Several industrial giants have released their ICS security advisories for the March 2025 Patch Tuesday.
Siemens has published nine new advisories. One advisory urges customers to replace the Sentron 7KT PAC1260 Data Manager with the newer PAC1261. The former is affected by critical vulnerabilities that can allow an attacker to access files and execute arbitrary code, but it will not receive any patches.
A critical flaw has also been found in Industrial Edge. The product is affected by a weak authentication issue that “could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user”.
Siemens has also notified customers about the recently disclosed IngressNightmare vulnerabilities affecting its Insights Hub Private Cloud solution.
The company has also informed customers about high-severity issues patched in Sidis Prime and Solid Edge products, as well as medium-severity bugs in Siemens License Server, ICMP industrial devices, and Mendix Runtime.
Schneider Electric has published two new advisories. One describes two high-severity vulnerabilities in ConneXium Network Manager, including one that can allow remote code execution and DoS attacks on engineering workstations.
The second advisory covers three medium-severity flaws in Trio Q Licensed Data Radios that could lead to unauthorized access and the exposure of sensitive information. However, exploitation requires physical access.
Rockwell Automation has published one advisory to inform customers about nearly a dozen local code execution vulnerabilities affecting its Arena product. Exploitation involves tricking the targeted user into opening a malicious file.
The flaws were discovered by researcher Michael Heinzl, who is often credited by vendors (including Rockwell) for reporting potentially serious vulnerabilities whose exploitation involves opening specially crafted files.
Just before Patch Tuesday, ABB published two new advisories that describe dozens of vulnerabilities found in the past years in third-party components used by its Arctic wireless gateways.
Related: ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens
Related: ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens
