ICS Critical Patch Updates: October 2025 

Technician reviewing ICS security updates in an industrial control room for Foxguard’s October 2025 patch advisory

Welcome to Foxguard’s ICS Critical Patch Updates for October 2025, your monthly resource for the most urgent advisories impacting Industrial Control Systems (ICS) and Operational Technology (OT) installations. Foxguard understands how difficult it can be to manage an inflow of vendor disclosures; that’s why we collect, examine, and distill the key facts so you don’t need to. 

In October, the vulnerability landscape has intensified, with Siemens, Schneider Electric, ABB, and Rockwell Automation releasing multiple high-severity advisories concerning core controllers, network infrastructure, and building management systems. Numerous vulnerabilities facilitate remote code execution, denial of service, or unauthorized data access—threats that necessitate prompt attention and a swift, coordinated response. 

Note on CVSS Scores: All vulnerabilities referenced this month follow CVSS v4.0 scoring, offering greater accuracy in assessing exploitability and impact across OT environments. Ratings noted below reflect vendor-reported base scores where available.  

Siemens  

Siemens has released an extensive slate of 20 security advisories this month, with several rated at the highest levels of severity and affecting foundational ICS components: 

  • SSA-062309 | Information Disclosure in TeleControl Server Basic V3.1 | CVE-2025-40765 | CVSS 9.8: Sensitive data may be exposed due to improper access controls; Siemens recommends updating to the patched version and enforcing strict authentication and access policies.  
  • SSA-722410 | (Update) Multiple Vulnerabilities in UMC | CVSS 9.8: Buffer overflows and privilege escalation risks exist; Siemens advises applying the latest patches and restricting access to UMC interfaces. 
  • SSA-486936 | Authentication Vulnerability in SIMATIC ET 200SP | CVE-2025-40771 | CVSS 9.8: Weak authentication could permit unauthorized access; Siemens has released new firmware and recommends enforcing strong credential policies. 
  • SSA-083019 | (Update) Multiple Vulnerabilities in RUGGEDCOM ROS Devices | CVSS 8.8: Buffer overflows and input validation flaws may be exploited; Siemens recommends upgrading firmware and limiting access to trusted networks. 
  • SSA-318832 | SQL Injection in SINEC NMS | CVE-2025-40755 | CVSS 8.8: Injection vulnerability could enable privilege escalation; Siemens has issued a firmware update to resolve the issue. 
  • SSA-599451 | Multiple Vulnerabilities in SiPass Integrated (pre-V3.0) | CVSS 8.8: Flaws in authentication and input validation affect earlier versions; Siemens advises upgrading to SiPass V3.0 or later and hardening access controls. 
  • SSA-978177 | (Update) Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 (third-party) | CVSS 8.1: Third-party software vulnerabilities could impact Siemens devices; Siemens suggests contacting support for patch guidance and applying network segmentation. 

Foxguard Insight: This month’s Siemens advisories highlight how authentication weaknesses and third-party dependencies continue to define OT exposure. Many of these issues exist behind administration layers and third-party components, typically outside the immediate operator’s view. These advisories emphasize the requirement for continual validation and change awareness across all software modules, not only core control firmware. 

Schneider Electric  

Schneider Electric has published seven advisories. The following two, spotlight on command injection and data exposure:  

  • SEVD-2025-252-02 | OS Command Injection in Saitel DR & DP RTUs | CVE-2025-9996 & CVE-2025-9997 | CVSS 8.8: Command injection flaws could allow remote code execution. Schneider Electric recommends firmware updates, limiting network exposure, and monitoring for suspicious system activity. 
  • SEVD-2025-224-04 (V2.0) | (Update) Sensitive Data Exposure in EcoStruxure Building Operation | CVSS 7.8: Information disclosure and resource consumption vulnerabilities are addressed in the latest Enterprise Server version. Resource controls and timely upgrades are advised. 

Foxguard Insight: These advisories emphasize the convergence of facility management and process automation, as cyber risk spreads to environmental and infrastructure systems. For consistent mitigation across both building and process control networks, it is recommended that the patch cycles for EcoStruxure and Saitel RTUs be coordinated with the broader OT update initiatives.  

ABB  

ABB updated its advisory on critical vulnerabilities in system diagnostics: 

  • Improper Resource Locking and Weak Session Token Generation | CVE-2025-3450 – CVSS 9.3: Unauthenticated attackers could cause denial-of-service or hijack sessions. ABB urges updating to version 6.3 or Q4.93, isolating SDM interfaces from public networks, and monitoring for abnormal activity. 

Foxguard Insight: ABB’s SDM vulnerabilities demonstrate how resource management and session integrity continue to be important weak points in industrial runtime environments. When it comes to multi-vendor ecosystems, the protection of diagnostic and management channels is just as important as the protection of control logic itself. 

