Industrial Control Systems: Iskra iHUB Remains Without Security Patch for Now
Important security updates have been released for some industrial control and automation systems, such as those from Mitsubishi.
(Image: Sashkin/Shutterstock.com)
Industrial Control Systems (ICS), especially in critical infrastructures, are considered particularly worthy of protection. Consequently, admins should install security patches quickly. In a current case, however, there is currently no update, and the vulnerability remains open.
Threatened ICS
The US Cybersecurity & Infrastructure Security Agency (CISA) lists security vulnerabilities in Industrial Video & Control Longwatch, Iskra iHUB and iHUB Lite, Mirion Medical EC2 Software NMIS BioDose, Mitsubishi Electric CNC Series, and Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series in a post. These ICS are used worldwide in sectors including energy.
No Patch in Sight
A "critical" vulnerability (CVE-2025-13510) in Iskra iHUB and iHUB Lite is particularly noteworthy. Because there is no authentication in the context of system settings, a remote attacker can manipulate systems without logging in. CISA states that it has contacted the software manufacturer. However, according to the agency, there has been no response to the request so far, and the critical vulnerability remains for the time being. To minimize the risk of an attack, systems should not be publicly accessible via the internet, among other things.
Further Security Vulnerabilities
Malicious code can get onto systems through a "critical" vulnerability (CVE-2025-13658) in Industrial Video & Control Longwatch. The version 6.335 is equipped to handle this. In Mirion Medical EC2 Software NMIS BioDose, attackers can manipulate executable files, for example. Here, version V23.0 provides a remedy.
Videos by heise
Further information on the vulnerabilities and security updates is provided by CISA in a post.
(des)
