Siemens HyperLynx and Industrial Edge App Publisher

Act NowCVSS 8.1ICS-CERT ICSA-25-289-10Oct 14, 2025

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens HyperLynx and Industrial Edge App Publisher contain a type confusion vulnerability in the embedded Google Chrome engine (affects versions prior to Chrome 138.0.7204.96). A remote attacker could execute arbitrary code by crafting a malicious HTML page and convincing a user to open it. HyperLynx currently has no fix; Industrial Edge App Publisher has been patched in version 1.23.5. The vulnerability is actively exploited.

What this means

What could happen

An attacker could execute arbitrary code on HyperLynx and Industrial Edge App Publisher devices by tricking a user into opening a malicious HTML page, potentially compromising the systems that manage or interact with your industrial control processes.

Who's at risk

Manufacturing plants and facilities using Siemens HyperLynx (design and analysis software) or Industrial Edge App Publisher (edge computing platform) for process control, automation design, or edge application deployment. This primarily affects engineering teams, system administrators, and automation personnel who interact with these tools.

How it could be exploited

An attacker creates a malicious HTML page that exploits a type confusion flaw in the Chromium engine embedded in these products. The attacker tricks a user (likely an engineer or administrator) into opening or clicking the page via email or web link. The browser vulnerability then allows code execution with the privileges of the application.

Prerequisites

User interaction required—the targeted user must open a malicious HTML page or click a malicious link
Network access to deliver the malicious page (email, web server, or other delivery method)
Affected product must be installed and the user must have access to open web content in the application

remotely exploitableactively exploited (KEV)user interaction required (not fully unauthenticated)no patch available for HyperLynxaffects tools used in safety-critical design and deployment

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (8 repositories)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

HyperLynx< 2510.00012510.0001

Industrial Edge App Publisher< 1.23.51.23.5

Remediation & Mitigation

0/5

Do now

0/3

Industrial Edge App Publisher

HOTFIXUpdate Industrial Edge App Publisher to version 1.23.5 or later

HyperLynx

WORKAROUNDFor HyperLynx, restrict network access and disable or limit users' ability to open external HTML content or web links until a patch is available

All products

HARDENINGEducate users not to click web links or open attachments from unsolicited emails, especially those requesting to view files or pages

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HyperLynx

HARDENINGEnsure HyperLynx and Industrial Edge App Publisher systems are not directly accessible from the internet

Long-term hardening

0/1

HyperLynx

HARDENINGSegment HyperLynx and Industrial Edge App Publisher systems from your main business network using firewalls and access controls

CVEs (1)

CVE-2025-6554

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b2a9abc2-0242-4f5e-a766-e2ac60083145

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.