Welcome to the April edition of Foxguard’s ICS Critical Patch Updates, your go-to resource for critical vulnerabilities impacting Industrial Control Systems (ICS).
This month brings several high-severity advisories that demand immediate action. Multiple vulnerabilities with CVSS scores of 9.0+ have been identified across major industrial automation vendors. Siemens, Schneider Electric, ABB, and Rockwell Automation have all issued patches to address vulnerabilities that could lead to remote code execution, denial of service, or even full system compromise.
Below, we’ve summarized this month’s most critical updates and included actionable recommendations to help safeguard your operations.
Siemens: Multiple High and Critical-Severity Vulnerabilities
Siemens has released several security advisories covering vulnerabilities across a range of its products. Key updates include:
- SENTRON 7KT PAC1260 Data Manager (CVSS 10.0): Multiple vulnerabilities could allow attackers to compromise the device. Siemens advises replacing the device with the newer SENTRON 7KT PAC1261 and updating to the latest firmware version.
- Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices (CVSS 10.0): Siemens is preparing fix versions for affected devices but recommends workarounds for those where updates are not yet available.
- Industrial Edge Device Kit (CVE-2024-54092 – CVSS 9.8): A weak authentication vulnerability could enable an unauthenticated remote attacker to impersonate a legitimate user. Siemens provides specific workarounds and mitigations.
- Insights Hub Private Cloud (CVSS 9.8): Vulnerabilities in the Kubernetes Ingress NGINX Controller could lead to arbitrary code execution, disclosure of secrets, or denial-of-service conditions. Siemens has released a new version and recommends updating.
- SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 (CVSS 9.8): Vulnerabilities in the additional GNU/Linux subsystem. Siemens has released some fixes and is preparing others.
- SIMATIC S7-1500 TM MFP V1.1 (CVSS 9.1): A related vulnerability affecting the same subsystem. Siemens is preparing fix versions and recommends countermeasures for affected products.
- Palo Alto Virtual NGFW on RUGGEDCOM APE1808 Devices (CVSS 9.0): Siemens is preparing updates and recommends workarounds for versions before V11.1.4-h1.
- Denial of Service of ICMP in Industrial Devices (CVE-2024-23814 – CVSS 5.3): Affects 172 Siemens products across six product lines. An unauthenticated attacker could exhaust resources, creating a temporary denial of service.
FOXGUARD INSIGHT:
Organizations should prioritize patching Siemens devices with CVSS ratings of 9.0 or higher. If patches aren’t immediately available, implement workarounds as recommended to minimize exposure.
Schneider Electric: Critical Updates and End-of-Life Product Advisories
Schneider Electric has issued several security advisories, covering both actively supported and end-of-life (EOL) products. Key highlights include:
- ConneXium Network Manager (CVE-2025-2222 – CVSS 8.2 and CVE-2025-2223 – CVSS 8.4): This product has reached end-of-life and is no longer supported. Vulnerabilities could lead to sensitive data disclosure, privilege escalation through man-in-the-middle attacks, denial of service, and remote code execution on engineering workstations. Mitigations are provided.
- Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC: Updates have been released providing remediation for these products.
- Wind River VxWorks DHCP Server Vulnerability: Schneider has addressed this issue with appropriate updates.
- Modicon Controllers M340 / Momentum / MC80: Remediation updates are available.
- BadAlloc Vulnerability: Schneider has released updates to address this vulnerability.
FOXGUARD INSIGHT:
EOL products pose significant security risks. Organizations relying on such devices should immediately apply mitigations and plan migrations to supported alternatives.
ABB: Addressing High-Severity Vulnerabilities in Gateway Devices
ABB has released two security advisories concerning vulnerabilities in specific gateway devices:
- M2M Gateway (CVSS up to 8.8): Flaws could result in arbitrary code execution or device inaccessibility. Mitigations are outlined in the advisory.
- Arctic Wireless Gateways with Telit PLS62-W Wireless Modem Module (CVSS 9.2): Vulnerabilities in the wireless modem module could lead to denial-of-service or traffic tampering. Mitigation strategies are available.
FOXGUARD INSIGHT:
Gateway devices are often vital points of communication within ICS environments, making their security paramount. Ensure firmware updates and vendor-recommended mitigations are applied promptly.
Rockwell Automation: Critical Vulnerabilities in Arena® Software
Rockwell Automation has disclosed multiple code execution vulnerabilities in Arena® software (CVSS 8.5):
- These vulnerabilities could allow attackers to disclose information and execute arbitrary code on the system.