CISA  

CISA advisories this month reinforce the importance of robust patch and segmentation practices, particularly relating to network infrastructure:  

  • CVE-2025-9177 | Rockwell 1715 EtherNet/IP Comms Module | CVSS 7.7: Vulnerabilities could allow disruption or unauthorized actions. Rockwell provides firmware updates and recommends limiting module access to trusted segments with active monitoring.  
  • CVE-2025-10217 | Hitachi Energy Asset Suite | CVSS 6.0: Vulnerabilities could lead to unauthorized access or data manipulation. Applying vendor patches and restricting access are the main mitigations.  
  • CVE-2025-20352 | Rockwell Lifecycle Services with Cisco | CVSS 6.3: Lifecycle services integrating Cisco components may expose systems to remote attacks. Updating Cisco elements and hardening configurations is advised. 
  • CVE-2025-20352 | Rockwell Stratix Switches | CVSS 6.3: Multiple switch models are affected. Operators should upgrade firmware, segment networks, and disable unused services. 

Foxguard Insight: The CISA advisories for this month identify network infrastructure as a persistent risk vector. In conjunction with segmentation, organizations must restrict administrative access, consistently monitor for anomalous device behavior, and implement vendor remedies. With early discovery and isolation of impacted devices, lateral movement can be prevented, and the risk of operational impact can be minimized. 

Actionable Recommendations  

Based on this month’s advisories, Foxguard recommends the following steps to immediately reduce exposure and strengthen your ICS/OT environment:  

  • Patch critical vulnerabilities without delay: Prioritize updates for Siemens UMC, TeleControl Server Basic, and SIMATIC firmware, as well as ABB SDM and Rockwell Ethernet/IP modules. 
  • Enforce strong, unique authentication: Replace default credentials, apply strong password policies, and restrict privileged access to critical interfaces across all platforms. 
  • Harden network boundaries: Segment critical devices—such as RTUs, switches, and diagnostic managers—from general business networks and public access. 
  • Limit system exposure: Disable unused services and restrict access to essential personnel, especially for systems highlighted in CISA advisories. 
  • Monitor for signs of exploitation: Establish alerting on authentication failures, privilege escalations, and unexpected resource consumption, especially in user management and network communication modules. 
  • Consult vendor-specific hardening guidelines: ABB, Siemens, and others provide tailored recommendations—review and integrate these into your daily operations.  

How Foxguard Can Help  

The October landscape reveals a concerning trend: attackers are not just focusing on core control devices; they are also delving deeper into authentication processes, network infrastructure, and diagnostic interfaces. The growing complexity and interconnectedness of ICS environments indicate that even a minor missed update, or a misconfigured access control can result in serious consequences. 

Foxguard’s integrated toolset and expert services are designed to meet these evolving threats head-on:  

  • FOXGUARD DISCOVER: Gain instant clarity into your ICS and OT landscape with a comprehensive solution that maps assets, reveals network connections, and uncovers hidden vulnerabilities—giving you the actionable intelligence needed to strengthen your security posture.   
  • FOXGUARD CYBERWATCH: Stay ahead of threats with a unified platform that continuously monitors your assets, identifies vulnerabilities, and guides remediation efforts, helping you maintain compliance and actively reduce cyber risk across your operational environment.   
  • FOXGUARD PATCHINTEL: Streamline your patch management process with timely intelligence on security updates, reliable patch availability reporting, and a trusted supply chain that verifies and delivers the right patches for your systems.   
  • FOXGUARD DEPLOY: Ensure your critical infrastructure stays protected with a secure, automated patch deployment service designed to efficiently distribute and apply validated updates, minimizing downtime and safeguarding operations.   
  • FOXGUARD MANAGED SERVICES: Let Foxguard’s experts take the lead on vulnerability and patch management, delivering ongoing assessment, prioritization, and remediation to keep your ICS and OT environments compliant and resilient. 

Working with Foxguard means your critical infrastructure benefits from both cutting-edge automation and the practical wisdom of analysts who understand the operational realities of ICS and OT. 

Stay Vigilant, Stay Secure  

The advisories released in October give insight into just how quickly new threats can appear, often exploiting the very protocols and systems designed to maintain seamless operations. Effective patch management, the implementation of layered access controls, and the strategic use of network segmentation continue to be your best defenses. With Foxguard as a partner, your team can concentrate on providing safe and reliable operations, all while having the peace of mind that your security measures are continuously monitored and strengthened. 

If you need tailored support or want to learn more about how Foxguard can help you address this month’s vulnerabilities, contact us today

Your security is our priority. Stay vigilant and stay protected.