Major industrial companies Siemens, Schneider Electric, and Phoenix Contact have issued security advisories following the May 2025 Patch Tuesday, highlighting recent vulnerabilities and fixes. Cybersecurity agencies CISA and CERT@VDE have also provided important updates.
Affected: Siemens, Schneider Electric, Phoenix Contact, CISA, CERT@VDE.
Affected: Siemens, Schneider Electric, Phoenix Contact, CISA, CERT@VDE.
Keypoints
- Several critical vulnerabilities have been identified in industrial control systems and devices including Siemens and Schneider Electric products.
- Some vulnerabilities have already been patched, but workarounds are still needed for certain flaws to mitigate risks.
- Exploits include authentication bypass, remote code execution, and privilege escalation while some vulnerabilities affect remote or unauthenticated attackers.
- Patches have been released for high-severity issues impacting products like Simatic, VersiCharge, and Schneider’s PrismaSeT and Galaxy series.
- Cybersecurity agencies have issued advisories to help organizations address vulnerabilities across various industrial systems and components.