ICS Critical Patch Updates: July 2025 

Welcome to Foxguard’s ICS Critical Patch Updates for July 2025, your trusted monthly briefing on critical and high-severity vulnerabilities impacting Industrial Control Systems (ICS) and Operational Technology (OT) environments. 

Each month, we analyze advisories from major vendors and government agencies to help asset owners prioritize patching and manage cyber security risk. In July, Siemens, Schneider Electric, Mitsubishi, ABB, Phoenix Contact, and CISA all published significant updates that demand attention from asset owners and operators across industrial, OT, and transportation environments.  

Note on CVSS Scores: Many vendors still rely predominantly on CVSS v3.1 for scoring vulnerabilities, but the use of CVSS v4.0 is gradually increasing for newer disclosures. In this blog, we’ve included the scores as published in vendor advisories to ensure you have the most accurate representation of severity for each vulnerability. 

Below is a roundup of the most relevant advisories released this month and insights from Foxguard’s team to help you prioritize your patching and mitigation efforts. 

Siemens 

Siemens released 9 new advisories this month, along with updates for several existing ones. The vulnerabilities range from medium to critical severity and affect various product lines: 

• Industrial Edge Devices – CVE-2024-54092 (CVSS 9.3): Weak authentication could allow an attacker to impersonate a legitimate user. Updates are available. 

• SINEC NMS Before V4.0 (CVSS 9.3): Multiple flaws may allow privilege escalation or code execution. Update to the latest version. 

• TIA Administrator Before V3.0.6 (CVSS 8.5): Vulnerabilities could allow local privilege escalation or code execution. Update recommended. 

• RUGGEDCOM ROS Devices (CVSS 7.7): Multiple issues potentially enabling remote attacks. New firmware versions have been released. 

• SICAM TOOLBOX II Before V07.11 (CVSS 7.7): Certificate validation flaws enabling potential man-in-the-middle attacks. Update advised. 

• Solid Edge Before SE2025 Update 5 (CVSS 7.3): Malicious files could crash or exploit the software. Upgrade available. 

• SIMATIC CN 4100 Before V4.0 (CVSS 7.1): Vulnerable to denial-of-service. Update recommended. 

Vulnerabilities in third-party components:  

• Fortigate NGFW on RUGGEDCOM APE1808 (CVSS 9.1): Third-party vulnerabilities affect network appliances. Siemens provides mitigations. 

• RADIUS Protocol in SCALANCE/RUGGEDCOM (CVSS 9.1): Vulnerability affects various Siemens devices. Mitigations shared pending patches. 

Foxguard Insight:  

Siemens’ July advisories spotlight vulnerabilities that could lead to serious outcomes like remote code execution and privilege escalation. The issues in Industrial Edge Devices and SINEC NMS are particularly critical. Review Siemens’ mitigations for third-party components like Fortigate and RADIUS, especially in networking equipment widely deployed in OT environments. 

Schneider Electric 

This month Schneider Electric issued 4 new advisories along with 6 updates affecting key products: 

• EcoStruxure IT Data Center Expert: Multiple high-severity flaws could allow remote code execution and privilege escalation. Version 9.0 includes fixes. 

• EcoStruxure PME/EPO (CVE-2025-6788, CVSS 5.3): Risk of unintended data exposure between users. Update available. 

• PostgreSQL Vulnerabilities in EcoStruxure Power Operation: Security updates released to address various risks. 

• System Monitor in Harmony IPC and Pro-face PS5000 (CVE-2020-11023, CVSS 6.9): May allow untrusted code execution. Apply patches. 

Foxguard Insight:  

Schneider’s July advisories emphasize risks in data center management and power monitoring products, with some flaws enabling critical unauthorized access or code execution. Applying patches and updates without delay is essential, especially in complex environments where multiple ICS components interoperate. Where fixes are unavailable, consider isolating vulnerable assets and enhancing monitoring. 

Mitsubishi Electric 

Mitsubishi published two new advisories this month: 

• MELSEC iQ-F Series (CVE-2025-5241, CVSS 5.3): A DoS vulnerability could allow attackers to lock out legitimate users. No fix is planned; mitigations advised. 

• MELSOFT Update Manager (CVE-2024-11477, CVSS 8.1; CVE-2025-0411, CVSS 7.8): Vulnerabilities could enable code execution or data tampering. Update recommended. 

Foxguard Insight:  

Mitsubishi’s July advisories reinforce the need for careful application of mitigations where patches are unavailable and prompt updating where fixes exist. The MELSOFT vulnerabilities pose significant risks for code execution, emphasizing the importance of timely software maintenance. 

ABB 

ABB disclosed vulnerabilities in RMC-100: 

• RMC-100 REST Interface (CVEs 2025-6074, 6073, 6072, 6071; CVSS up to 8.2): Vulnerabilities could enable unauthorized access. ABB recommends disabling the REST interface if not required, which is off by default. 

Foxguard Insight:  

These vulnerabilities underline the importance of minimizing attack surfaces by disabling unnecessary services. Ensuring that interfaces such as REST are enabled only when necessary, limits exposure to potential attackers. 

Phoenix Contact 

Phoenix Contact published four new advisories: 

• CHARX SEC-3xxx Charging Controllers: Multiple vulnerabilities risk full loss of confidentiality, integrity, or availability. Firmware updates available. 

• PLCnext Firmware Release 2025.0.2: Addresses vulnerabilities in Linux components affecting PLCnext control systems. Update is advised. 

Foxguard Insight:  

Phoenix Contact’s vulnerabilities in both firmware and embedded Linux components demonstrate the growing complexity of ICS device security. Applying firmware updates promptly is critical to preserve operational integrity and prevent exploitation. 

CISA  

CISA published thirteen advisories this month, including six from Siemens. Key advisories to note include: 

• Emerson ValveLink Products (CVSS 9.3): Vulnerabilities could allow attackers to extract sensitive data, change parameters, or execute unauthorized code, posing risks to safety-critical operations. 

• KUNBUS RevPi Webstatus (CVSS 9.3): Incorrect implementation of the authentication algorithm may enable attackers to bypass authentication and gain unauthorized access to the application. 

• Advantech iView (CVSS 8.7): Vulnerabilities could allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions. 

• Delta Electronics DTM Soft (CVSS 8.4): Deserialization of untrusted data vulnerability could allow attackers to encrypt files associated with the application to extract information. 

• End-of-Train and Head-of-Train Remote Linking Protocol (CVSS 7.2): Weak authentication could permit attackers to send unauthorized brake control commands, potentially causing sudden stoppage or brake failure, disrupting train operations. 

Additionally, CISA advisories for the following products have been updated: 

• KUNBUS GmbH Revolution Pi  

• ECOVACS DEEBOT Vacuum and Base Station   

• IDEC Products 

Foxguard Insight:  

CISA’s advisories this month cover a range of industrial systems with serious risks—from sensitive data leaks and unauthorized access to disruptions that could impact safety. Devices like Emerson’s ValveLink and train control systems need close attention. It’s important to include these in your vulnerability checks and response plans to keep operations running smoothly and securely. 

Actionable Recommendations 

With several high and critical severity vulnerabilities reported this month, including multiple affecting perimeter and core ICS components, Foxguard advises asset owners and operators to prioritize the following actions: 

• Patch authentication vulnerabilities first. Siemens’ authentication bypass (CVE-2024-54092) and SINEC NMS flaws (CVSS 9.3) should be treated as top priority given their potential for remote code execution and privilege escalation. 

• Update firmware and operating systems where indicated. Particularly for Phoenix Contact’s CHARX controllers and PLCnext devices, ensure that systems are updated to the specified firmware versions to mitigate kernel-level threats. 

• Apply vendor-specific mitigations without delay when patches are not yet available, especially in the case of MELSEC iQ-F and Siemens devices with delayed fix rollouts. 

• Audit usage of embedded third-party components like PostgreSQL, Fortigate, and 7-Zip to understand exposure in your environment. Cross-reference ICS software with known vulnerable libraries. 

• Evaluate enabled interfaces and services. Disable unused REST APIs (ABB), unnecessary protocols (RADIUS in Siemens), and insecure update mechanisms (Mitsubishi) as a baseline hardening step. 

• Plan for safety-critical impacts. Assess vulnerabilities in transportation systems and industrial safety devices—such as braking control protocols—where immediate patching may not be possible. Build contingency measures into your response plans. 

How Foxguard Can Help 

Cyber threats continue to evolve across the industrial landscape, and this month’s advisories highlight how critical proactive vulnerability management has become. With Foxguard’s tool kit, organizations can simplify and strengthen the security posture across their OT environments: 

• FOXGUARD DISCOVER: Real-time asset and network mapping to identify critical devices and vulnerabilities. 

• FOXGUARD CYBERWATCH: Comprehensive vulnerability management platform designed for ICS and OT environments. 

• FOXGUARD PATCHINTEL: Detailed patch intelligence service to track availability and applicability of vendor patches. 

• FOXGUARD DEPLOY: Secure patch deployment solution for timely and reliable application of updates. 

• FOXGUARD MANAGED SERVICES: PMaaS and VMaaS offerings to continuously assess and remediate ICS vulnerabilities, maintaining compliance and security integrity. 

Backed by industry expertise and trusted worldwide, Foxguard empowers critical infrastructure operators to stay ahead of emerging cyber risks. 

Stay Ahead of Threats 

Staying on top of evolving vulnerabilities remains vital for safeguarding operations. As seen in July’s disclosures, attackers continue targeting both hardware and software elements of industrial and transportation environments, often exploiting older systems or unpatched third-party components. Organizations should maintain rigorous vulnerability monitoring, prioritize remediation for critical issues, and work closely with trusted partners like Foxguard to ensure patches are safely implemented in OT networks. 

Foxguard supports your journey to a secure and resilient ICS environment. Contact our team today to learn how we can assist with vulnerability management and patching. 

Your security is our priority. Stay vigilant, stay protected.