ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Summary

Eight major industrial control system vendors—Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa—have published security advisories addressing multiple vulnerabilities ranging from critical to medium severity. Notable issues include critical missing authorization flaws in Aveva's Pipeline Simulation, high-severity authentication bypass in Siemens Sinec NMS, and privilege escalation vulnerabilities across multiple platforms. Rockwell Automation also issued an alert urging PLC disconnection from the internet following potential threat actor activity linked to Iran-sponsored groups.

Full text

Industrial giants Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa have published new ICS security advisories since the previous Patch Tuesday. Siemens has published nine new advisories since the previous Patch Tuesday. Vulnerabilities with a ‘critical’ severity rating are mentioned only in one advisory covering older Wi-Fi vulnerabilities affecting Scalance W-700 devices. Siemens has addressed high-severity vulnerabilities in Sinec NMS (authentication/authorization bypass), Ruggedcom Crossbow (privilege escalation, code execution, DoS), and Industrial Edge Management (authorization bypass). Medium-severity issues have been resolved in TPM and Analytics Toolkit. The company also announced that it’s participating in the CVE Program’s new Supplier Authorized Data Publisher (SADP) project, which enables vendors such as Siemens to add information to vulnerability entries. Cisco, Microsoft, HeroDevs, Oracle, and Red Hat also took part in the SADP pilot. Schneider Electric has published three new advisories. One of them describes the impact of the BlastRadius vulnerability disclosed in 2024 on the company’s Modicon Networking Managed Switch. Advertisement. Scroll to continue reading. The other two advisories cover medium-severity vulnerabilities in the PowerChute Serial Shutdown UPS management software and Easergy MiCOM Px40 protection relays. Aveva released an advisory to inform customers about a critical missing authorization and privilege escalation vulnerability in Pipeline Simulation. Since the last Patch Tuesday, Rockwell Automation published an important notice urging customers to disconnect PLCs from the internet after becoming aware of potential threat actor activity. The alert is likely related to the attacks conducted by Iran-linked threat groups against critical infrastructure organizations via PLC hacking. ABB has issued four advisories since the previous Patch Tuesday. Three of them cover third-party component vulnerabilities in Ability Camera Connect, Ability Symphony, and System 800xA products. The last advisory describes a DoS vulnerability in the System 800xA and Symphony Plus IEC 61850 communication stack. Phoenix Contact has one new advisory that informs customers about multiple flaws in FL Switch products. Mitsubishi Electric released two new advisories: one for a DoS vulnerability introduced by Realtek chips in home appliances; and one for multiple information disclosure, tampering, and DoS flaws in Genesis64, Iconics Suite, MobileHMI, Hyper Historian, AnalytiX, and MC Works64 products. Moxa has a new advisory covering an MxGeneralIo security hole that can lead to DoS or privilege escalation. Since the previous Patch Tuesday, CISA has published advisories for vulnerabilities in GPL Odorizers, Contemporary Controls, Mitsubishi Electric, Hitachi Energy, Yokogawa, PX4, Anritsu, PTC, OpenCode Systems, Wago, Pharos, Grassroots, Automated Logic, IGL-Technologies, CTEK, Codesys, and Inductive Automation products. Germany’s CERT@VDE has released advisories for Codesys, MB Connect Line, Helmholz, Wago, Phoenix Contact, Baade M2M-Products, and Endress+Hauser products. Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric Related: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Booking.com Says Hackers Accessed User InformationOpenAI Impacted by North Korea-Linked Axios Supply Chain HackInternational Operation Targets Multimillion-Dollar Crypto Theft SchemesCPUID Hacked to Serve Trojanized CPU-Z and HWMonitor DownloadsAdobe Patches Reader Zero-Day Exploited for MonthsChrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet UsersApple Intelligence AI Guardrails Bypassed in New Attack Latest News Microsoft Patches Exploited SharePoint Zero-Day and 160 Other VulnerabilitiesAdobe Patches 55 Vulnerabilities Across 11 Products‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI ThreatsEurope’s Largest Gym Chain Says Data Breach Impacts 1 Million MembersSAP Patches Critical ABAP VulnerabilityTriad Nexus Evades Sanctions to Fuel CybercrimeGoogle Adds Rust DNS Parser to Pixel Phones for Better SecurityNightclub Giant RCI Hospitality Reports Data Breach Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThe United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.Black Duck has named Dom Glavach as Chief Information Security Officer.Finite State has named Ann Miller as Vice President of Marketing.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities