ICS Critical Patch Updates: March 2025 

Welcome to the March edition of Foxguard’s ICS Critical Patch Updates—your monthly resource for staying informed about critical vulnerabilities impacting Industrial Control Systems (ICS).  

This month’s release brings a wave of security updates from major industrial automation vendors, including Siemens, Schneider Electric, ABB, and others. Critical vulnerabilities impacting ICS environments have been disclosed, with several receiving high CVSS scores due to their potential impact on operational security. 

Let’s dive into this month’s advisories and break down the most critical updates. 

Siemens: Addressing High-Severity Vulnerabilities 

Siemens has released 11 new security advisories, with several high-severity vulnerabilities requiring immediate attention. 

Key vulnerabilities include: 

• CVE-2024-56336 (CVSS 9.5): Unlocked Bootloader Vulnerability in SINAMICS S200 could allow attackers to download untrusted firmware, potentially compromising or damaging the device. Mitigation: Apply defense-in-depth measures, including firmware validation and secure boot configurations. 

• CVE-2025-27493 & CVE-2025-27494 (CVSS 9.4): Multiple vulnerabilities in SiPass integrated AC5102 / ACC-G2 and ACC-AP could allow attackers to execute commands with root privileges and access sensitive data. Mitigation: Restrict access to affected systems and apply updates. 

• CVE-2024-42512 & CVE-2024-42513 (CVSS 9.1): Authentication Bypass Vulnerabilities in OPC UA could allow unauthorized access to server data. Mitigation: Update affected products and implement network segmentation and enhanced monitoring. 

• SCALANCE LPE9403 Vulnerabilities (CVSS 8.7): Multiple vulnerabilities could impact the confidentiality, integrity, and availability of the device. Mitigation: Siemens has released a new version and recommends updating immediately. 

• CVE-2024-56181 & CVE-2024-56182 (CVSS 8.4): Vulnerabilities in EFI variables of SIMATIC IPCs, Tablet PCs, and Field PGs could allow authenticated attackers to alter secure boot and password configurations. Mitigation: Apply available updates and monitor for further fixes. 

• SIMATIC S7-1500 TM MFP BIOS Vulnerabilities (CVSS 7.8): Siemens is preparing fixes. Mitigation: Disable unnecessary services and enforce strict access controls. 

FOXGUARD INSIGHT: The Siemens advisories draw attention to the continued risk of authentication bypasses and improper access controls in ICS environments. Organizations should patch affected components immediately, particularly SINAMICS S200, SiPass integrated systems, and SCALANCE LPE9403. For systems awaiting fixes, implement defense-in-depth measures, including network segmentation, enhanced monitoring, and strict access controls. 

Schneider Electric: Critical Advisories Released 

Schneider Electric has published five security bulletins, including two high-severity vulnerabilities: 

• CVE-2025-1960 (CVSS 9.2): WebHMI Component for EcoStruxure™ Power Automation System and Microgrid Operation Large could allow unauthorized access to the underlying software application. Mitigation: Restrict access to web interfaces and implement strong authentication. 

• CVE-2024-11737 (CVSS 9.3): Update for Modicon Controllers M241 / M251 addresses a critical vulnerability. Mitigation: Apply the fix immediately to prevent potential exploitation. 

FOXGUARD INSIGHT: The Schneider Electric bulletins illustrate the importance of securing web interfaces and embedded controllers. Operators should prioritize patching the WebHMI component and Modicon Controllers, and follow Schneider’s recommendations to include network segmentation, disable default credentials, and restrict access to critical systems. 

ABB: Web UI Vulnerability 

ABB has disclosed a vulnerability in the Web UI (Rest Interface) of the RMC-100: 

• CVE-2022-24999 (CVSS 7.5): An attacker could exploit this vulnerability to cause the web UI to stop functioning. Mitigation: Segregate affected systems from external networks and monitor for unusual activity. 

FOXGUARD INSIGHT: While this vulnerability does not impact core control functions, it reinforces the importance of maintaining secure remote access solutions to prevent service disruptions. Segregate affected systems and monitor for unusual activity until mitigations are applied. 

CISA: High-Severity Advisories 

CISA has published multiple security advisories over the past few weeks. Notable high-severity vulnerabilities include: 

Hitachi: 

• CVE-2022-43769 (CVSS 8.8): Pentaho BA Server Special Element Injection Vulnerability could allow arbitrary command execution. Mitigation: Update to the latest version. 

• CVE-2022-43939 (CVSS 8.6): Pentaho BA Server Authorization Bypass Vulnerability could allow attackers to bypass security controls. Mitigation: Implement restrictive authorization filters. 

• CVE-2021-35534 (CVSS 8.6): Hitachi Energy Relion 670/650/SAM600-IO vulnerability could allow credential misuse. Mitigation: Update immediately. 

• Multiple vulnerabilities in Hitachi Energy PCU400 (CVSS 7.5): Multiple vulnerabilities in Hitachi Energy PCU400 could allow an attacker to access or decrypt sensitive data, crash the device application, or cause a denial-of-service condition. Mitigations are provided. 

VMware: 

• CVE-2025-22224 (CVSS 9.3): ESXi and Workstation TOCTOU Race Condition Vulnerability could allow code execution. Mitigation: Apply patches. 

• CVE-2025-22225 (CVSS 8.2): ESXi Arbitrary Write Vulnerability could allow sandbox escape. Mitigation: Apply patches. 

Other Notable Advisories: 

• Progress WhatsUp Gold (CVE-2024-4885 – CVSS 9.8): Unauthenticated Remote Code Execution vulnerability.  Mitigation: Patch immediately. 

• Edimax IC-7100 IP Camera (CVE-2025-1316 – CVSS 9.3): OS Command Injection vulnerability. Mitigation: Contact Edimax support. 

• GMOD Apollo (CVSS 9.3): Multiple vulnerabilities could allow privilege escalation, authentication bypass, or data disclosure. Mitigation: Update to the latest version. 

• Keysight Ixia Vision Product Family (CVE-2025-24494 – CVSS 8.6): Could crash the device; a buffer overflow condition may allow remote code execution. Mitigation: Update immediately. 

• Delta Electronics CNCSoft-G2 (CVE-2025-22881 – CVSS 8.5): Could allow an attacker to execute code remotely. Mitigation: Update as soon as possible. 

FOXGUARD INSIGHT: The continued presence of critical vulnerabilities in widely used ICS and enterprise solutions is a concern. Organizations should prioritize patching high-severity vulnerabilities, particularly in Hitachi, VMware, and Progress WhatsUp Gold systems. Strengthen authentication, monitor access logs, and implement network segmentation to limit exposure. 

Actionable Recommendations 

1. Immediate Patching: Prioritize the application of patches for high-severity vulnerabilities, especially those with CVSS scores above 9.0, such as CVE-2024-56336 (Siemens SINAMICS) and CVE-2025-1960 (Schneider Electric EcoStruxure). Delaying updates could leave critical systems exposed to exploitation. 

2. Network Segmentation: Where immediate patching is not possible, enforce strict network segmentation to limit the potential reach of an attacker, particularly for systems with authentication bypass vulnerabilities like Siemens OPC UA and Schneider Electric WebHMI. 

3. Enhanced Access Controls: Ensure that access to ICS devices and critical systems is tightly controlled. This includes enforcing multi-factor authentication, disabling default credentials, and restricting remote access to only authorized personnel. 

4. Continuous Monitoring: Implement real-time monitoring and logging to detect any unauthorized activity on affected systems. Leverage intrusion detection systems (IDS) to identify abnormal behavior promptly. 

5. Vendor Collaboration: Stay in close contact with vendors for updates on new patches and ongoing fixes. Regularly check vendor advisories to ensure your systems remain up-to-date. 

6. Employee Training: Educate staff on the latest vulnerabilities and mitigation strategies, especially for those handling web interfaces and remote access, to minimize human error and enhance security posture. 

How Foxguard Can Help 

Keeping up with ICS vulnerabilities is a constant challenge. Foxguard simplifies patch and vulnerability management with solutions designed specifically for industrial environments. Our products include: 

• Foxguard Discover: Asset and network mapping solution for ICS and OT environments, providing real-time visibility of critical assets, detecting vulnerabilities, and offering actionable insights to enhance security posture. 

• Foxguard Cyberwatch: Asset and vulnerability management platform that monitors, manages, and remediates security risks across ICS and OT environments, ensuring compliance and reducing overall cyber risk. 

• Foxguard Patch Intel: Patch intelligence service that provides Patch Availability Reporting (PAR) to identify available security updates, and Patch Binary Acquisition (PBA) to securely acquire and validate patches for improved patch management and compliance. 

• Foxguard Patch Deploy: Patch distribution and deployment solution that securely applies validated patches across ICS and OT systems, ensuring timely and effective patch management to maintain security.  

• Foxguard Managed Services: Provides Patch Management as a Service (PMaaS) and Vulnerability Management as a Service (VMaaS) to continuously assess, prioritize, and address security risks in ICS and OT environments, helping maintain security compliance and operational integrity. 

With over 800 customers worldwide, Foxguard has a proven track record in securing critical infrastructure. Let us help you stay ahead of evolving cyber threats while maintaining operational stability. 

Contact Us:  https://foxguardsolutions.com/contact-us/    

Stay Ahead of Threats 

With numerous high-severity vulnerabilities disclosed this month, it is crucial for ICS asset owners and security teams to take immediate action. Prioritizing patching and implementing mitigations will help safeguard industrial environments from potential exploitation. 

For additional details on these vulnerabilities and remediation steps, refer to official vendor advisories and CISA alerts. Foxguard continues to monitor these developments to help organizations stay secure. 

If your organization needs support in securing its industrial systems, contact Foxguard today and let us help you build a more resilient cyber security posture.