Organizations leveraging the Rockwell Automation Industrial Data Center, Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, and Hitachi Energy MicroSCADA Pro/X SYS600 have been urged by Cyble to remediate various critical and high-severity software vulnerabilities, Infosecurity Magazine reports.
Most severe of all the mentioned flaws is the untrusted Veeam Backup and Replication data deserialization bug, tracked as CVE-2025-23120, which could be leveraged to enable remote code execution in Rockwell Automation IDC, according to a post from Cyble. On the other hand, Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras have been impacted by the weak password requirement flaw, tracked as CVE-2025-25211, and forced browsing issue, tracked as CVE-2025-26689, which could be exploited to allow unauthorized access and data tampering, respectively. Meanwhile, Hitachi Energy MicroSCADA Pro/X SYS600 is affected by the high-severity vulnerabilities, tracked as CVE-2024-4872 and CVE-2024-3980, which could be abused for code injection and session takeovers, respectively. "Given the critical role of SCADA, DCS, and MES systems, immediate mitigationincluding patching, authentication hardening, and access restrictionsis essential to prevent exploitation," said Cyble.
Most severe of all the mentioned flaws is the untrusted Veeam Backup and Replication data deserialization bug, tracked as CVE-2025-23120, which could be leveraged to enable remote code execution in Rockwell Automation IDC, according to a post from Cyble. On the other hand, Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras have been impacted by the weak password requirement flaw, tracked as CVE-2025-25211, and forced browsing issue, tracked as CVE-2025-26689, which could be exploited to allow unauthorized access and data tampering, respectively. Meanwhile, Hitachi Energy MicroSCADA Pro/X SYS600 is affected by the high-severity vulnerabilities, tracked as CVE-2024-4872 and CVE-2024-3980, which could be abused for code injection and session takeovers, respectively. "Given the critical role of SCADA, DCS, and MES systems, immediate mitigationincluding patching, authentication hardening, and access restrictionsis essential to prevent exploitation," said Cyble.
