Industrial control systems: Updates close malware loopholes

Admins of industrial control systems (ICS) should update their instances of Delta Electronics, National Instruments, and Samsung to the latest version as soon as possible. The developers have closed several security gaps in the recently released versions. Without the patches, attackers could, in the worst case, execute malicious code. It is not yet known whether there are already attacks.

ICS often control sensitive processes in critical infrastructures. Attacks in this area can have serious consequences. Admins should therefore react quickly. The US security authority Cybersecurity & Infrastructure Security Agency (CISA) warns of the vulnerabilities in several articles.

The dangers

The graphical programming system LabVIEW from National Instruments, for example, is specifically at risk. According to the security section of the provider's website, attackers can use five vulnerabilities (CVE-2025-2633 “high,” CVE-2025-2634 “high,” CVE-2025-7361 “high,” CVE-2025-7848 “high,” CVE-2025-7849 “high”) to push malicious code onto systems and execute it. Such an attack usually leads to the complete compromise of computers.

For this to succeed, attackers must provoke memory errors in an unspecified way to be able to execute their code. The developers ensure that LabVIEW 2025 Q3 is equipped against such attacks.

DTN Soft from Delta Electronics is vulnerable. Malicious code can also reach systems at this point (CVE-2025-53416 “high”). The DTN Soft 2.1.0 and DTM Soft 1.6.0.0 versions contain security patches.

Samsung's HVAC DMS software management platform is vulnerable in several ways. At these points, attackers can delete files (CVE-2025-53082 “high”) and execute their code (CVE-2025-53078 “high”), among other things. Admins must contact Samsung support for security patches.

(des)