ICS Patch Tuesday: Siemens, Schneider Electric, Phoenix Contact Address Multiple Vulnerabilities
Siemens, Schneider Electric, and Phoenix Contact have released patches for numerous vulnerabilities affecting their industrial control systems (ICS) products, as part of the monthly ICS Patch Tuesday.
The latest ICS Patch Tuesday has seen significant updates from major industrial automation vendors, including Siemens, Schneider Electric, and Phoenix Contact. These companies have collectively released advisories detailing patches for a range of vulnerabilities that could impact the security and reliability of operational technology (OT) environments.
Siemens, a key player in industrial solutions, issued four new advisories this month. The company addressed critical issues within its Sinec INS product, patching vulnerabilities that allowed for authenticated command execution, information disclosure, privilege escalation, and password exposure. Additionally, Siemens resolved a denial-of-service (DoS) and potential code execution flaw in its Siprotec 5 devices, and a sensitive information exposure weakness in WinCC Certificate Manager. Notably, Siemens also patched CVE-2025-15467, an OpenSSL vulnerability with remote code execution capabilities, across a broad spectrum of its products including Scalance, Simatic, Sinamics, and Sinec.
Schneider Electric contributed three new advisories to this month's Patch Tuesday. Their updates cover denial-of-service and command execution vulnerabilities affecting PowerLogic P7 devices. The company also addressed credential exposure issues in the EasyLogic T150 and Saitel DP Remote Terminal Unit & Controller, alongside an information disclosure vulnerability within EcoStruxure IT Data Center Expert. These patches aim to secure critical infrastructure components managed by Schneider Electric's extensive product lines.
Phoenix Contact provided one new advisory, focusing on an unauthenticated log download vulnerability. This flaw impacts the firmware of their CHARX SEC-3xxx charging controllers, potentially allowing unauthorized access to system logs. While seemingly less severe than some other disclosed vulnerabilities, it highlights the ongoing need for vigilance in securing even peripheral OT components.
Beyond vendor-specific releases, CISA and Germany's VDE CERT have also played a role in disseminating information. CISA alerted organizations to previously disclosed vulnerabilities affecting Schneider and Siemens products, reinforcing the importance of timely patching. VDE CERT, meanwhile, released its own advisories concerning security holes in LabX Standard and MBS products, underscoring the collaborative effort required to secure the ICS landscape.
While Rockwell Automation did not issue new security advisories, the company announced enhancements to its SecureOT solution suite, including updates to its OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services, and Managed Secure Remote Access (MSRA). These enhancements reflect a broader industry trend towards integrated security solutions and managed services for OT environments.
Other major vendors like ABB and Mitsubishi Electric have also been active, publishing several new advisories over the past month. The cumulative effect of these monthly patch cycles is crucial for maintaining the security posture of industrial control systems, which are increasingly targeted by sophisticated threat actors. The ongoing focus on ICS security is driven by the potential for significant disruption to critical infrastructure and industrial operations.