New Critical ICS Vulnerabilities - 20251017001

Overview

CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors.

What is vulnerable?

Critical Severity

Vendor	CVE	CVSS	Severity
SIEMENS	CVE-2025-40771 CVE-2025-40765	9.8 9.8	Critical Critical

Recommendation

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• CISA: https://www.cisa.gov/news-events/alerts/2025/10/16/cisa-releases-thirteen-industrial-control-systems-advisories