July 2025 Patch Tuesday ICS security advisories have been published by Siemens, Schneider Electric and Phoenix Contact.
Siemens has released nine new advisories, as well as a security bulletin urging customers to take steps to secure their industrial control systems (ICS) amid an increasing threat to the operational technology (OT) landscape. The alert cites the current geopolitical situation and references a recent US government alert warning organizations about a potential surge in attacks by Iran.
The industrial giant also informed customers that its Sentron Powermanager and Desigo CC devices are not affected by a recently disclosed remote code execution vulnerability in Apache Tomcat.
Two critical- and one high-severity flaw have been addressed by Siemens in its Sinec NMS product. The security holes could allow privilege escalation and code execution.
Siemens has also informed customers about high-severity vulnerabilities in the TIA Administrator framework (privilege escalation and code execution), Sicam Toolbox II (MitM attack), Solid Edge (DoS or code execution), Ruggedcom ROS (MitM and unauthorized access), and Simatic CN 4100 (DoS).
Medium-severity issues have been addressed in Siprotect 5, and TIA Project Server and TIA Portal products. They can lead to the exposure of sensitive information and DoS attacks, respectively.
Schneider Electric has published four new advisories. One of them describes several critical- and high-severity vulnerabilities affecting the EcoStruxure IT Data Center Expert product. The flaws can be exploited for unauthenticated remote code execution, root password discovery, remote command execution, and privilege escalation.
A different advisory describes one data exposure issue in EcoStruxure Power Monitor Expert and Power Operation products. Two other advisories describe the impact of third-party component flaws on EcoStruxure Power Operation and legacy industrial PCs.
Phoenix Contact also released four new advisories on Tuesday. Two of them describe critical vulnerabilities in PLCnext firmware, enabling attackers to reboot PLCs, gain access to and execute files, cause a DoS condition, and perform other activities. A majority of the issues impact third-party components.
Two other Phoenix Contact advisories cover vulnerabilities in Charx EV charging controllers, including critical flaws. They can be exploited by hackers to achieve read/write access, cause a DoS condition, and escalate privileges.
The Phoenix Contact advisories were also published by Germany’s VDE CERT.
In the US, CISA published one new advisory informing organizations about several vulnerabilities, including ones rated ‘critical’ and ‘high’, affecting Emerson ValveLink valve monitoring products. The vulnerabilities can be exploited to obtain sensitive information, tamper with parameters, and run unauthorized code.
A few days prior to Patch Tuesday, advisories were published by ABB (RMC-100 authentication bypass, information exposure vulnerabilities), and Mitsubishi Electric (DoS in Melsec and code execution in Melsoft).
| Learn More at SecurityWeek’s ICS Cybersecurity Conference The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.  October 27-30, 2025 | Atlanta www.icscybersecurityconference.com |
Related: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA
Related: Siemens Notifies Customers of Microsoft Defender Antivirus Issue
