points in Danfoss AK-SM 8xxA Sequence drives (CVSS v3.1 scores as much as 9.0). Quick mitigations are urged to stop distant code execution and unauthorized entry.
INVT VT-Designer and HMITool Vulnerabilities
The primary advisory (ICSA-25-238-01) covers 9 memory-corruption and type-confusion flaws in INVT’s VT-Designer 2.1.13 and HMITool 7.1.011. Exploitation requires consumer interplay however can yield arbitrary code execution at excessive privileges:
- CVE-2025-7223 by way of CVE-2025-7226: Out-of-bounds write in HMITool (CVSS v3.1 7.8; CVSS v4 8.5)
- CVE-2025-7227 by way of CVE-2025-7229, CVE-2025-7231: Out-of-bounds write in VT-Designer (CVSS v3.1 7.8; CVSS v4 8.5)
- CVE-2025-7230: Sort-confusion in VT-Designer (CVSS v3.1 7.8; CVSS v4 8.5)
These vulnerabilities affect essential infrastructure sectors worldwide, together with Vitality, IT, Transportation, and Manufacturing.
CISA urges community segmentation, firewall isolation, VPN hardening, and strict entry controls to mitigate danger.
Schneider Electrical Modicon M340 Controller Flaws
The second advisory (ICSA-25-238-03) identifies remote-accessible buffer overflows and improper entry management in Schneider Electrical Modicon M340 controllers and communication modules. Key CVEs embody:
- CVE-2025-7241, CVE-2025-7242: Stack-based buffer overflow in Ethernet port handler (CVSS v3.1 8.3; CVSS v4 9.1)
- CVE-2025-7243: Heap-based overflow by way of malformed Modbus packets (CVSS v3.1 8.6; CVSS v4 9.0)
- CVE-2025-7244: Improper authentication bypass on internet administration interface (CVSS v3.1 7.5; CVSS v4 8.2)
Profitable exploitation can permit unauthorized code execution or configuration modifications, posing important operational dangers.
Distributors have launched firmware updates; customers should validate firmware variations ≥ 2.3.5-B for M340 CPU and modules.
Danfoss AK-SM 8xxA Sequence Drive Vulnerabilities
The third advisory (ICSA-25-140-03 Replace A) covers a number of vulnerabilities in Danfoss AK-SM 8xxA Sequence variable-frequency drives. Notable CVEs are:
- CVE-2025-7310: Out-of-bounds learn in Modbus/TCP parser (CVSS v3.1 7.2)
- CVE-2025-7311: Improper enter validation in serial interface (CVSS v3.1 6.8)
- CVE-2025-7312: Authentication bypass in FTP administration module (CVSS v3.1 7.9)
These may allow distant monitoring or alteration of drive parameters, affecting industrial operations. Danfoss launched firmware patch 1.12.0 addressing all points; fast updates are advisable.
CISA strongly advises asset house owners to use vendor patches, isolate ICS networks, implement least-privilege entry, and monitor for exploit makes an attempt. Detailed mitigations and greatest practices can be found on the CISA ICS webpage.
Discover this Information Fascinating! Observe us on Google Information, LinkedIn, and X to Get Instantaneous Updates!
