ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric

Industrial vendors Siemens, Schneider Electric, Mitsubishi Electric, and Moxa issued Patch Tuesday advisories addressing multiple vulnerabilities in ICS products, including critical XSS, misconfigurations, and remote DoS flaws. Government and CERT advisories from CISA and VDE-CERT also highlight affected systems such as Simatic S7-1500, EcoStruxure, MELSEC, and various networking and camera devices. #Siemens #SchneiderElectric

Keypoints

Siemens and Schneider Electric each published six new Patch Tuesday advisories for ICS product vulnerabilities.
Schneider fixed high-severity issues in EcoStruxure IT Data Center Expert (hardcoded credentials), Power Monitoring/Power Operation (local arbitrary code execution), and Automation Expert (command execution/full system compromise).
Siemens patched a critical stored XSS in Simatic S7-1500, addressed a Mendix misconfiguration, and reported vulnerabilities tied to third-party components like Fortinet and OpenSSL.
Mitsubishi disclosed a remotely exploitable DoS in its Numerical Control Systems (C80, M800, M800V, M700V) and previously reported multiple DoS flaws in MELSEC iQ-F controllers.
Moxa published four advisories—three for Intel-related issues and one confirming no impact from a GNU Inetutils flaw—while CISA and VDE-CERT released additional advisories covering Honeywell, Ceragon Siklu, Lantronix, Janitza, Weidmueller, and Apeman devices.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print