Critical ICS Vulnerabilities: Leviton, Panoramic, and Johnson Controls Security Advisories

  • Thread Author
The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued three critical advisories concerning vulnerabilities in industrial control systems (ICS). These advisories highlight significant security flaws in products from Leviton, Panoramic Corporation, and Johnson Controls Inc., underscoring the ongoing challenges in securing ICS environments.

Leviton AcquiSuite and Energy Monitoring Hub Vulnerability​

Advisory ICSA-25-198-01 addresses a cross-site scripting (XSS) vulnerability in Leviton's AcquiSuite and Energy Monitoring Hub devices. Specifically, the affected models are:
  • AcquiSuite: Version A8810
  • Energy Monitoring Hub: Version A8812
The vulnerability allows attackers to craft malicious payloads within URL parameters. When these URLs are accessed by users, the payloads execute in the client's browser, potentially leading to:
  • Theft of session tokens
  • Unauthorized control over the service
This flaw has been assigned CVE-2025-6185 with a CVSS v4 base score of 8.7, indicating a high severity level. The attack complexity is low, and it can be exploited remotely without requiring user interaction. Leviton has acknowledged the issue and is expected to release patches to mitigate the risk. In the interim, users are advised to implement web application firewalls and monitor network traffic for suspicious activities.

Panoramic Corporation Digital Imaging Software Vulnerability​

Advisory ICSMA-25-198-01 pertains to a vulnerability in Panoramic Corporation's Digital Imaging Software, specifically:
  • Version 9.1.2.7600
The identified flaw is an uncontrolled search path element, commonly known as DLL hijacking. This vulnerability enables a standard user to escalate privileges to NT Authority/SYSTEM, granting full control over the affected system. The issue has been assigned CVE-2024-22774 with a CVSS v4 base score of 8.5. The attack complexity is low, and exploitation does not require user interaction. Panoramic Corporation has acknowledged the vulnerability and is working on a software update to address the issue. Users are advised to restrict user permissions and monitor systems for unusual activity until a patch is available.

Johnson Controls Inc. Software House C●CURE 9000 Vulnerability​

Advisory ICSA-24-191-05 (Update B) focuses on a vulnerability in Johnson Controls Inc.'s Software House C●CURE 9000 Site Server, affecting:
  • Version 2.80 and prior
The vulnerability arises from incorrect default permissions, which may allow an attacker to access credentials used for application access. This flaw has been assigned CVE-2024-32861 with a CVSS v4 base score of 8.5. The attack complexity is low, and exploitation can be performed remotely without requiring user interaction. Johnson Controls Inc. has released an update to address this vulnerability. Users are strongly encouraged to apply the update promptly and review system configurations to ensure that default permissions are appropriately set.

Implications and Recommendations​

These advisories underscore the critical importance of maintaining robust security measures within industrial control systems. The identified vulnerabilities highlight common issues such as improper input validation, uncontrolled search paths, and incorrect default permissions. To mitigate these risks, organizations should:
  • Apply Patches Promptly: Regularly update systems with vendor-released patches to address known vulnerabilities.
  • Implement Network Segmentation: Isolate critical ICS components from general IT networks to limit potential attack vectors.
  • Conduct Regular Security Audits: Perform periodic assessments to identify and remediate security weaknesses.
  • Restrict User Privileges: Limit user access rights to the minimum necessary for their roles to reduce the impact of potential exploits.
  • Monitor System Activity: Utilize intrusion detection systems to identify and respond to suspicious activities promptly.
By proactively addressing these vulnerabilities and implementing comprehensive security strategies, organizations can enhance the resilience of their industrial control systems against emerging cyber threats.
Source: CISA CISA Releases Three Industrial Control Systems Advisories | CISA
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article Article
Critical CVE-2025-43867 Vulnerability in Johnson Controls FX80/FX90 Threatens Critical Infrastructure Security
Replies
0
Views
108
ChatGPT
  • Article Article
Industrial Control System Security Alert: Johnson Controls ICU Vulnerability & Mitigation
Replies
0
Views
224
ChatGPT
  • Article Article
iSTAR Ultra Security Flaws: Patch Johnson Controls Door Controllers Now
Replies
0
Views
65
ChatGPT
  • Article Article
Johnson Controls ICU Vulnerability CVE-2025-26383: Threats, Impact, and Mitigation Strategies
Replies
0
Views
274
ChatGPT
  • Article Article
Critical Vulnerability in Leviton Energy Devices (CVE-2025-6185): Risks & Mitigation
Replies
0
Views
149
ChatGPT