ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell
Siemens, Schneider Electric, and Rockwell Automation patch critical ICS vulnerabilities in July 2026 advisories.
Summary
Industrial giants Siemens, Schneider Electric, and Rockwell Automation have released advisories detailing numerous vulnerabilities in their Industrial Control System (ICS) products for July 2026. Siemens addressed six critical vulnerabilities, including one with a CVSS score of 10 allowing authentication bypass. Schneider Electric patched high-severity flaws in SCADA and admin expert products, while Rockwell Automation fixed two critical vulnerabilities enabling unauthorized CLI access and DoS attacks. These vulnerabilities, affecting various components, could lead to data breaches, code execution, and denial-of-service conditions.
Full text
Industrial giants Siemens, Schneider Electric, and Rockwell Automation have published July 2026 Patch Tuesday advisories to inform customers about vulnerabilities found in their ICS products. Siemens published nine new advisories, including six that cover critical vulnerabilities (based on CVSS score). A CVSS score of 10 has been assigned to a token invalidation vulnerability in Opencenter X that allows an attacker to bypass authentication and gain full access to the application. Critical vulnerabilities have also been patched or mitigated by Siemens in Mendix, Sidis Secured SmartPlug, Simatic S7-1500, Cadra, and Desigo CC. The security holes, many of which affect third-party components, can be exploited to launch DoS attacks, execute code, obtain sensitive data, and escalate privileges. SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition Siemens addressed high-severity vulnerabilities in Simatic S7-PLCSIM, Ruggedcom APE1808, Comos, Designcenter, Simcenter, Solid Edge, and Tecnomatrix products. Schneider Electric has released two new advisories. One of them addresses a high-severity vulnerability in the IGSS (Interactive Graphical SCADA System) product. An attacker can use specially crafted files to execute arbitrary code.Advertisement. Scroll to continue reading. The second advisory describes a high-severity authentication bypass flaw in EcoStruxure Cybersecurity Admin Expert that can be exploited by a local attacker to compromise managed devices. Rockwell Automation published 12 new advisories on Tuesday, including two covering critical vulnerabilities. A critical vulnerability in the 1715 Redundant IO product can allow an unauthenticated attacker to access intrusive CLI commands, enabling them to read or delete files, stop tasks, change IO states, and modify memory. Three critical DoS security holes that can be exploited to cause a major non-recoverable fault have been patched by Rockwell in its CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers. Rockwell patched high-severity vulnerabilities in Flex 5000 Adapter, FactoryTalk DataMosaix, FactoryTalk Services Platform, Arena, ThinManager, Studio 5000 Logix Designer, 1756-EN, 1734 POINT I/O, and 1719-AENTR products. ABB and Mitsubishi Electric have not published any new advisories this Patch Tuesday, but they have informed customers of new flaws over the past month, including critical and high-severity issues. Three ABB advisories and one Rockwell advisory were also distributed by the cybersecurity agency CISA on Tuesday. Germany’s VDE CERT has published five new advisories covering vulnerabilities in Murrelektronik, Mettler Toledo, Codesys, and Wago products. Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact Related: ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity RulesCybersecurity M&A Roundup: 37 Deals Announced in June 2026Centers Laboratory Data Breach Affects 540,000 IndividualsThird US Security Expert Sentenced to Prison for Helping Ransomware GangChina, India-Linked Hackers Both Targeted Same Pakistani Police Force‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery MechanismPalo Alto Networks Patches 13 VulnerabilitiesMicrosoft Patches Defender ‘RoguePlanet’ Vulnerability Latest News Progress Confirms Zero-Day Vulnerability Behind ShareFile DisruptionCritical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 UpdatesSonicWall Issues Urgent SMA Patch Warning for Two Zero-Day ExploitsMicrosoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-DaysSynopsys Finds No Evidence of Data Breach Amid Bosch Hack ClaimsAdobe Patches Critical ColdFusion Vulnerabilities7 Severe Vulnerabilities Patched in VMware Avi Load BalancerUnpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveF5 has appointed Cathy Peterman as Chief People Officer.Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email