Patch Tuesday Mayhem: Siemens, Schneider, and Aveva Tackle ICS Vulnerabilities
Siemens has released new Patch Tuesday ICS security advisories, addressing vulnerabilities in several products. A critical issue with default credentials in the Elspec G5 Digital Fault Recorder could allow remote control tampering. Users should change default credentials to mitigate this. Siemens continues to work on updates for other vulnerabilities.
Hot Take:
Industrial giants Siemens, Schneider Electric, and Aveva are doing their best impression of a whack-a-mole game, bopping down vulnerabilities as fast as they pop up. But much like the arcade game, there’s always a sneaky mole that gets away! This June’s Patch Tuesday got everyone jumping, not just because of the vulnerabilities but also due to the inventive ways to dodge them until a patch drops. Who knew cybersecurity could be this thrilling?
Key Points:
- Siemens, Schneider Electric, and Aveva have rolled out new ICS security advisories for June 2025 Patch Tuesday.
- Siemens highlights a critical default credentials issue in their Energy Services solutions.
- Schneider Electric addresses vulnerabilities in Modicon controllers and EVLink WallBox electric vehicle chargers.
- Aveva reports high-severity DoS vulnerabilities in PI Data Archive.
- CISA and Kaspersky also released advisories and reports on ICS threats and vulnerabilities.