CVE-2025-52601 Hardcoding sensitive information

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

CVE-2025-52601

Hanwha Vision cameras exposed by CVE-2025-52601 contain a hard-coded cryptographic key in Device Manager, enabling an attacker with local access to decrypt sensitive information. The vulnerability is described as a hard-coded key for sensitive data, with a patch firmware released by the manufactu...

CVE-2025-52600

CVE-2025-52600 affects Hanwha Vision cameras; vulnerability in camera video analytics due to improper input validation could allow a remote attacker to execute commands on the host PC. Patch firmware has been released by the manufacturer. Connected Nessus/NVD entries reiterate the same descriptio...

EUVD-2025-205422

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2025-52599 Inadequate account permissions management

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2025-52599

CVE-2025-52599 – Hanwha Vision cameras are affected by inadequate permission management for the guest camera account. The manufacturer has released a patch firmware; apply it per the vendor report/workarounds. CVSS metrics in the description indicate a MEDIUM severity, with network attack vector,...

CVE-2025-52598 Insufficient certificate validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2025-52598

CVE-2025-52601 involves Hanwha Vision cameras where the Device Manager contains a hard-coded cryptographic key used for sensitive data. This design flaw enables an attacker to decrypt protected information. The Tenable/ Nessus entries summarize the issue and note that the manufacturer has release...

PT-2025-53445

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate permission management exists for the camera guest account. The issue affects Industrial Control Systems ICS and OT/IoT security. The manufacturer has released a patch...

PT-2025-53450

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate validation of incoming XML format request messages can allow for cross-site scripting XSS attacks on a user's browser. The vulnerability affects Industrial Control Systems...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS Advisory. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems Update B CISA encourages users and administrators to...

An Evidence-Driven Analysis of Threat Information Sharing Challenges for Industrial Control Systems and Future Directions

The increasing cyber threats to critical infrastructure highlight the importance of private companies and government agencies in detecting and sharing information about threat activities. Although the need for improved threat information sharing is widely recognized, various technical and...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor...

National Instruments LabView

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Rockwell Automation Micro820, Micro850, Micro870

RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...

Hitachi Energy AFS, AFR and AFF Series

RISK EVALUATION Successful exploitation of this vulnerability could compromise the integrity of the product data and disrupt its availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Güralp Systems Fortimus Series, Minimus Series, and Certimus Series

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...

Johnson Controls PowerG, IQPanel and IQHub (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

CVE-2025-43873

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-02 2025-12-17 17:27:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ma76nsevgv2r...

CVE-2025-66584

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03...