ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact

ICS Patch Tuesday advisories were published this month by Siemens, Schneider Electric, and Phoenix Contact.

Siemens published only four new advisories. In Sinec INS, the industrial giant fixed authenticated command execution, information disclosure, privilege escalation, and password exposure flaws.

The company also addressed a DoS and potential code execution issue in Siprotec 5, and a sensitive information exposure weakness in WinCC Certificate Manager.

Siemens also patched CVE-2025-15467, an OpenSSL vulnerability allowing remote code execution, in Scalance, Simatic, Sinamics, Sinec, and other products.

Schneider Electric published three new advisories. They cover DoS and command execution vulnerabilities in PowerLogic P7, credential exposure issues in EasyLogic T150 and Saitel DP Remote Terminal Unit & Controller, and an information disclosure issue in EcoStruxure IT Data Center Expert.