Major ICS Vendors Coordinate Security Disclosures
Eight of the world's leading industrial automation and control system vendors — Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa — have each published new security advisories in the period following the previous Patch Tuesday. The wave of disclosures underscores the ongoing challenge of securing operational technology environments, which increasingly intersect with enterprise IT networks and internet-connected infrastructure.
Siemens: Nine New Advisories Including Critical Wi-Fi Flaws
Siemens led the pack with nine new advisories. The only advisories carrying a critical severity rating relate to older Wi-Fi vulnerabilities affecting Scalance W-700 devices. On the high-severity front, Siemens disclosed and addressed vulnerabilities in several products:
- Sinec NMS — authentication and authorization bypass flaws
- Ruggedcom Crossbow — privilege escalation, remote code execution, and denial-of-service (DoS) vulnerabilities
- Industrial Edge Management — authorization bypass issues
Medium-severity problems were resolved in the company's TPM and Analytics Toolkit products. Siemens also announced its participation in the CVE Program's newly launched Supplier Authorized Data Publisher (SADP) project, an initiative that allows vendors to contribute supplemental information directly to vulnerability database entries. Other participants in the SADP pilot include Cisco, Microsoft, HeroDevs, Oracle, and Red Hat.
Schneider Electric: BlastRadius and UPS Software Issues
Schneider Electric published three advisories during the same period. One addresses the impact of the BlastRadius vulnerability — originally disclosed in 2024 — on the company's Modicon Networking Managed Switch. The remaining two advisories cover medium-severity vulnerabilities in:
- PowerChute Serial Shutdown UPS management software
- Easergy MiCOM Px40 protection relays
Aveva: Critical Privilege Escalation in Pipeline Simulation
Aveva released a single advisory warning customers of a critical missing authorization and privilege escalation vulnerability in its Pipeline Simulation product. The severity of the flaw makes it a priority for any organization running Aveva's simulation software in operational environments.
Rockwell Automation: PLC Internet Disconnection Alert
Rockwell Automation took a different approach, publishing an important notice urging customers to disconnect programmable logic controllers (PLCs) from the internet after the company became aware of potential threat actor activity. The advisory is widely believed to be connected to attacks attributed to Iran-linked threat groups that have targeted critical infrastructure organizations through PLC hacking campaigns.
ABB: Four Advisories Spanning Multiple Product Lines
ABB issued four security advisories covering a range of its product families. Three of these advisories deal with vulnerabilities introduced through third-party components in the following products:
- Ability Camera Connect
- Ability Symphony
- System 800xA
The fourth advisory addresses a DoS vulnerability found in the IEC 61850 communication stack used by both the System 800xA and Symphony Plus product lines.
Phoenix Contact, Mitsubishi Electric, and Moxa
Phoenix Contact released one advisory detailing multiple security flaws affecting its FL Switch product line.
Mitsubishi Electric published two advisories. The first covers a DoS vulnerability originating from Realtek chips embedded in home appliances. The second addresses a broader set of flaws — including information disclosure, data tampering, and DoS vulnerabilities — across the following products:
- Genesis64
- Iconics Suite
- MobileHMI
- Hyper Historian
- AnalytiX
- MC Works64
Moxa published an advisory for a security hole in its MxGeneralIo component that could be exploited to achieve either DoS conditions or privilege escalation on affected systems.
CISA and CERT@VDE Round Out the Disclosure Landscape
Beyond the vendor-issued advisories, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published its own set of advisories covering vulnerabilities in products from a wide range of vendors, including:
- GPL Odorizers
- Contemporary Controls
- Mitsubishi Electric
- Hitachi Energy
- Yokogawa
- PX4
- Anritsu
- PTC
- OpenCode Systems
- Wago
- Pharos
- Grassroots
- Automated Logic
- IGL-Technologies
- CTEK
- Codesys
- Inductive Automation
Germany's CERT@VDE also released advisories targeting products from Codesys, MB Connect Line, Helmholz, Wago, Phoenix Contact, Baade M2M-Products, and Endress+Hauser.
Key Takeaways for ICS Security Teams
This Patch Tuesday cycle reinforces several persistent themes in industrial cybersecurity. The presence of third-party component vulnerabilities across ABB's product range highlights how supply chain risks continue to permeate OT environments. Rockwell Automation's alert about potential PLC exploitation — likely tied to Iranian threat actor activity against critical infrastructure — serves as a stark reminder that internet-connected industrial devices represent significant attack surfaces. Organizations operating any of the affected products should prioritize reviewing the relevant advisories and applying available mitigations or patches without delay.
Source: SecurityWeek