Summary: Siemens and Schneider Electric have released critical ICS security advisories for March 2025, outlining several vulnerabilities in their products. Schneider Electric’s advisories highlight three significant vulnerabilities, including a critical flaw that could allow command execution without password changes. Siemens has addressed multiple critical vulnerabilities, particularly impacting the Sinamics S200 servo drive system and other products using OPC UA and OpenVPN technologies.
Affected: Siemens, Schneider Electric, CISA
Keypoints :
- Schneider Electric has identified a critical vulnerability in the Power Automation System User Interface, allowing command execution with default passwords.
- Siemens reported an unlocked bootloader vulnerability in the Sinamics S200 servo drive, enabling malicious code injection.
- CISA published advisories detailing critical authentication bypass issues in Optigo Networks tools and vulnerabilities in Schneider Electric’s Uni-Telway Driver.