ICS Critical Patch Updates: June 2025 

Welcome to Foxguard’s ICS Critical Patch Updates June 2025, your go-to monthly resource for reviewing critical and high-severity vulnerabilities affecting Industrial Control Systems (ICS) and Operational Technology (OT) environments. 

Each month, leading ICS vendors—such as Siemens, Schneider Electric, ABB, Rockwell Automation, and Mitsubishi Electric—as well as CISA, release security advisories that affect industrial components. Foxguard examines these updates, highlights key risks, and summarizes vendor recommendations to help asset owners and operators stay informed, prioritize mitigation, and maintain resilience against emerging threats. 

The CVSS scores referenced in this blog are based on the versions provided by the respective vendors in their security advisories. While many advisories still predominantly use CVSS v3.1, an increasing number, particularly for newer vulnerabilities, are also providing CVSS v4.0 scores. We present the scores as published by the vendors to reflect the most relevant severity. 

Siemens 

Siemens has released multiple security advisories this month, many of which are classified as high and critical severity. Key vulnerabilities include: 

• Multiple NTP Vulnerabilities in TIM 4RIE Devices (CVSS 9.8) 
  Siemens recommends specific countermeasures for products where fixes are not, or not yet available. 

• Fortigate NGFW Vulnerabilities on RUGGEDCOM APE1808 (CVSS 9.8) 
  Fix released. Update to the latest version; further patches are in progress with interim countermeasures recommended. 

• Default Credentials in Energy Services (Elspec G5DFR) (CVE202540585 – CVSS 9.5) 
  Default credentials on remote-access configurations may allow full device control.  

• Client-Side Enforcement Flaws in RUGGEDCOM ROX II (CVSS 9.4) 
  Privileged web users could gain OS-level code execution. Siemens has released new versions for the affected products and recommends updating to the latest versions. 

• Palo Alto PANOS Vulnerabilities on RUGGEDCOM APE1808 (CVSS 9.3) 
  Siemens is preparing fixes; apply recommended mitigations in the interim. 

• Heap-Based Buffer Overflow in UMC (CVE202449775 – CVSS 9.3) 
  Unauthenticated remote code execution possible. Patches released; apply immediately. 

• Authentication Bypass in OPC UA (CVE202442513 & CVE202442512 – CVSS 9.1) 
  May expose data. Updates available; interim controls advised. 

• RADIUS Protocol Impact (SCALANCE, RUGGEDCOM) (CVE20243596 – CVSS 9.1) 
  Allows forging of Access-Accept messages. Patches released along with configuration guidance. 

• SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP GNU/Linux Subsystem Vulnerabilities Versions V3.1.0–< V3.1.5 (CVSS 8.8): Siemens has released new versions for the affected products and recommends to update to the latest versions. 

Version V3.1.5 (CVSS 8.7): Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. 

• EFI Variable Vulnerabilities (SIMATIC IPCs, SIMATIC Tablet PCs, SIMATIC Field PGs) (CVSS 8.4)  

Allows an authenticated attacker to alter secure boot and password configurations. Siemens has released new BIOS versions and is preparing further fixes, recommending countermeasures in the interim. 

Foxguard Insight:

Siemens’ June advisories continue a trend of critical exposure in foundational services (e.g., NTP, RADIUS, OPC UA) and device management layers. Many vulnerabilities have fixes available now. Organizations should quickly patch, especially where remote access or privilege defaults are involved. For components awaiting updates, deploy compensation controls and tighten access monitoring immediately. 

Schneider Electric 

Schneider issued one ICS-relevant advisory: 

• Multiple Vulnerabilities in Modicon Controllers (M241/M251/M258/LMC058/M262) 
  Includes XSS, DoS, resource exhaustion risks. Latest patches released; further fixes coming for M258 and LMC058. 

Foxguard Insight:
Modicon controllers are frequently central to automation processes; vulnerabilities here can rapidly impact system integrity and availability. Apply updates now and consider network segmentation or disabling web interfaces until safeguards are validated. 

ABB 

• EIBPORT V3 KNX / KNX GSM Vulnerability (CVE202413967 – CVSS 9.4) 
  May leak sensitive info or allow configuration changes. Firmware update available; install without delay. 

Foxguard Insight:
These gateway devices often bridge building management and automation environments. A firmware update is critical to preserve trust boundaries and prevent unauthorized control. 

Rockwell Automation 

• Allen-Bradley 1715OB8DE Simplex Diagnostic Reporting Fix 
  AddOn Profiles v3.011 correct communication/reporting anomalies for shortcircuit and noload detection. Update recommended. 

Foxguard Insight:
While not a direct vulnerability, accurate diagnostics are vital for safety. Upgrading ensures operators receive clear signals on device health and prevents potential mis-operations. 

CISA 

CISA published several ICS advisories this month, covering a broad range of vulnerabilities across vendors: 

• CyberData SIP Emergency Intercom (011209) (CVSS 9.3)  

Could allow remote code execution or data leakage. Users should update to firmware v22.0.1.  

• Mitsubishi Electric MELSEC iQ-F Series (CVE-2025-3755 – CVSS 9.1)  

No firmware fix is planned. Mitsubishi Electric recommends mitigation measures detailed here. 

• Mitsubishi Electric FA Engineering Software (CVE-2021-20587 & CVE-2021-20588 – CVSS 8.7)  

May cause DoS. Patches have been released for impacted products, and users should upgrade to the latest versions. 

• SinoTrack GPS Receivers (CVE-2025-5484 & CVE-2025-5485 – CVSS 8.8) 

Unauthorized access to the web interface could allow attackers to manipulate vehicle functions. CISA recommends that device users take defensive measures to minimize the risk of these vulnerabilities being exploited. 

• AVEVA PI Data Archive (CVE-2025-44019 & CVE-2025-36539 – CVSS 7.1)  

Vulnerabilities could be exploited to shut down essential subsystems, causing DoS. AVEVA advises evaluating the impact based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates to mitigate the risk of exploitation.  

• AVEVA PI Connector for CygNet (CVE-2025-4417 – CVSS 6.9 & CVE-2025-4418 – CVSS 6.7) 

Could allow attackers to persist arbitrary code in the admin portal or cause a denial-of-service condition. AVEVA advises evaluating the impact based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates to mitigate the risk of exploitation. 

• AVEVA PI Web API (CVE-2025-2745 – CVSS 4.5) 

A cross-site scripting vulnerability that could allow attackers to disable content security policy protections. AVEVA advises evaluating the impact based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates to mitigate the risk of exploitation. 

• Hitachi Energy Relion 670/650/SAM600-IO 
  Multiple vulnerabilities including: 
  • Observable Discrepancy  
  • Integer Overflow or Wraparound 
  • Improper Validation of Specified Quantity in Input  
  • Insufficient Verification of Data Authenticity  
  • Initialization of a Resource with an Insecure Default.  

• Hitachi Energy IEC 61850 MMS Server (Update A)
  May cause service denial due to halted client connections. Hitachi Energy provided updates. 

Important CISA Update: As of May 12, 2025, CISA will no longer list cybersecurity updates or ICS advisories on its website. Future notifications will be shared via CISA’s social media platforms and email lists. Read the announcement here.  

Foxguard Insight:
CISA’s advisories show that ICS vulnerabilities now impact a wider range of devices, including networked peripherals like intercoms and GPS trackers. With some flaws lacking patches, strong defense-in-depth measures, such as segmentation, access controls, and monitoring, are critical. AVEVA’s PI system vulnerabilities also highlight the need to secure both front-end and admin interfaces to maintain operational integrity. 

Actionable Recommendations 

With several high and critical severity vulnerabilities identified this month, many affecting devices on the OT perimeter, asset owners should prioritize: 

1. Applying available firmware and software updates: Especially for Siemens, ABB, and CyberData advisories rated CVSS 9.0 or higher. 

2. Implement Vendor Recommendations: Follow all vendor-specific recommendations immediately where patches are unavailable (e.g., Mitsubishi MELSEC iQ-F Series). 

3. Restricting access to management interfaces: Particularly on devices such as SinoTrack GPS receivers and RUGGEDCOM platforms to limit remote exploitability. 

4. Reviewing and updating firewall and segmentation policies: Particularly for network edge devices and third-party vendor integrations. 

5. Maintaining offline backups and validating restoration procedures: In case of operational disruption from unpatched vulnerabilities. 

6. Implementing incident response plans: Ensuring they are clearly defined, regularly tested, and resilient enough to effectively mitigate cyber security incidents. 

How Foxguard Can Help  

Addressing ICS vulnerabilities can be overwhelming, but Foxguard offers tailored solutions to simplify security management and protect critical infrastructures.  

Our services include:  

• FOXGUARD DISCOVER: Asset and network mapping solution for ICS and OT environments, providing real-time visibility of critical assets, detecting vulnerabilities, and offering actionable insights to enhance security posture.   

• FOXGUARD CYBERWATCH: Asset and vulnerability management platform that monitors, manages, and remediates security risks across ICS and OT environments, ensuring compliance and reducing overall cyber risk.   

• FOXGUARD PATCHINTEL: Patch intelligence service that provides patch availability reports to identify available security updates, and a secure supply chain to acquire and validate patch binaries for improved patch management and compliance.   

• FOXGUARD DEPLOY: Patch distribution and deployment solution that securely applies validated patches across ICS and OT systems, ensuring timely and effective patch management to maintain security.    

• FOXGUARD MANAGED SERVICES: Provides Patch Management as a Service (PMaaS) and Vulnerability Management as a Service (VMaaS) to continuously assess, prioritize, and address security risks in ICS and OT environments, helping maintain security compliance and operational integrity.  

Backed by years of expertise and trusted by numerous clients worldwide, Foxguard provides the essential tools and insights that empower critical infrastructure operators to stay ahead of emerging cyber risks.  

Stay Ahead of Threats  

ICS patching remains one of the most effective, but resource-intensive, defenses against cyber threats. With threat actors increasingly targeting industrial edge devices and engineering tools, it’s essential to act on vendor advisories quickly and strategically. 

Foxguard helps you stay ahead by making patch management repeatable, risk-informed, and aligned to your operations. If your organization requires support in managing ICS vulnerabilities, contact our team today. 

Your security is our priority. Stay vigilant and stay protected.