VYPR
patchPublished Jul 15, 2026· 1 source

Siemens, Schneider, Rockwell Address Critical ICS Vulnerabilities in July Patch Tuesday

Industrial giants Siemens, Schneider Electric, and Rockwell Automation have released advisories detailing numerous vulnerabilities, including critical flaws, in their Industrial Control System (ICS) products.

Industrial automation leaders Siemens, Schneider Electric, and Rockwell Automation have published their July 2026 Patch Tuesday advisories, informing customers about a significant number of vulnerabilities discovered and addressed within their Industrial Control System (ICS) product lines. These updates are crucial for maintaining the security and operational integrity of critical infrastructure and manufacturing environments worldwide.

Siemens issued nine new advisories, with six highlighting critical vulnerabilities based on their CVSS scores. Notably, a token invalidation vulnerability in Opencenter X received a perfect CVSS score of 10, enabling attackers to bypass authentication and gain complete control over the application. The company also patched critical security holes in Mendix, Sidis Secured SmartPlug, Simatic S7-1500, Cadra, and Desigo CC. These vulnerabilities, some stemming from third-party components, could be exploited for denial-of-service (DoS) attacks, arbitrary code execution, sensitive data exfiltration, and privilege escalation.

Beyond critical issues, Siemens also addressed high-severity vulnerabilities across a range of products, including Simatic S7-PLCSIM, Ruggedcom APE1808, Comos, Designcenter, Simcenter, Solid Edge, and Tecnomatrix. These patches are part of Siemens' ongoing commitment to securing its extensive portfolio of industrial solutions against evolving cyber threats.

Schneider Electric released two new advisories. One focuses on a high-severity vulnerability within its Interactive Graphical SCADA System (IGSS) product, where specially crafted files could be used by attackers to execute arbitrary code. The second advisory details a high-severity authentication bypass flaw in EcoStruxure Cybersecurity Admin Expert, which a local attacker could exploit to compromise managed devices, underscoring the need for robust access controls.

Rockwell Automation was particularly active, publishing twelve new advisories. Two of these address critical vulnerabilities. A critical flaw in the 1715 Redundant IO product allows unauthenticated attackers to execute intrusive CLI commands, enabling them to manipulate system files, halt processes, alter I/O states, and modify memory. Furthermore, Rockwell patched three critical DoS vulnerabilities in its CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers, which could lead to major, non-recoverable faults.

In addition to the critical fixes, Rockwell also addressed high-severity vulnerabilities in products such as Flex 5000 Adapter, FactoryTalk DataMosaix, FactoryTalk Services Platform, Arena, ThinManager, Studio 5000 Logix Designer, and various communication modules like 1756-EN, 1734 POINT I/O, and 1719-AENTR. These updates are vital for ensuring the stability and security of automation systems.

While ABB and Mitsubishi Electric did not issue new advisories this specific Patch Tuesday, they have recently informed customers about new flaws, including critical and high-severity issues. CISA and Germany's VDE CERT have also distributed advisories related to these vendors and others, such as Murrelektronik, Mettler Toledo, Codesys, and Wago, highlighting a broad industry-wide effort to address ICS security.

These collective updates from major ICS vendors underscore the persistent and evolving threat landscape targeting operational technology. Organizations relying on these systems must prioritize applying these patches and implementing robust security practices to protect against potential disruptions and cyberattacks.

Synthesized by Vypr AI