Summary: Schneider Electric, Siemens, Phoenix Contact, and CISA have issued security advisories for various ICS products in January 2025, addressing multiple vulnerabilities with varying severity levels. The advisories highlight critical issues that could lead to privilege escalation, remote code execution, and information disclosure among others.
Threat Actor: Unknown | unknown
Victim: Various ICS Product Users | ICS product users
Key Point :
- Schneider Electric released nine advisories, addressing high-severity vulnerabilities in multiple products including PowerLogic and Modicon systems.
- Siemens published five advisories, with vulnerabilities in Mendix and Simatic products, some requiring only workarounds.
- Phoenix Contact issued advisories for cryptography issues and privilege escalation in their products.
- CISA published four advisories, including critical vulnerabilities in Hitachi Energy products and a DoS flaw in Linphone-Desktop.