Siemens, Schneider Electric, and Aveva released security advisories addressing vulnerabilities in industrial systems during June 2025 Patch Tuesday. While many issues have been patched, some remain with only mitigations available; notable flaws include critical default credentials and cross-site scripting vulnerabilities. #SiemensEnergy #SchneiderElectric #Aveva
Keypoints
- Siemens disclosed multiple vulnerabilities, including critical default credentials in the G5DFR and flaws in Simatic S7-1500 CPUs.
- Some advisories involve remote code execution and cross-site scripting (XSS) vulnerabilities affecting industrial communication devices and controllers.
- Schneider Electric patched several issues, including XSS and DoS vulnerabilities in Modicon controllers and vulnerabilities in EVLink charging stations.
- Aveva identified high-severity DoS flaws in the PI Data Archive and medium-severity XSS issues in related products.
- Kasperskyβs Q1 2025 report indicates nearly 22% of ICS devices faced threats, highlighting ongoing risks in industrial environments.