New ICS Critical Vulnerabilities - 20251024002

Overview

CISA has released multiple critical advisories for Industrial Control Systems (ICS) related vendors.

What is vulnerable?

Critical Severity

Vendor	CVE #	CVSS	Severity
ASKI Energy	CVE-2025-9574	9.9	Critical
Veeder-Root	CVE-2025-58428	9.9	Critical

What has been observed?

The WASOC has observed reports for one or more of the mentioned items being exploited in the wild. The WASOC has not received any reports of exploitation of these vulnerabilities on Western Australian Government networks at the time of writing.

Recommendation

The WASOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices.

• CISA: https://www.cisa.gov/news-events/alerts/2025/10/23/cisa-releases-eight-industrial-control-systems-advisories

Additional References

• CypherSecurity article: https://cipherssecurity.com/cisa-atg-fuel-tank-cyberattacks-veeder-root/

Change Log

• 2025-10-24: Initial publication.
• 2026-06-18: Added observations of exploitation in the wild.