The configurations of critical industrial control systems (ICS) and operational technology (OT) have been the target of this June’s essential security updates, with big vendors including Siemens, Schneider Electric, and Aveva posting advisories during ICS Patch Tuesday.
These updates fixing different issues, including some critical ones, all are being issued amid continued need to lay emphasis on proper patch management in the industrial environments and security practices.
Siemens also released six new advisories this week, including for the CVE-2025-40585 high severity default credentials flaw affecting Siemens Energy Services products that use the Elspec G5 Digital Fault Recorder (G5DFR).
This vulnerability could be exploited by attackers to take remote control and modify device outputs. Siemens recommends that customers change default passwords and is updating Simatic S7-1500 CPUs containing dozens of vulnerabilities in the GNU/Linux subsystem.
The other Siemens patches address vulnerabilities of medium severity in Sinec OS for industrial communication devices, a Tecnomatix Plant Simulation flaw that could result in arbitrary code execution when processing malicious files, and an XSS flaw in the Palo Alto Networks virtual firewall included in some Ruggedcom devices.
Schneider Electric has published three new advisories describing corrections in four vulnerabilities in its EVLink WallBox electric vehicle charging stations. These vulnerabilities could allow unauthenticated reading/writing of files, cross-site scripting (XSS) attacks, and remote control of the charger.
Victims included devices’ third-party real-time operating system that powers Insight Home and Insight Facility products also contained vulnerabilities, according to CISA. Although these products have reached the end of their product life, Schneider Electric recommends taking the following Monster Mitigations as temporary measures to protect against these vulnerabilities.
Aveva also filled out June’s updates with three new advisories. The EIBPORT is susceptible to an information disclosure vulnerability. The vendor also occasionally patched vulnerabilities in third-party components used by its Welcome IP-Gateway product.
These updates underscore the ongoing variety of dangers that plague industrial environments, from default credentials and remote code execution to third-party component vulnerabilities.
Owner/operators of critical infrastructure should prioritize implementation of the vendors’ and CISA’s advisories and apply the recommended mitigations. Vulnerability patches must be applied immediately to safeguard critical systems from exploitation and ensure operational continuity.
