CISA issued urgent security advisories Thursday covering vulnerabilities in devices from Honeywell, Medtronic, Mitsubishi, LG, and Network Thermostat that could allow attackers to execute malicious code or gain administrative access. The flaws affect critical infrastructure including manufacturing equipment, WiFi thermostats in commercial buildings, patient monitors, and security cameras.
Most concerning is a Network Thermostat vulnerability (CVE-2025-6260) with a 9.8 severity score that lets attackers reset credentials remotely. Medtronic's patient monitors contain three vulnerabilities requiring physical access, while Mitsubishi's manufacturing equipment faces DLL hijacking risks. Companies have released patches for most devices, though some older products won't receive fixes.
Source: Industrial Cyber