- The vendor recommends updating to the latest version and applying security best practices if updating is not immediately possible.
FOXGUARD INSIGHT:
Quickly update Arena® software to the latest version and adhere to Rockwell’s security best practices to reduce risk.
CISA Advisories: Highlighting Critical Vulnerabilities Across Multiple Vendors
The Cybersecurity and Infrastructure Security Agency (CISA) has published several ICS security bulletins on vulnerabilities affecting multiple vendors, including:
- Hitachi Energy RTU500 Series (CVSS 8.7): Multiple vulnerabilities could allow an attacker to trigger a denial-of-service condition. Workarounds and mitigations are available.
- ABB ACS880 Drives Containing CODESYS RTS (CVSS 8.8): Could lead to full system compromise or denial-of-service through exposed interfaces. Remediation guidance is provided.
- ABB Low Voltage DC Drives and Power Controllers using CODESYS RTS (CVSS 8.8): Vulnerabilities could be exploited to trigger denial-of-service or remote code execution. Mitigations have been issued.
- B&R APROL Products (CVSS 9.2): Affected by multiple high-severity vulnerabilities enabling command injection, privilege escalation, data exposure, and manipulation of product behavior.
- Rockwell Automation Lifecycle Services with Veeam Backup and Replication (CVE-2025-23120 – CVSS 9.4): Vulnerability could allow an attacker with administrative privileges to execute arbitrary code. Vendor update available.
- Hitachi Energy MicroSCADA Pro/X SYS600 (Update A) (CVSS 9.9): Could allow code injection into persistent data, filesystem manipulation, session hijacking, and phishing attempts against users. Mitigation measures are provided.
FOXGUARD INSIGHT:
These CISA advisories reinforce the need for layered defenses across ICS environments. Prompt patching and adherence to remediation protocols are critical.
Actionable Recommendations
To mitigate risks and strengthen ICS security postures, organizations should:
- PRIORITIZE HIGH-SEVERITY PATCHES: Focus on addressing vulnerabilities with CVSS 9.0+ ratings, especially those in Siemens, ABB, and Rockwell Automation devices.
- ADDRESS EOL SYSTEMS: Review dependence on unsupported products like Schneider’s ConneXium. Implement vendor-suggested mitigations or migrate to supported platforms.
- ENFORCE STRONGER AUTHENTICATION CONTROLS: Use multi-factor authentication and continuously audit credentials to address weak authentication risks.
- SEGMENT AND MONITOR NETWORKS: Deploy network segmentation and intrusion detection systems (IDS) to limit access and monitor malicious activities.
- STAY UP-TO-DATE: Regularly monitor CISA bulletins and vendor advisories, applying patches or mitigations without delay.
How Foxguard Can Help
Addressing ICS vulnerabilities can be overwhelming, but Foxguard offers tailored solutions to simplify security management and protect critical infrastructures.
Our services include:
- FOXGUARD DISCOVER: Asset and network mapping solution for ICS and OT environments, providing real-time visibility of critical assets, detecting vulnerabilities, and offering actionable insights to enhance security posture.
- FOXGUARD CYBERWATCH: Asset and vulnerability management platform that monitors, manages, and remediates security risks across ICS and OT environments, ensuring compliance and reducing overall cyber risk.
- FOXGUARD PATCHINTEL: Patch intelligence service that provides patch availability reports to identify available security updates, and a secure supply chain to acquire and validate patch binaries for improved patch management and compliance.
- FOXGUARD DEPLOY: Patch distribution and deployment solution that securely applies validated patches across ICS and OT systems, ensuring timely and effective patch management to maintain security.
- FOXGUARD MANAGED SERVICES: Provides Patch Management as a Service (PMaaS) and Vulnerability Management as a Service (VMaaS) to continuously assess, prioritize, and address security risks in ICS and OT environments, helping maintain security compliance and operational integrity.
Backed by years of expertise and trusted by numerous clients worldwide, Foxguard provides the essential tools and insights that empower critical infrastructure operators to stay ahead of emerging cyber risks.
Stay Ahead of Threats
The April ICS security updates spotlight the urgency of proactive vulnerability management. With CVSS 10.0 vulnerabilities and threats targeting essential systems, it’s critical for organizations to act promptly. Review vendor advisories, deploy patches, and implement effective mitigations to maintain system integrity and resilience.
If your organization requires support in managing ICS vulnerabilities, contact Foxguard today.
Your security is our priority. Stay vigilant and stay protected.