Siemens HyperLynx and Industrial Edge App Publisher
Act Now8.1ICS-CERT ICSA-25-289-10Oct 14, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Siemens HyperLynx and Industrial Edge App Publisher are affected by a type confusion vulnerability in Google Chrome (prior to version 138.0.7204.96). A remote attacker can perform arbitrary code execution by tricking a user into opening a crafted HTML page. Siemens has released a fix for Industrial Edge App Publisher (version 1.23.5 or later), but no fix is currently available for HyperLynx. This vulnerability is actively being exploited.
What this means
What could happen
An attacker could trick a user into clicking a malicious link or opening a crafted HTML page, leading to arbitrary code execution on HyperLynx or Industrial Edge App Publisher systems. This could allow an attacker to run commands on the affected device and potentially alter industrial operations or steal sensitive data.
Who's at risk
Manufacturing organizations using Siemens HyperLynx (an industrial circuit analysis and simulation tool used by design engineers) and Siemens Industrial Edge App Publisher (used to develop and deploy edge computing applications) should assess their exposure. HyperLynx is typically used on engineering workstations; Industrial Edge App Publisher runs on edge computing infrastructure. Both are at risk if accessible from untrusted networks or if users are targeted with social engineering.
How it could be exploited
The vulnerability is in Google Chrome's type confusion handling. An attacker crafts a malicious HTML page and tricks a user into opening it (via phishing, social engineering, or watering hole attack). When the user's browser renders the page, the type confusion flaw allows the attacker's code to execute with the privileges of the HyperLynx or Industrial Edge App Publisher application.
Prerequisites
- User must click a malicious link or open a crafted HTML page in the affected product
- The product must be accessible to receive web requests (typically from engineering workstations or management networks)
Actively exploited (KEV)Remotely exploitableUser interaction required (clicking malicious link)Affects industrial engineering tools and edge computing infrastructureNo patch available for HyperLynx
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
HyperLynx< 2510.00012510.0001
Industrial Edge App Publisher< 1.23.51.23.5
Remediation & Mitigation
0/5
Do now
0/4Industrial Edge App Publisher
HOTFIXUpdate Industrial Edge App Publisher to version 1.23.5 or later
HyperLynx
HARDENINGFor HyperLynx, apply network access restrictions: place device behind firewall, disable unnecessary remote access, and segment from business networks until patch is available
WORKAROUNDConfigure firewall rules to restrict web traffic to HyperLynx and Industrial Edge App Publisher only from trusted engineering workstations
HARDENINGTrain users not to click untrusted links or open unsolicited attachments, especially those directing to HyperLynx or Industrial Edge App Publisher interfaces
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate control system networks from business and internet-facing networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b2a9abc2-0242-4f5e-a766-e2ac60083145