The October 2025 Patch Tuesday has brought advisories from several major ICS/OT vendors, including Siemens, Schneider Electric, Rockwell Automation, ABB, Phoenix Contact, and Moxa.
Siemens has published six new advisories, including two that describe critical vulnerabilities. One of them is a critical flaw in TeleControl Server Basic, which can allow an unauthenticated, remote attacker to obtain user password hashes. The attacker can then log in and perform unauthorized operations.
The second critical bug is an authentication issue impacting Simatic ET 200SP communication processors. An unauthenticated, remote attacker can exploit the vulnerability to access configuration data.
Several high- and medium-severity issues have been found in Siemens SiPass, which allow an unauthenticated remote attacker to exploit user accounts, manipulate data, impersonate users, or execute arbitrary code on the server.
In Solid Edge, Siemens patched four high-severity vulnerabilities that can lead to an application crash or arbitrary code execution if the attacker can convince the victim to open specially crafted files. All issues were reported to the industrial giant by researcher Michael Heinzl.
The company has also informed customers that a Chrome vulnerability known to have been exploited in the wild impacts HyperLynx and Industrial Edge App Publisher products. In addition, customers have been told about an SQL injection flaw in Sinec NMS that allows an authenticated attacker to insert malicious data and escalate privileges.
Schneider Electric has only published one new advisory. It describes a high-severity EcoStruxure OPC UA Server Expert product vulnerability that can be exploited to cause a DoS condition.
Rockwell Automation has published seven new advisories. One advisory has an overall severity rating of ‘critical’. It addresses three flaws in the 1783-NATR configurable NAT router, including one that can be exploited to cause a DoS condition, take control of admin accounts, and modify NAT rules.
The remaining advisories address high-severity issues. Two privilege escalation flaws allowing an attacker to gain access to files, processes and system resources have been resolved in FactoryTalk Linx.
A couple of other advisories address FactoryTalk product vulnerabilities. One informs customers about patches for FactoryTalk View Machine Edition and PanelView Plus 7 flaws allowing attackers to delete files or gain unauthorized access to the product. The second advisory covers a DoS issue in FactoryTalk ViewPoint.
Rockwell has also released patches for DoS vulnerabilities in the 1715 EtherNet/IP Communications Module, Compact GuardLogix 5370 controllers, and ArmorStart distributed motor controllers.
The cybersecurity agency CISA has published its own advisory for the Rockwell 1715 EtherNet/IP vulnerabilities.
| Learn More at SecurityWeek’s ICS Cybersecurity Conference The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.  October 27-30, 2025 | Atlanta www.icscybersecurityconference.com |
Phoenix Contact this week released two new advisories. One describes several vulnerabilities in QUINT4 UPS devices that can allow an unauthenticated, remote attacker to conduct DoS attacks and gather login credentials. The second advisory describes a vulnerability in the firmware of CHARX SEC-3xxx charging controllers that can be exploited for command injection with root privileges.
Germany’s CERT@VDE has picked up the Phoenix Contact advisories and in addition it has published an advisory for a Murrelektronik product issue that exposes sensitive information.
ABB published only one advisory on Patch Tuesday, but released several others in recent days. The Patch Tuesday advisory covers three medium-severity B&R Automation Runtime SDM issues allowing session takeover, code execution, and the injection of formula data into a CSV file.
The other recent advisories describe security holes in MConfig (cleartext password dumping), Automation Runtime (DoS), and EIBPORT (XSS).
Moxa published two advisories this month, on October 9. The company announced patches for hardcoded SSH private key and encryption-related issues in TRC-2190 series products.
Related: ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories
Related: ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
