CISA Issues Multiple ICS Advisories for Critical Vulnerabilities
CISA has issued multiple ICS advisories for critical vulnerabilities in IP cameras, GNSS receivers, booking systems, and network analysis tools.
CISA has released a series of Industrial Control Systems (ICS) advisories detailing critical vulnerabilities in various products. These include authentication bypass and information disclosure flaws in the Hangzhou Xiongmai XM530 IP Camera (CVE-2025-65856), the Carlson Software VASCO-B GNSS Receiver (CVE-2026-3893), the SpiceJet Online Booking System (CVE-2026-6375, CVE-2026-6376), and an XML external entity (XXE) vulnerability in NSA's GRASSMARLIN (CVE-2026-6807) [CISA].
These vulnerabilities pose significant risks, with some allowing remote attackers to bypass authentication, access sensitive information, or disrupt critical system operations. The affected products are deployed across various sectors, including commercial facilities, critical manufacturing, and transportation, making them high-value targets for malicious actors seeking to disrupt infrastructure.
Users and administrators are urged to review the specific advisories on the CISA ICS website for mitigation strategies and available patches. In many cases, organizations should restrict network access to these devices and implement robust authentication controls to prevent unauthorized exploitation while awaiting vendor-supplied firmware updates.