Siemens, Schneider Electric, CISA Release May 2026 ICS Patch Tuesday Advisories
Siemens published 18 advisories including critical flaws in Sentron 7KT PAC1261 and Ruggedcom Rox, while Schneider Electric patched high-severity vulnerabilities in EcoStruxure Panel Server and EasyLogic RTU.
Siemens, Schneider Electric, and CISA have released new ICS security advisories for May 2026 Patch Tuesday, addressing dozens of vulnerabilities across industrial control systems. Siemens alone published 18 advisories, several of which describe critical flaws that could allow attackers to take over devices or execute arbitrary code.
Among the most severe issues is a critical vulnerability in the Sentron 7KT PAC1261 Data Manager that could enable device takeover. Another critical flaw in the Simatic S7 PLC web server involves cross-site scripting (XSS). The Ruggedcom Rox product is affected by a command execution vulnerability as root, along with old flaws in third-party components. Siemens also warned that its Ruggedcom APE1808 product is impacted by the recently disclosed Palo Alto Networks PAN-OS vulnerability (CVE-2025-0108), which has been exploited in the wild, possibly by Chinese state-sponsored hackers.
Other Siemens advisories cover critical issues in ROS# (arbitrary file access), Simatic CN4100 (over 300 third-party component flaws), and Opcenter RDnL (missing authentication). High-severity remote code execution vulnerabilities have been resolved in Simcenter Femap, Teamcenter, gPROMS Web Applications Publisher, and Ruggedcom Rox. A high-severity flaw in KACO Blueplanet inverters could lead to information disclosure, and users have been informed about a control panel escape issue affecting Simatic HMI Unified Comfort.
Schneider Electric published four new advisories. Three address high-severity vulnerabilities: sensitive information exposure in EcoStruxure Panel Server, unauthorized file access in EasyLogic T150 and Saitel DP RTU, and session hijacking in EasyLogic, PowerLogic, Easergy, and EcoStruxure products. A medium-severity information disclosure flaw has been patched in Ecostruxure Machine Expert HVAC.
CISA has published advisories for several ABB product vulnerabilities over the past two weeks. On Patch Tuesday, it also released advisories for security holes found in products from Subnet Solutions, Fuji Electric, Maxhub, and Johnson Controls. Germany’s CERT@VDE published a new advisory describing a medium-severity denial-of-service flaw in Codesys Modbus.
These advisories highlight the ongoing challenge of securing industrial control systems, which often run for years without updates. Organizations are urged to review the advisories and apply patches as soon as possible, especially for internet-facing devices. The inclusion of the PAN-OS vulnerability in Siemens products underscores the interconnected nature of modern ICS environments and the need for comprehensive vulnerability management.