Industrial giants Siemens, Schneider Electrical, Phoenix Contact, and Aveva have printed a dozen Patch Tuesday advisories to tell prospects about vulnerabilities discovered of their ICS/OT merchandise.
Siemens has launched 5 new advisories. Two of them describe the identical crucial authorization bypass flaw in Industrial Edge Units that may be leveraged by an unauthenticated, distant attacker to bypass authentication and impersonate a consumer. One advisory covers Industrial Edge Units, whereas the opposite is for the Industrial Edge Gadget Package.
The remaining advisories inform prospects in regards to the availability of fixes for high-severity vulnerabilities in Ruggedcom, ET 200SP, and TeleControl Server Primary merchandise.
Schneider Electrical has printed 4 new advisories. One in all them describes a high-severity problem that may be leveraged for privilege escalation in EcoStruxure Course of merchandise.
One other advisory describes one medium- and one high-severity flaw in EcoStruxure Energy Construct Rapsody. They are often exploited for arbitrary code execution utilizing specifically crafted recordsdata.
The remaining advisories describe vulnerabilities in third-party parts utilized by Schneider Electrical merchandise, particularly Zigbee and Redis. Commercial. Scroll to proceed studying.
Phoenix Contact has launched an advisory to tell prospects a couple of high-severity command injection problem that may be exploited by an attacker in opposition to TC Router and Cloud Consumer industrial routers. Exploitation requires the attacker to have elevated privileges on the focused system, or they want trick the sufferer into importing a malicious payload.
Germany’s VDE CERT has additionally printed a model of Phoenix Contact’s advisory.
Aveva has printed an advisory describing seven kinds of vulnerabilities in Course of Optimization (previously ROMeo). The safety holes, rated excessive and significant severity, may be exploited for distant code execution, privilege escalation, and to acquire delicate knowledge.
Honeywell has launched safety advisories for its Professional-Watch and Maxpro constructing safety and video administration merchandise. The advisories principally deal with Home windows patches launched by Microsoft.
The cybersecurity company CISA has printed ICS advisories for Rockwell Automation vulnerabilities disclosed by the seller in December 2025, in addition to for 3 flaws discovered within the YoSmart YoLink Sensible Hub.
A number of days earlier than Patch Tuesday, ABB printed an advisory to tell prospects about three flaws that may result in authentication bypass and DoS in its WebPro SNMP Card PowerValue product.
Associated: ICS Patch Tuesday: Vulnerabilities Mounted by Siemens, Rockwell, Schneider
Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider
