ICS Critical Patch Updates: February 2025 

Welcome to the February edition of Foxguard’s ICS Critical Patch Updates—a monthly series designed to keep you informed about critical vulnerabilities impacting Industrial Control Systems (ICS). Our goal is to provide actionable, timely insights to protect your critical assets and maintain compliance. 

Cyber threats against ICS environments are constantly evolving, making proactive vulnerability management essential for operational resilience. This month, major ICS vendors like Siemens, Schneider Electric, and ABB have released critical security patches addressing vulnerabilities ranging from privilege escalation to remote code execution. 

Let’s dive into February’s key advisories and what they mean for your cyber security strategy. 

Siemens: Addressing High-Risk Vulnerabilities 

Siemens has issued several new advisories addressing around 100 vulnerabilities, with some patches already released and additional fixes anticipated.  

Key vulnerabilities include: 

• CVE-2024-56841 (CVSS 9.4): This high-severity vulnerability affects the Opcenter Intelligence’s Tableau Server component, allowing remote code execution, password modification, and SSRF attacks. 

• CVE-2024-54015 (CVSS 8.7): This information disclosure vulnerability impacts Siprotec 5, allowing unauthenticated remote attackers to retrieve sensitive device information. 

• CVE-2024-54089 & CVE-2024-54090 (CVSS 8.7 & CVSS 6.0): Vulnerabilities in Apogee PXC and Talon TC could result in denial of service or allow attackers to decrypt passwords. 

• CVE-2025-23403 (CVSS 7.3): This weak registry permission vulnerability in Simatic IPC could allow privilege escalation. 

• CVE-2025-24811 & CVE-2025-24812 (CVSS 8.7 & CVSS 7.1): These denial-of-service vulnerabilities impact the SIMATIC S7-1200 CPUs. 

Additionally, Siemens has patched Ruggedcom APE1808 appliances using Fortinet firewall technology, addressing 10 high and medium-severity vulnerabilities. 

FOXGUARD INSIGHT: Patch all affected Siemens components immediately, particularly Opcenter, Siprotec 5, Apogee PXC/Talon TC, Simatic IPC, and SIMATIC S7-1200 CPUs, as these vulnerabilities pose severe operational risks. Until patched, implement enhanced monitoring, firewall restrictions, and network segmentation to limit exposure. Ensure proper access controls and strong password management protocols are enforced. 

Schneider Electric: Critical Advisories Released 

Schneider Electric released six new security bulletins this month, with some of the most severe vulnerabilities affecting: 

ASCO 5310 / 5350 Remote Products 

• CVE-2025-0816 (CVSS 7.2 to 8.7): These vulnerabilities risk Denial of Service and device integrity loss, impacting the Remote Annunciator. 

EcoStruxure™ Process Expert for AVEVA System Platform 

• CVE-2025-0327 (CVSS 8.5): Local privilege escalation could compromise confidentiality, integrity, and availability of the engineering workstation. 

Enerlin’X IFE and Enerlin’X eIFE Products 

• CVE-2025-0815 (CVSS 7.1) & CVE-2025-0814 (CVSS 6.9): Improper input validation vulnerabilities causing denial-of-service attacks. 

Additionally, Schneider Electric has provided a workaround for the Revenera FlexNet Publisher vulnerability, which impacts EcoStruxure™ Process Expert. It is recommended to limit access to authenticated users and follow cyber security best practices for workstations and networks. 

FOXGUARD INSIGHT: Prioritize patching ASCO 5310/5350, EcoStruxure™ Process Expert, and Enerlin’X IFE/eIFE products. Follow Schneider’s recommendations, including network segmentation, disabling default credentials, restricting port access, and using firewalls. Apply the Revenera FlexNet Publisher workaround, limiting access to authenticated users and adhering to cybersecurity best practices. 

ABB: Camera Passwords Stored in Clear Text 

ABB issued a security bulletin for CVE-2024-10334 (CVSS 7.0), which affects various versions of System 800xA. The vulnerability allows attackers to manipulate the video feed. However, ABB has stated that no update or resolution is available at this time. The company is instead offering a transfer to their new product, Camera Connect. 

FOXGUARD INSIGHT: While this vulnerability does not impact core control functions, altered video feeds could mislead operators and obscure malicious activity. Until Camera Connect is available, segregate surveillance systems from external networks. 

CISA: Eight New ICS Advisories 

The Cybersecurity and Infrastructure Security Agency (CISA) has released eight new ICS security bulletins, some of which include: 

2N Access Commander 

• CVE-2024-47253 (CVSS 8.6): Several vulnerabilities could allow an attacker to escalate privileges or execute arbitrary code. 

ABB Drive Composer 

• CVE-2024-48510 (CVSS 9.3): This improper limitation of a pathname could lead to unauthorized access and system compromise. 

Trimble Cityworks 

• CVE-2025-0994 (CVSS 8.6): A deserialization vulnerability could allow attackers to perform remote code execution against IIS web servers. 

MicroDicom DICOM Viewer 

• CVE-2025-1002 (CVSS 5.7): Improper certificate validation could allow for MITM attacks. 

Orthanc Server 

• CVE-2025-0896 (CVSS 9.2): The missing authentication for critical functions can expose systems to unauthorized access. 

FOXGUARD INSIGHT: Immediately patch the 2N Access Commander, ABB Drive Composer, Trimble Cityworks, MicroDicom DICOM Viewer, and Orthanc Server vulnerabilities. Strengthen user authentication, monitor access logs, enforce directory access controls, validate certificates, and implement authentication for remote access. 

Actionable Recommendations 

To help mitigate these risks and secure your ICS environments: 

• Prioritize Critical Patches: Focus on high-severity vulnerabilities, particularly those with CVSS scores above 8, and prioritize patching systems with the greatest exposure, such as internet-facing devices. 

• Harden Access Controls: Many ICS attacks exploit weak authentication. Use multi-factor authentication (MFA), enforce least-privilege access, and restrict admin privileges wherever possible. 

• Continuous Asset Visibility: Conduct a comprehensive asset inventory to identify vulnerable devices and systems. Ensure that all devices are continuously monitored and respond promptly to threats. 

• Monitor for Exploitation Attempts: Deploy intrusion detection systems (IDS) and continuously monitor network traffic for signs of exploitation, particularly on vulnerable endpoints. 

• Segment Industrial Networks: Isolate ICS environments from IT networks and external access to reduce the likelihood of lateral movement by attackers. 

• Validate Security Configurations: Regularly review firewall rules, disable unnecessary services, and ensure logging is enabled for all critical systems. 

• Partner with Experts: Industrial cyber security is complex, and having the right expertise is crucial. Collaborate with trusted security providers who specialize in ICS environments to enhance your defense strategy and ensure compliance. 

How Foxguard Can Help 

Keeping up with ICS vulnerabilities is a constant challenge. New threats emerge, patches roll out, and compliance requirements evolve, often faster than internal teams can handle. That’s where Foxguard comes in. 

Foxguard simplifies patch and vulnerability management with solutions designed specifically for industrial environments. We provide clear visibility into your assets, streamline vulnerability detection and patch management, and ensure your asset configurations remain compliant with defined cyber standards and system hardening guidelines. 

Some of our solutions include: 

• Patch & Vulnerability Management: We help organizations efficiently identify, validate, and deploy security patches to minimize risks while maintaining uptime. 

• Compliance & Regulatory Support: Expert guidance on NERC CIP compliance, audit readiness, and alignment with key industry regulations and cyber security frameworks. 

• Asset & Risk Management: We provide detailed asset inventories, vulnerability assessments, and risk scoring to help prioritize security efforts. 

• CIP-015 Communication Security & INSM Services: Readiness assessment, solution design, and deployment to secure control center communications. 

• Managed Security Services: Simplify your operations with our Patch Management as a Service (PMaaS) and Vulnerability Management as a Service (VMaaS) solutions. 

With over 800 customers worldwide, including leading energy and utility companies, Foxguard has a proven track record in securing critical infrastructure. By combining expertise, technology, and a deep understanding of ICS environments, we help organizations stay ahead of evolving cyber threats while maintaining operational stability. 

Contact Us: https://foxguardsolutions.com/contact-us/  

Stay Ahead of Threats 

Cyber threats to ICS environments aren’t slowing down, and neither should your defenses. With attackers increasingly targeting critical infrastructure, it’s essential to stay ahead of vulnerabilities through proactive security measures. 

Need help securing your industrial systems? Contact Foxguard today and let’s build a more resilient cyber security posture together.