August 2025 Patch Tuesday advisories have been revealed by a number of main firms providing industrial management system (ICS) and different operational know-how (OT) options.
Siemens has revealed 22 new advisories. One among them is for CVE-2025-40746, a vital Simatic RTLS Finding Supervisor concern that may be exploited by an authenticated attacker for code execution with System privileges.
The corporate has additionally revealed advisories masking high-severity vulnerabilities in Comos (code execution), Siemens Engineering Platforms (code execution), Simcenter (crash or code execution), Sinumerik controllers (unauthorized distant entry), Ruggedcom (authentication bypass with bodily entry), Simatic (code execution), Siprotect (DoS), and Opcenter High quality (unauthorized entry).
Siemens additionally addressed vulnerabilities launched by means of third-party elements, together with OpenSSL, Linux kernel, Wibu Techniques, Nginx, Nozomi Networks, and SQLite.
Medium- and low-severity points have been resolved in Simotion Scout, Siprotec 5, Simatic RTLS Finding Supervisor, Ruggedcom ROX II, and Sicam Q merchandise.
As traditional, Siemens has launched patches for a lot of of those vulnerabilities, however solely mitigations or workarounds can be found for a few of the flaws.
Schneider Electrical has launched 5 new advisories. One among them describes 4 high-severity vulnerabilities in EcoStruxure Energy Monitoring Skilled (PME), Energy Operation (EPO), and Energy SCADA Operation (PSO) merchandise. Exploitation of the failings can result in arbitrary code execution or delicate knowledge publicity.
Within the Modicon M340 controller and its communication modules the economic large fastened a high-severity DoS vulnerability that may be triggered with specifically crafted FTP instructions, in addition to a high-severity concern that may result in delicate data publicity or a DoS situation. Commercial. Scroll to proceed studying.
Within the Schneider Electrical Software program Replace instrument, the corporate patched a high-severity vulnerability that may enable an attacker to escalate privileges, corrupt recordsdata, get hold of data, or trigger a persistent DoS.
Medium-severity points that may result in privilege escalation, DoS, or delicate credential publicity have been patched in Saitel and EcoStruxure merchandise.
Honeywell has revealed six advisories specializing in constructing administration merchandise, together with a number of advisories that inform prospects about Home windows patches for Maxpro and Professional-Watch NVR and VMS merchandise. The corporate has additionally launched advisories masking PW-series entry controller patches and safety enhancements.
Aveva has revealed an advisory for 2 points in its PI Integrator for Enterprise Analytics. Two vulnerabilities have been patched: one arbitrary file add concern that might result in code execution, and a delicate knowledge publicity weak point.
ABB informed prospects on Tuesday about a number of vulnerabilities affecting its Facet, Nexus and Matrix merchandise. Among the flaws will be exploited with out authentication for distant code execution, acquiring credentials, and to govern recordsdata and varied elements.
Phoenix Contact has knowledgeable prospects a few privilege escalation vulnerability in Gadget and Replace Administration. The corporate has described it as a misconfiguration that enables a low-privileged native person to execute arbitrary code with admin privileges. Germany’s CERT@VDE has additionally revealed a duplicate of the Phoenix Contact advisory.
The US cybersecurity company CISA has revealed three new advisories describing vulnerabilities in Santesoft Sante PACS Server, Johnson Controls iSTAR, and Ashlar-Vellum merchandise. CISA has additionally distributed the Aveva advisory and one of many Schneider Electrical advisories.
A couple of days previous to Patch Tuesday, Rockwell Automation revealed an advisory informing prospects about a number of high-severity code execution vulnerabilities affecting its Enviornment Simulation product.
Additionally previous to Patch Tuesday, Mitsubishi Electrical launched an advisory describing an data tampering flaw in Genesis and MC Works64 merchandise.
Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
