ICS Patch Tuesday advisories were published this month by Siemens, Schneider Electric, and Phoenix Contact.
Siemens published only four new advisories. In Sinec INS, the industrial giant fixed authenticated command execution, information disclosure, privilege escalation, and password exposure flaws.
The company also addressed a DoS and potential code execution issue in Siprotec 5, and a sensitive information exposure weakness in WinCC Certificate Manager.
Siemens also patched CVE-2025-15467, an OpenSSL vulnerability allowing remote code execution, in Scalance, Simatic, Sinamics, Sinec, and other products.
Schneider Electric published three new advisories. They cover DoS and command execution vulnerabilities in PowerLogic P7, credential exposure issues in EasyLogic T150 and Saitel DP Remote Terminal Unit & Controller, and an information disclosure issue in EcoStruxure IT Data Center Expert.
Phoenix Contact published one new advisory to inform customers about an unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers.
CISA and Germany’s VDE CERT have also published some vendor advisories. CISA informed organizations about previously disclosed Schneider and Siemens flaws, while VDE CERT released advisories for LabX Standard and MBS security holes.
Rockwell Automation did not issue any new security advisories on Tuesday, but it announced enhancements to its SecureOT solution suite, including the OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services, and Managed Secure Remote Access (MSRA).
ABB and Mitsubishi Electric have each published a couple of new advisories over the past month.
Related: Real-World ICS Security Tales From the Trenches
Related: Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
Related: ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
